frysk security update

2011-09-22T16:50:51
ID CESA-2011:1327
Type centos
Reporter CentOS Project
Modified 2011-09-22T16:53:51

Description

CentOS Errata and Security Advisory CESA-2011:1327

frysk is an execution-analysis technology implemented using native Java and C++. It provides developers and system administrators with the ability to examine and analyze multi-host, multi-process, and multithreaded systems while they are running. frysk is released as a Technology Preview for Red Hat Enterprise Linux 4.

A buffer overflow flaw was found in HarfBuzz, an OpenType text shaping engine used in the embedded Pango library. If a frysk application were used to debug or trace a process that uses HarfBuzz while it loaded a specially-crafted font file, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3193)

Users of frysk are advised to upgrade to this updated package, which contains a backported patch to correct this issue. All running frysk applications must be restarted for this update to take effect.

Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2011-September/018072.html http://lists.centos.org/pipermail/centos-announce/2011-September/018073.html

Affected packages: frysk

Upstream details at: https://rhn.redhat.com/errata/RHSA-2011-1327.html