Red Hat Product Errata RHSA-2011:1325 - Security Advisory

Issued:: 2011-09-21
Updated:: 2011-09-21

RHSA-2011:1325 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: evolution28-pango security update

Type/Severity

Security Advisory: Moderate

Topic

Updated evolution28-pango packages that fix one security issue are now
available for Red Hat Enterprise Linux 4.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

Description

Pango is a library used for the layout and rendering of internationalized
text.

A buffer overflow flaw was found in HarfBuzz, an OpenType text shaping
engine used in Pango. If a user loaded a specially-crafted font file with
an application that uses Pango, it could cause the application to crash or,
possibly, execute arbitrary code with the privileges of the user running
the application. (CVE-2011-3193)

Users of evolution28-pango are advised to upgrade to these updated
packages, which contain a backported patch to resolve this issue. After
installing this update, you must restart your system or restart the X
server for the update to take effect.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Affected Products

Red Hat Enterprise Linux Server 4 x86_64
Red Hat Enterprise Linux Server 4 ia64
Red Hat Enterprise Linux Server 4 i386
Red Hat Enterprise Linux Workstation 4 x86_64
Red Hat Enterprise Linux Workstation 4 ia64
Red Hat Enterprise Linux Workstation 4 i386
Red Hat Enterprise Linux Desktop 4 x86_64
Red Hat Enterprise Linux Desktop 4 i386
Red Hat Enterprise Linux for IBM z Systems 4 s390x
Red Hat Enterprise Linux for IBM z Systems 4 s390
Red Hat Enterprise Linux for Power, big endian 4 ppc

Fixes

BZ - 733118 - CVE-2011-3193 qt/harfbuzz buffer overflow

CVEs

CVE-2011-3193

References

https://access.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 4

SRPM
evolution28-pango-1.14.9-13.el4_11.src.rpm	SHA-256: 6946ee61d578ff829cf29f5d280970737c6d809338307a37f9f1c3d0adaf9a9b
x86_64
evolution28-pango-1.14.9-13.el4_11.x86_64.rpm	SHA-256: cbc21ffa3e6828b7bbcfe649285e9e7aeb7e2a02447f87c56907b48a1deeb041
evolution28-pango-1.14.9-13.el4_11.x86_64.rpm	SHA-256: cbc21ffa3e6828b7bbcfe649285e9e7aeb7e2a02447f87c56907b48a1deeb041
evolution28-pango-devel-1.14.9-13.el4_11.x86_64.rpm	SHA-256: 8e6a23828ad5c53928d2ff44b00507c68bb97fd71da41d9d209c73f6b4d6b7d3
evolution28-pango-devel-1.14.9-13.el4_11.x86_64.rpm	SHA-256: 8e6a23828ad5c53928d2ff44b00507c68bb97fd71da41d9d209c73f6b4d6b7d3
ia64
evolution28-pango-1.14.9-13.el4_11.ia64.rpm	SHA-256: cbf479362c2cfdf19ff195092f31177e0f14d2d01e86bfb6a83aba67c5c21f50
evolution28-pango-1.14.9-13.el4_11.ia64.rpm	SHA-256: cbf479362c2cfdf19ff195092f31177e0f14d2d01e86bfb6a83aba67c5c21f50
evolution28-pango-devel-1.14.9-13.el4_11.ia64.rpm	SHA-256: e35642452691b4266a9c57191bed1b8195a83327995cf1b1b93c105d64cf7479
evolution28-pango-devel-1.14.9-13.el4_11.ia64.rpm	SHA-256: e35642452691b4266a9c57191bed1b8195a83327995cf1b1b93c105d64cf7479
i386
evolution28-pango-1.14.9-13.el4_11.i386.rpm	SHA-256: ebfd6cab0ca2391690d3f4800e4bbac3ceee2ad85313268569817532836ed89d
evolution28-pango-1.14.9-13.el4_11.i386.rpm	SHA-256: ebfd6cab0ca2391690d3f4800e4bbac3ceee2ad85313268569817532836ed89d
evolution28-pango-devel-1.14.9-13.el4_11.i386.rpm	SHA-256: 137d49ea216f706c1c279c91a947af5807770fa6b2ea13dbabb03e21d39df3a3
evolution28-pango-devel-1.14.9-13.el4_11.i386.rpm	SHA-256: 137d49ea216f706c1c279c91a947af5807770fa6b2ea13dbabb03e21d39df3a3

