Synopsis: Moderate: frysk security update Issue Date: 2011-09-21 CVE Numbers: CVE-2011-3193 frysk is an execution-analysis technology implemented using native Java and C++. It provides developers and system administrators with the ability to examine and analyze multi-host, multi-process, and multithreaded systems while they are running. frysk is released as a Technology Preview for Scientific Linux 4. A buffer overflow flaw was found in HarfBuzz, an OpenType text shaping engine used in the embedded Pango library. If a frysk application were used to debug or trace a process that uses HarfBuzz while it loaded a specially-crafted font file, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3193) Users of frysk are advised to upgrade to this updated package, which contains a backported patch to correct this issue. All running frysk applications must be restarted for this update to take effect. SL4: i386 frysk-0.0.1.2007.08.03-8.el4.i386.rpm frysk-debuginfo-0.0.1.2007.08.03-8.el4.i386.rpm x86_64 frysk-0.0.1.2007.08.03-8.el4.x86_64.rpm frysk-debuginfo-0.0.1.2007.08.03-8.el4.x86_64.rpm - Scientific Linux Development Team