USN-773-1: Pango vulnerability
7 May 2009
- pango1.0 -
Will Drewry discovered that Pango incorrectly handled rendering text with
long glyphstrings. If a user were tricked into displaying specially crafted
data with applications linked against Pango, such as Firefox, an attacker
could cause a denial of service or execute arbitrary code with privileges
of the user invoking the program.
The problem can be corrected by updating your system to the following package versions:
After a standard system upgrade you need to restart your session to effect
the necessary changes.