Synopsis:	Critical: pango security update
Issue date:	2011-03-01
CVE Names:	CVE-2011-0064

It was discovered that Pango did not check for memory reallocation 
failures in the hb_buffer_ensure() function. An attacker able to trigger 
a reallocation failure by passing sufficiently large input to an 
application using Pango could use this flaw to crash the application or, 
possibly, execute arbitrary code with the privileges of the user running 
the application. (CVE-2011-0064)


After installing this update, you must restart your system or restart 
the X server for the update to take effect.

SL 6.x

      SRPMS:
pango-1.28.1-3.el6_0.5.src.rpm
      i386:
pango-1.28.1-3.el6_0.5.i686.rpm
pango-devel-1.28.1-3.el6_0.5.i686.rpm
      x86_64:
pango-1.28.1-3.el6_0.5.i686.rpm
pango-1.28.1-3.el6_0.5.x86_64.rpm
pango-devel-1.28.1-3.el6_0.5.i686.rpm
pango-devel-1.28.1-3.el6_0.5.x86_64.rpm

-Connie Sieh
-Troy Dawson