Red Hat Enterprise Linux Workstation 4

SRPM
evolution28-pango-1.14.9-13.el4_11.src.rpm	SHA-256: 6946ee61d578ff829cf29f5d280970737c6d809338307a37f9f1c3d0adaf9a9b
x86_64
evolution28-pango-1.14.9-13.el4_11.x86_64.rpm	SHA-256: cbc21ffa3e6828b7bbcfe649285e9e7aeb7e2a02447f87c56907b48a1deeb041
evolution28-pango-devel-1.14.9-13.el4_11.x86_64.rpm	SHA-256: 8e6a23828ad5c53928d2ff44b00507c68bb97fd71da41d9d209c73f6b4d6b7d3
ia64
evolution28-pango-1.14.9-13.el4_11.ia64.rpm	SHA-256: cbf479362c2cfdf19ff195092f31177e0f14d2d01e86bfb6a83aba67c5c21f50
evolution28-pango-devel-1.14.9-13.el4_11.ia64.rpm	SHA-256: e35642452691b4266a9c57191bed1b8195a83327995cf1b1b93c105d64cf7479
i386
evolution28-pango-1.14.9-13.el4_11.i386.rpm	SHA-256: ebfd6cab0ca2391690d3f4800e4bbac3ceee2ad85313268569817532836ed89d
evolution28-pango-devel-1.14.9-13.el4_11.i386.rpm	SHA-256: 137d49ea216f706c1c279c91a947af5807770fa6b2ea13dbabb03e21d39df3a3

Red Hat Enterprise Linux Desktop 4

SRPM
evolution28-pango-1.14.9-13.el4_11.src.rpm	SHA-256: 6946ee61d578ff829cf29f5d280970737c6d809338307a37f9f1c3d0adaf9a9b
x86_64
evolution28-pango-1.14.9-13.el4_11.x86_64.rpm	SHA-256: cbc21ffa3e6828b7bbcfe649285e9e7aeb7e2a02447f87c56907b48a1deeb041
evolution28-pango-devel-1.14.9-13.el4_11.x86_64.rpm	SHA-256: 8e6a23828ad5c53928d2ff44b00507c68bb97fd71da41d9d209c73f6b4d6b7d3
i386
evolution28-pango-1.14.9-13.el4_11.i386.rpm	SHA-256: ebfd6cab0ca2391690d3f4800e4bbac3ceee2ad85313268569817532836ed89d
evolution28-pango-devel-1.14.9-13.el4_11.i386.rpm	SHA-256: 137d49ea216f706c1c279c91a947af5807770fa6b2ea13dbabb03e21d39df3a3

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
evolution28-pango-1.14.9-13.el4_11.src.rpm	SHA-256: 6946ee61d578ff829cf29f5d280970737c6d809338307a37f9f1c3d0adaf9a9b
s390x
evolution28-pango-1.14.9-13.el4_11.s390x.rpm	SHA-256: 4e530c20b7dfc49175d3a21451a73d89367b11058f207f2334be4b5af39899ef
evolution28-pango-devel-1.14.9-13.el4_11.s390x.rpm	SHA-256: b7dcc78618b93f2e8987a8f02692a368835e9673aeedc43597c38bf5c38fd782
s390
evolution28-pango-1.14.9-13.el4_11.s390.rpm	SHA-256: dd15795d396661b14ddc2d33387d646f2a58d59a40d5b839d8598beb1b7c15ac
evolution28-pango-devel-1.14.9-13.el4_11.s390.rpm	SHA-256: 8e4bd685dd1391452f82aa75f36d8a029489471adec53350bd847712d62172b7

Red Hat Enterprise Linux for Power, big endian 4

SRPM
evolution28-pango-1.14.9-13.el4_11.src.rpm	SHA-256: 6946ee61d578ff829cf29f5d280970737c6d809338307a37f9f1c3d0adaf9a9b
ppc
evolution28-pango-1.14.9-13.el4_11.ppc.rpm	SHA-256: d6d9ceb1c9665d13836ba84ac1870d052fed6d9dd2e83f71f1f506cfb50c09e1
evolution28-pango-devel-1.14.9-13.el4_11.ppc.rpm	SHA-256: c898be75b31f5b455cf8790a8cf30d524989634af6ae3e488d637a6a8bc45cc7

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories