Synopsis: Critical: pango security update Issue date: 2011-03-01 CVE Names: CVE-2011-0064 It was discovered that Pango did not check for memory reallocation failures in the hb_buffer_ensure() function. An attacker able to trigger a reallocation failure by passing sufficiently large input to an application using Pango could use this flaw to crash the application or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2011-0064) After installing this update, you must restart your system or restart the X server for the update to take effect. SL 6.x SRPMS: pango-1.28.1-3.el6_0.5.src.rpm i386: pango-1.28.1-3.el6_0.5.i686.rpm pango-devel-1.28.1-3.el6_0.5.i686.rpm x86_64: pango-1.28.1-3.el6_0.5.i686.rpm pango-1.28.1-3.el6_0.5.x86_64.rpm pango-devel-1.28.1-3.el6_0.5.i686.rpm pango-devel-1.28.1-3.el6_0.5.x86_64.rpm -Connie Sieh -Troy Dawson