This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.
The remote Scientific Linux host is missing one or more security
frysk is an execution-analysis technology implemented using native
Java and C++. It provides developers and system administrators with
the ability to examine and analyze multi-host, multi-process, and
multithreaded systems while they are running. frysk is released as a
Technology Preview for Scientific Linux 4.
A buffer overflow flaw was found in HarfBuzz, an OpenType text shaping
engine used in the embedded Pango library. If a frysk application were
used to debug or trace a process that uses HarfBuzz while it loaded a
specially crafted font file, it could cause the application to crash
or, possibly, execute arbitrary code with the privileges of the user
running the application. (CVE-2011-3193)
Users of frysk are advised to upgrade to this updated package, which
contains a backported patch to correct this issue. All running frysk
applications must be restarted for this update to take effect.
See also :
Update the affected frysk and / or frysk-debuginfo packages.
Risk factor :
High / CVSS Base Score : 9.3
Family: Scientific Linux Local Security Checks
Nessus Plugin ID: 61138 ()
CVE ID: CVE-2011-3193
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.