Scientific Linux 4: CVE-2011-3193 Moderate: Frysk Buffer Overflow Advisory

Sep 22, 2011 •

LinuxSecurity Advisories

1 - 2 min read

Scientific Large Esm H500

Topics Covered

security advisory moderate buffer overflow frysk Scientific Linux

Moderate: frysk security update

Date: Thu, 22 Sep 2011 09:29:06 -0500
Reply-To: Pat Riehecky 
Sender: Security Errata for Scientific Linux

From: Pat Riehecky 
Organization: Fermilab
Subject: Security ERRATA Moderate: frysk on SL4.x i386/x86_64
MIME-Version: 1.0

Synopsis: Moderate: frysk security update
Issue Date: 2011-09-21
CVE Numbers: CVE-2011-3193

frysk is an execution-analysis technology implemented using native Java and
C++. It provides developers and system administrators with the ability to
examine and analyze multi-host, multi-process, and multithreaded systems
while they are running. frysk is released as a Technology Preview for
Scientific Linux 4.

A buffer overflow flaw was found in HarfBuzz, an OpenType text shaping
engine used in the embedded Pango library. If a frysk application were used
to debug or trace a process that uses HarfBuzz while it loaded a
specially-crafted font file, it could cause the application to crash or,
possibly, execute arbitrary code with the privileges of the user running
the application. (CVE-2011-3193)

Users of frysk are advised to upgrade to this updated package, which
contains a backported patch to correct this issue. All running frysk
applications must be restarted for this update to take effect.

SL4:
 i386
 frysk-0.0.1.2007.08.03-8.el4.i386.rpm
 frysk-debuginfo-0.0.1.2007.08.03-8.el4.i386.rpm
 x86_64
 frysk-0.0.1.2007.08.03-8.el4.x86_64.rpm
 frysk-debuginfo-0.0.1.2007.08.03-8.el4.x86_64.rpm

- Scientific Linux Development Team

Powered By

Linux Security Footer

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Your message here