9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.022 Low
EPSS
Percentile
89.5%
CentOS Errata and Security Advisory CESA-2011:1327
frysk is an execution-analysis technology implemented using native Java and
C++. It provides developers and system administrators with the ability to
examine and analyze multi-host, multi-process, and multithreaded systems
while they are running. frysk is released as a Technology Preview for Red
Hat Enterprise Linux 4.
A buffer overflow flaw was found in HarfBuzz, an OpenType text shaping
engine used in the embedded Pango library. If a frysk application were used
to debug or trace a process that uses HarfBuzz while it loaded a
specially-crafted font file, it could cause the application to crash or,
possibly, execute arbitrary code with the privileges of the user running
the application. (CVE-2011-3193)
Users of frysk are advised to upgrade to this updated package, which
contains a backported patch to correct this issue. All running frysk
applications must be restarted for this update to take effect.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2011-September/080234.html
https://lists.centos.org/pipermail/centos-announce/2011-September/080235.html
Affected packages:
frysk
Upstream details at:
https://access.redhat.com/errata/RHSA-2011:1327
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 4 | i386 | frysk | < 0.0.1.2007.08.03-8.el4 | frysk-0.0.1.2007.08.03-8.el4.i386.rpm |
CentOS | 4 | x86_64 | frysk | < 0.0.1.2007.08.03-8.el4 | frysk-0.0.1.2007.08.03-8.el4.x86_64.rpm |