Skip to navigation

Security Advisory Moderate: frysk security update

Advisory: RHSA-2011:1327-1
Type: Security Advisory
Severity: Moderate
Issued on: 2011-09-21
Last updated on: 2011-09-21
Affected Products: Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 4)
CVEs (cve.mitre.org): CVE-2011-3193

Details

An updated frysk package that fixes one security issue is now available for
Red Hat Enterprise Linux 4.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

frysk is an execution-analysis technology implemented using native Java and
C++. It provides developers and system administrators with the ability to
examine and analyze multi-host, multi-process, and multithreaded systems
while they are running. frysk is released as a Technology Preview for Red
Hat Enterprise Linux 4.

A buffer overflow flaw was found in HarfBuzz, an OpenType text shaping
engine used in the embedded Pango library. If a frysk application were used
to debug or trace a process that uses HarfBuzz while it loaded a
specially-crafted font file, it could cause the application to crash or,
possibly, execute arbitrary code with the privileges of the user running
the application. (CVE-2011-3193)

Users of frysk are advised to upgrade to this updated package, which
contains a backported patch to correct this issue. All running frysk
applications must be restarted for this update to take effect.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Updated packages

Red Hat Desktop (v. 4)

SRPMS:
frysk-0.0.1.2007.08.03-8.el4.src.rpm     MD5: 5d2269dfc13c80daa811185c07dd9157
SHA-256: 871b1e5a96e303205d8e7251e98689af12ea1478ae9ce92d7f0970ecc4b2ad4c
 
IA-32:
frysk-0.0.1.2007.08.03-8.el4.i386.rpm     MD5: f3fdc6ea8720e6b96b20d4da6360b7ed
SHA-256: 5b5926841921f4a2c8aed4e24e45f47a7c3894c692822bf90f888a3fe9b0b1b4
 
x86_64:
frysk-0.0.1.2007.08.03-8.el4.x86_64.rpm     MD5: 1a6b6ae079bd04df0912473b844d4c97
SHA-256: 9847c33719e1d31468dd9271573f5c806738fffe9dc0c61c353711a0f639dbec
 
Red Hat Enterprise Linux AS (v. 4)

SRPMS:
frysk-0.0.1.2007.08.03-8.el4.src.rpm     MD5: 5d2269dfc13c80daa811185c07dd9157
SHA-256: 871b1e5a96e303205d8e7251e98689af12ea1478ae9ce92d7f0970ecc4b2ad4c
 
IA-32:
frysk-0.0.1.2007.08.03-8.el4.i386.rpm     MD5: f3fdc6ea8720e6b96b20d4da6360b7ed
SHA-256: 5b5926841921f4a2c8aed4e24e45f47a7c3894c692822bf90f888a3fe9b0b1b4
 
x86_64:
frysk-0.0.1.2007.08.03-8.el4.x86_64.rpm     MD5: 1a6b6ae079bd04df0912473b844d4c97
SHA-256: 9847c33719e1d31468dd9271573f5c806738fffe9dc0c61c353711a0f639dbec
 
Red Hat Enterprise Linux ES (v. 4)

SRPMS:
frysk-0.0.1.2007.08.03-8.el4.src.rpm     MD5: 5d2269dfc13c80daa811185c07dd9157
SHA-256: 871b1e5a96e303205d8e7251e98689af12ea1478ae9ce92d7f0970ecc4b2ad4c
 
IA-32:
frysk-0.0.1.2007.08.03-8.el4.i386.rpm     MD5: f3fdc6ea8720e6b96b20d4da6360b7ed
SHA-256: 5b5926841921f4a2c8aed4e24e45f47a7c3894c692822bf90f888a3fe9b0b1b4
 
x86_64:
frysk-0.0.1.2007.08.03-8.el4.x86_64.rpm     MD5: 1a6b6ae079bd04df0912473b844d4c97
SHA-256: 9847c33719e1d31468dd9271573f5c806738fffe9dc0c61c353711a0f639dbec
 
Red Hat Enterprise Linux WS (v. 4)

SRPMS:
frysk-0.0.1.2007.08.03-8.el4.src.rpm     MD5: 5d2269dfc13c80daa811185c07dd9157
SHA-256: 871b1e5a96e303205d8e7251e98689af12ea1478ae9ce92d7f0970ecc4b2ad4c
 
IA-32:
frysk-0.0.1.2007.08.03-8.el4.i386.rpm     MD5: f3fdc6ea8720e6b96b20d4da6360b7ed
SHA-256: 5b5926841921f4a2c8aed4e24e45f47a7c3894c692822bf90f888a3fe9b0b1b4
 
x86_64:
frysk-0.0.1.2007.08.03-8.el4.x86_64.rpm     MD5: 1a6b6ae079bd04df0912473b844d4c97
SHA-256: 9847c33719e1d31468dd9271573f5c806738fffe9dc0c61c353711a0f639dbec
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

733118 - CVE-2011-3193 qt/harfbuzz buffer overflow


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/