Synopsis: Important: pango security update Issue date: 2009-05-08 CVE Names: CVE-2009-1194 Will Drewry discovered an integer overflow flaw in Pango's pango_glyph_string_set_size() function. If an attacker is able to pass an arbitrarily long string to Pango, it may be possible to execute arbitrary code with the permissions of the application calling Pango. (CVE-2009-1194) After installing this update, you must restart your system or restart the X server for the update to take effect. Note: Restarting the X server closes all open applications and logs you out of your session. SL 3.0.x SRPMS: pango-1.2.5-8.src.rpm i386: pango-1.2.5-8.i386.rpm pango-devel-1.2.5-8.i386.rpm x86_64: pango-1.2.5-8.i386.rpm pango-1.2.5-8.x86_64.rpm pango-devel-1.2.5-8.x86_64.rpm SL 4.x SRPMS: evolution28-pango-1.14.9-11.el4_7.src.rpm pango-1.6.0-14.4_7.src.rpm i386: evolution28-pango-1.14.9-11.el4_7.i386.rpm evolution28-pango-devel-1.14.9-11.el4_7.i386.rpm pango-1.6.0-14.4_7.i386.rpm pango-devel-1.6.0-14.4_7.i386.rpm x86_64: evolution28-pango-1.14.9-11.el4_7.x86_64.rpm evolution28-pango-devel-1.14.9-11.el4_7.x86_64.rpm pango-1.6.0-14.4_7.i386.rpm pango-1.6.0-14.4_7.x86_64.rpm pango-devel-1.6.0-14.4_7.x86_64.rpm SL 5.x SRPMS: pango-1.14.9-5.el5_3.src.rpm i386: pango-1.14.9-5.el5_3.i386.rpm pango-devel-1.14.9-5.el5_3.i386.rpm x86_64: pango-1.14.9-5.el5_3.i386.rpm pango-1.14.9-5.el5_3.x86_64.rpm pango-devel-1.14.9-5.el5_3.i386.rpm pango-devel-1.14.9-5.el5_3.x86_64.rpm -Connie Sieh -Troy Dawson