 
| Subject: | |
| From: | |
| Reply To: | |
| Date: | Fri, 8 May 2009 13:42:28 -0500 |
| Content-Type: | text/plain |
| Parts/Attachments: |
|
|
Synopsis: Important: pango security update
Issue date: 2009-05-08
CVE Names: CVE-2009-1194
Will Drewry discovered an integer overflow flaw in Pango's
pango_glyph_string_set_size() function. If an attacker is able to pass
an arbitrarily long string to Pango, it may be possible to execute
arbitrary code with the permissions of the application calling Pango.
(CVE-2009-1194)
After installing this update, you must restart your system or restart
the X server for the update to take effect. Note: Restarting the X
server closes all open applications and logs you out of your session.
SL 3.0.x
SRPMS:
pango-1.2.5-8.src.rpm
i386:
pango-1.2.5-8.i386.rpm
pango-devel-1.2.5-8.i386.rpm
x86_64:
pango-1.2.5-8.i386.rpm
pango-1.2.5-8.x86_64.rpm
pango-devel-1.2.5-8.x86_64.rpm
SL 4.x
SRPMS:
evolution28-pango-1.14.9-11.el4_7.src.rpm
pango-1.6.0-14.4_7.src.rpm
i386:
evolution28-pango-1.14.9-11.el4_7.i386.rpm
evolution28-pango-devel-1.14.9-11.el4_7.i386.rpm
pango-1.6.0-14.4_7.i386.rpm
pango-devel-1.6.0-14.4_7.i386.rpm
x86_64:
evolution28-pango-1.14.9-11.el4_7.x86_64.rpm
evolution28-pango-devel-1.14.9-11.el4_7.x86_64.rpm
pango-1.6.0-14.4_7.i386.rpm
pango-1.6.0-14.4_7.x86_64.rpm
pango-devel-1.6.0-14.4_7.x86_64.rpm
SL 5.x
SRPMS:
pango-1.14.9-5.el5_3.src.rpm
i386:
pango-1.14.9-5.el5_3.i386.rpm
pango-devel-1.14.9-5.el5_3.i386.rpm
x86_64:
pango-1.14.9-5.el5_3.i386.rpm
pango-1.14.9-5.el5_3.x86_64.rpm
pango-devel-1.14.9-5.el5_3.i386.rpm
pango-devel-1.14.9-5.el5_3.x86_64.rpm
-Connie Sieh
-Troy Dawson
|
|
|
