Scientific Linux Security Update : frysk on SL4.x i386/x86_64

High Nessus Plugin ID 61138


The remote Scientific Linux host is missing one or more security updates.


frysk is an execution-analysis technology implemented using native Java and C++. It provides developers and system administrators with the ability to examine and analyze multi-host, multi-process, and multithreaded systems while they are running. frysk is released as a Technology Preview for Scientific Linux 4.

A buffer overflow flaw was found in HarfBuzz, an OpenType text shaping engine used in the embedded Pango library. If a frysk application were used to debug or trace a process that uses HarfBuzz while it loaded a specially crafted font file, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3193)

Users of frysk are advised to upgrade to this updated package, which contains a backported patch to correct this issue. All running frysk applications must be restarted for this update to take effect.


Update the affected frysk and / or frysk-debuginfo packages.

See Also

Plugin Details

Severity: High

ID: 61138

File Name: sl_20110921_frysk_on_SL4_x.nasl

Version: $Revision: 1.3 $

Type: local

Agent: unix

Published: 2012/08/01

Modified: 2014/08/16

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: x-cpe:/o:fermilab:scientific_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/RedHat/release, Host/RedHat/rpm-list

Patch Publication Date: 2011/09/21

Reference Information

CVE: CVE-2011-3193