Mandriva Linux Security Advisory - A vulnerablity in Tk was found that could be used to overrun a buffer when loading certain GIF images. If a user were tricked into opening a specially crafted GIF file, it could lead to a denial of service condition or possibly the execution of arbitrary code with the user's privileges.
fdee7478c7e7ee753aa4ed1d1053cb7018c3e5bd69240cd8459309b0d7473b47
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2007:200
http://www.mandriva.com/security/
_______________________________________________________________________
Package : tk
Date : October 18, 2007
Affected: 2007.0, 2007.1, 2008.0, Corporate 3.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
A vulnerablity in Tk was found that could be used to overrun a buffer
when loading certain GIF images. If a user were tricked into opening
a specially crafted GIF file, it could lead to a denial of service
condition or possibly the execution of arbitrary code with the user's
privileges.
Updated packages have been patched to prevent this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5137
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5378
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.0:
60f740fa8977a3d6ab49a40b750a3d1b 2007.0/i586/libtk8.4-8.4.13-1.1mdv2007.0.i586.rpm
05990645a727a885dd8fe6608f5dc8b8 2007.0/i586/libtk8.4-devel-8.4.13-1.1mdv2007.0.i586.rpm
6a5bcabc72b1395745a3d43c3b915465 2007.0/i586/tk-8.4.13-1.1mdv2007.0.i586.rpm
db9748c866c5e06eff04bc21dd6bf459 2007.0/SRPMS/tk-8.4.13-1.1mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
2df6cd7b62339579d5ae094cb8599b06 2007.0/x86_64/lib64tk8.4-8.4.13-1.1mdv2007.0.x86_64.rpm
fab4f39016d8ee9222547cc720c5769e 2007.0/x86_64/lib64tk8.4-devel-8.4.13-1.1mdv2007.0.x86_64.rpm
7b0c87404cffe6cb73fd731c312e9369 2007.0/x86_64/tk-8.4.13-1.1mdv2007.0.x86_64.rpm
db9748c866c5e06eff04bc21dd6bf459 2007.0/SRPMS/tk-8.4.13-1.1mdv2007.0.src.rpm
Mandriva Linux 2007.1:
e33895b367c8d1982f3269a5c73dc801 2007.1/i586/libtk8.4-8.4.14-1.1mdv2007.1.i586.rpm
7dc650450f7d3d307411935bea210cf8 2007.1/i586/libtk8.4-devel-8.4.14-1.1mdv2007.1.i586.rpm
7b97b6cf3fd8032fd3ee3ce4ad7c255f 2007.1/i586/tk-8.4.14-1.1mdv2007.1.i586.rpm
c4e8e865f6c1d3e36bb201e2ee2f9ab1 2007.1/SRPMS/tk-8.4.14-1.1mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64:
11e5c61b9e2703782c8ce440270a3eaf 2007.1/x86_64/lib64tk8.4-8.4.14-1.1mdv2007.1.x86_64.rpm
27430c69edd74459d4b8be1edb2f4613 2007.1/x86_64/lib64tk8.4-devel-8.4.14-1.1mdv2007.1.x86_64.rpm
118d089330e5a08125f5a2b15a7c2f8a 2007.1/x86_64/tk-8.4.14-1.1mdv2007.1.x86_64.rpm
c4e8e865f6c1d3e36bb201e2ee2f9ab1 2007.1/SRPMS/tk-8.4.14-1.1mdv2007.1.src.rpm
Mandriva Linux 2008.0:
46626982fee7008f9c33437c36de3ce3 2008.0/i586/libtk-devel-8.5a6-8.1mdv2008.0.i586.rpm
f9ee0b9ae377c06319de116ef3b5cd34 2008.0/i586/libtk8.5-8.5a6-8.1mdv2008.0.i586.rpm
c52bd1e8b18c214715e5a83a05d5ce77 2008.0/i586/tk-8.5a6-8.1mdv2008.0.i586.rpm
988dbc066b5e5ced3b97edcefd171a8a 2008.0/SRPMS/tk-8.5a6-8.1mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
02c6ef1b37706392f4fabf98a570c50f 2008.0/x86_64/lib64tk-devel-8.5a6-8.1mdv2008.0.x86_64.rpm
