Bug 671122 (CVE-2011-0020)
Summary: | CVE-2011-0020 pango: Heap-based buffer overflow by rendering glyph box for certain FT_Bitmap objects | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Jan Lieskovsky <jlieskov> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | behdad, bressers, fonts-bugs, mclasen, wnefal+redhatbugzilla |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-03-26 21:12:36 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 671123, 671527, 671528, 671529, 671530, 671531, 671532, 833949 | ||
Bug Blocks: |
Description
Jan Lieskovsky
2011-01-20 12:57:57 UTC
Created pango tracking bugs for this issue Affects: fedora-all [bug 671123] This has been assigned CVE-2011-0020 This flaw does not affect RHEL4. The code in question does not exist in that version of Pango. This flaw should affect evolution28-pango on RHEL4 and pango on RHEL 5 and RHEL 6. The public reproducer does not work, as a different codepath is exercised than on systems that crash, but the faulty arithmetic is there. There are many possible codepaths that can exercise this bug. I've looked over how pango is used in Red Hat Enterprise Linux. I do not believe this poses a significant risk. Nothing that uses pango for layout will accept arbitrary font input. Since this bug needs a malformed font, user interaction will be needed to exploit this flaw. Created pango tracking bugs for this issue Affects: fedora-all [bug 671123] Also note that no one uses the PangoFT2 fontmap, except for maybe the GIMP and possibly old Inkscape. It's NOT used in GTK+ rendering or Firefox, etc. The upstream bug has a patch. I'm testing it now. This issue has been addressed in following products: Red Hat Enterprise Linux 5.6.Z Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 6 Via RHSA-2011:0180 https://rhn.redhat.com/errata/RHSA-2011-0180.html |