USN-773-1: Pango vulnerability
Ubuntu Security Notice USN-773-1
7th May, 2009
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 8.10
- Ubuntu 8.04 LTS
- Ubuntu 6.06 LTS
Will Drewry discovered that Pango incorrectly handled rendering text with
long glyphstrings. If a user were tricked into displaying specially crafted
data with applications linked against Pango, such as Firefox, an attacker
could cause a denial of service or execute arbitrary code with privileges
of the user invoking the program.
The problem can be corrected by updating your system to the following package version:
- Ubuntu 8.10:
- libpango1.0-0 1.22.2-0ubuntu1.1
- Ubuntu 8.04 LTS:
- libpango1.0-0 1.20.5-0ubuntu1.1
- Ubuntu 6.06 LTS:
- libpango1.0-0 1.12.3-0ubuntu3.1
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
After a standard system upgrade you need to restart your session to effect
the necessary changes.