Scientific Linux Security Advisory: Pango Critical Issue Resolving IO Crash

Mar 04, 2011 •

LinuxSecurity Advisories

1 - 2 min read

Scientific Large Esm H500

Topics Covered

security advisory critical memory management application crash pango Scientific Linux

Critical: pango security update

Date: Fri, 4 Mar 2011 15:27:31 -0600
Reply-To: Troy Dawson 
Sender: Security Errata for Scientific Linux

From: Troy Dawson 
Subject: Security ERRATA Critical: pango on SL6.x i386/x86_64
Comments: To: "This email address is being protected from spambots. You need JavaScript enabled to view it."

Synopsis:	Critical: pango security update
Issue date:	2011-03-01
CVE Names:	CVE-2011-0064

It was discovered that Pango did not check for memory reallocation
failures in the hb_buffer_ensure() function. An attacker able to trigger
a reallocation failure by passing sufficiently large input to an
application using Pango could use this flaw to crash the application or,
possibly, execute arbitrary code with the privileges of the user running
the application. (CVE-2011-0064)

After installing this update, you must restart your system or restart
the X server for the update to take effect.

SL 6.x

 SRPMS:
pango-1.28.1-3.el6_0.5.src.rpm
 i386:
pango-1.28.1-3.el6_0.5.i686.rpm
pango-devel-1.28.1-3.el6_0.5.i686.rpm
 x86_64:
pango-1.28.1-3.el6_0.5.i686.rpm
pango-1.28.1-3.el6_0.5.x86_64.rpm
pango-devel-1.28.1-3.el6_0.5.i686.rpm
pango-devel-1.28.1-3.el6_0.5.x86_64.rpm

-Connie Sieh
-Troy Dawson

Powered By

Linux Security Footer

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Your message here