Synopsis: Critical: pango security update
Issue date: 2011-03-01
CVE Names: CVE-2011-0064
It was discovered that Pango did not check for memory reallocation
failures in the hb_buffer_ensure() function. An attacker able to trigger
a reallocation failure by passing sufficiently large input to an
application using Pango could use this flaw to crash the application or,
possibly, execute arbitrary code with the privileges of the user running
the application. (CVE-2011-0064)
After installing this update, you must restart your system or restart
the X server for the update to take effect.
SL 6.x
SRPMS:
pango-1.28.1-3.el6_0.5.src.rpm
i386:
pango-1.28.1-3.el6_0.5.i686.rpm
pango-devel-1.28.1-3.el6_0.5.i686.rpm
x86_64:
pango-1.28.1-3.el6_0.5.i686.rpm
pango-1.28.1-3.el6_0.5.x86_64.rpm
pango-devel-1.28.1-3.el6_0.5.i686.rpm
pango-devel-1.28.1-3.el6_0.5.x86_64.rpm
-Connie Sieh
-Troy Dawson