f47bbdadd81cc964898046fde9e3d9f4 2008.0/x86_64/lib64tk8.5-8.5a6-8.1mdv2008.0.x86_64.rpm
d247ad4d59c410442db053159220e16b 2008.0/x86_64/tk-8.5a6-8.1mdv2008.0.x86_64.rpm
988dbc066b5e5ced3b97edcefd171a8a 2008.0/SRPMS/tk-8.5a6-8.1mdv2008.0.src.rpm
Corporate 3.0:
66a845d440a9e2349213fae27271c780 corporate/3.0/i586/expect-8.4.5-3.1.C30mdk.i586.rpm
27bedea45e60fc2da882019c8b31d3a7 corporate/3.0/i586/itcl-8.4.5-3.1.C30mdk.i586.rpm
de54d041b4c3e2543cc3da2f0c657a81 corporate/3.0/i586/tcl-8.4.5-3.1.C30mdk.i586.rpm
36be5f9bac328bf45baeac3cdbdd47ff corporate/3.0/i586/tcllib-8.4.5-3.1.C30mdk.i586.rpm
406b9d9ddaaf92b60c7baf154ffcf410 corporate/3.0/i586/tclx-8.4.5-3.1.C30mdk.i586.rpm
477a109cb62b37fd8bf41ca1df368aa1 corporate/3.0/i586/tix-8.4.5-3.1.C30mdk.i586.rpm
d893211a561731ad81935ac16210fd73 corporate/3.0/i586/tk-8.4.5-3.1.C30mdk.i586.rpm
b60191000be9b0abd1c8c9a199aff8c4 corporate/3.0/SRPMS/tcltk-8.4.5-3.1.C30mdk.src.rpm
Corporate 4.0:
d501589065ada8f8443f118b3e50a86b corporate/4.0/i586/expect-8.4.11-1.1.20060mlcs4.i586.rpm
3b3dd07ea762151dea7a858ffb40a950 corporate/4.0/i586/itcl-8.4.11-1.1.20060mlcs4.i586.rpm
ce8a6ba003a58318d88d9cf85701d108 corporate/4.0/i586/iwidgets-8.4.11-1.1.20060mlcs4.i586.rpm
fc38d955a50378b5e60a13e56fb72d92 corporate/4.0/i586/libtcl8.4-8.4.11-1.1.20060mlcs4.i586.rpm
5f811fc02c05775092056dcbcce5cdfa corporate/4.0/i586/libtk8.4-8.4.11-1.1.20060mlcs4.i586.rpm
d556c96e07f5874434cb6de855ad3397 corporate/4.0/i586/tcl-8.4.11-1.1.20060mlcs4.i586.rpm
ec615811cd2d9a30d70e19efcbc3e5d1 corporate/4.0/i586/tcllib-8.4.11-1.1.20060mlcs4.i586.rpm
5fa89f9eedf7bf7c9bfa6b4532c3f745 corporate/4.0/i586/tclx-8.4.11-1.1.20060mlcs4.i586.rpm
50c4cf284aae086ee97c5c88264e380b corporate/4.0/i586/tix-8.4.11-1.1.20060mlcs4.i586.rpm
9c10c63d3114b15276006bc13ac22135 corporate/4.0/i586/tk-8.4.11-1.1.20060mlcs4.i586.rpm
01f4fd97200cab45c5e438bc2de16ef3 corporate/4.0/SRPMS/tcltk-8.4.11-1.1.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
e0046f480e791d86126b47b1e60e070d corporate/4.0/x86_64/expect-8.4.11-1.1.20060mlcs4.x86_64.rpm
b3e645973c2aa36643fa991a36250c79 corporate/4.0/x86_64/itcl-8.4.11-1.1.20060mlcs4.x86_64.rpm
735a36431c6154be8b02a39adc9b2116 corporate/4.0/x86_64/iwidgets-8.4.11-1.1.20060mlcs4.x86_64.rpm
bd7b3b9a4da0ae6c8f44289ca8287a77 corporate/4.0/x86_64/lib64tcl8.4-8.4.11-1.1.20060mlcs4.x86_64.rpm
79738e06527efc5988f42fa0dcb47c4b corporate/4.0/x86_64/lib64tk8.4-8.4.11-1.1.20060mlcs4.x86_64.rpm
43e3fa88ab61c2de84627d0fdc73ded0 corporate/4.0/x86_64/tcl-8.4.11-1.1.20060mlcs4.x86_64.rpm
91f8eb2f70ceb0a18dfcea1cb5cba0b9 corporate/4.0/x86_64/tcllib-8.4.11-1.1.20060mlcs4.x86_64.rpm
a229460593913f7057e23e0556a85b77 corporate/4.0/x86_64/tclx-8.4.11-1.1.20060mlcs4.x86_64.rpm
c7247488fcd4de1f54a9427157b8fbeb corporate/4.0/x86_64/tix-8.4.11-1.1.20060mlcs4.x86_64.rpm
3b30e0802b236a1a60a55c67f9f36746 corporate/4.0/x86_64/tk-8.4.11-1.1.20060mlcs4.x86_64.rpm
01f4fd97200cab45c5e438bc2de16ef3 corporate/4.0/SRPMS/tcltk-8.4.11-1.1.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFHF6xFmqjQ0CJFipgRAu8bAJ9GtA0FLzMG/dUWCy5dfWWQIfySBwCgy8cj
rAKbfS9luXheK00ZdJGpFNE=
=Dzys
-----END PGP SIGNATURE-----