RHSA-2009:0476: Important: pango security update
First published: Fri May 08 2009(Updated: )
Pango is a library used for the layout and rendering of internationalized<br>text.<br>Will Drewry discovered an integer overflow flaw in Pango's<br>pango_glyph_string_set_size() function. If an attacker is able to pass an<br>arbitrarily long string to Pango, it may be possible to execute arbitrary<br>code with the permissions of the application calling Pango. (CVE-2009-1194)<br>pango and evolution28-pango users are advised to upgrade to these updated<br>packages, which contain a backported patch to resolve this issue. After<br>installing this update, you must restart your system or restart the X<br>server for the update to take effect. Note: Restarting the X server closes<br>all open applications and logs you out of your session.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/pango | <1.14.9-5.el5_3 | 1.14.9-5.el5_3 |
| redhat/pango | <1.14.9-5.el5_3 | 1.14.9-5.el5_3 |
| redhat/pango-devel | <1.14.9-5.el5_3 | 1.14.9-5.el5_3 |
| redhat/pango-devel | <1.14.9-5.el5_3 | 1.14.9-5.el5_3 |
| redhat/evolution28-pango | <1.14.9-11.el4_7 | 1.14.9-11.el4_7 |
| redhat/evolution28-pango | <1.14.9-11.el4_7 | 1.14.9-11.el4_7 |
| redhat/evolution28-pango-devel | <1.14.9-11.el4_7 | 1.14.9-11.el4_7 |
| redhat/evolution28-pango-devel | <1.14.9-11.el4_7 | 1.14.9-11.el4_7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- agent/weakness
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2009:0476
- agent/software-canonical-lookup
- package-manager/redhat