Synopsis:    Moderate: frysk security update
Issue Date:  2011-09-21
CVE Numbers: CVE-2011-3193


frysk is an execution-analysis technology implemented using native Java and
C++. It provides developers and system administrators with the ability to
examine and analyze multi-host, multi-process, and multithreaded systems
while they are running. frysk is released as a Technology Preview for 
Scientific Linux 4.

A buffer overflow flaw was found in HarfBuzz, an OpenType text shaping
engine used in the embedded Pango library. If a frysk application were used
to debug or trace a process that uses HarfBuzz while it loaded a
specially-crafted font file, it could cause the application to crash or,
possibly, execute arbitrary code with the privileges of the user running
the application. (CVE-2011-3193)

Users of frysk are advised to upgrade to this updated package, which
contains a backported patch to correct this issue. All running frysk
applications must be restarted for this update to take effect.

SL4:
   i386
      frysk-0.0.1.2007.08.03-8.el4.i386.rpm
      frysk-debuginfo-0.0.1.2007.08.03-8.el4.i386.rpm
   x86_64
      frysk-0.0.1.2007.08.03-8.el4.x86_64.rpm
      frysk-debuginfo-0.0.1.2007.08.03-8.el4.x86_64.rpm

- Scientific Linux Development Team