-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2007:200 http://www.mandriva.com/security/ _______________________________________________________________________ Package : tk Date : October 18, 2007 Affected: 2007.0, 2007.1, 2008.0, Corporate 3.0, Corporate 4.0 _______________________________________________________________________ Problem Description: A vulnerablity in Tk was found that could be used to overrun a buffer when loading certain GIF images. If a user were tricked into opening a specially crafted GIF file, it could lead to a denial of service condition or possibly the execution of arbitrary code with the user's privileges. Updated packages have been patched to prevent this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5137 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5378 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.0: 60f740fa8977a3d6ab49a40b750a3d1b 2007.0/i586/libtk8.4-8.4.13-1.1mdv2007.0.i586.rpm 05990645a727a885dd8fe6608f5dc8b8 2007.0/i586/libtk8.4-devel-8.4.13-1.1mdv2007.0.i586.rpm 6a5bcabc72b1395745a3d43c3b915465 2007.0/i586/tk-8.4.13-1.1mdv2007.0.i586.rpm db9748c866c5e06eff04bc21dd6bf459 2007.0/SRPMS/tk-8.4.13-1.1mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: 2df6cd7b62339579d5ae094cb8599b06 2007.0/x86_64/lib64tk8.4-8.4.13-1.1mdv2007.0.x86_64.rpm fab4f39016d8ee9222547cc720c5769e 2007.0/x86_64/lib64tk8.4-devel-8.4.13-1.1mdv2007.0.x86_64.rpm 7b0c87404cffe6cb73fd731c312e9369 2007.0/x86_64/tk-8.4.13-1.1mdv2007.0.x86_64.rpm db9748c866c5e06eff04bc21dd6bf459 2007.0/SRPMS/tk-8.4.13-1.1mdv2007.0.src.rpm Mandriva Linux 2007.1: e33895b367c8d1982f3269a5c73dc801 2007.1/i586/libtk8.4-8.4.14-1.1mdv2007.1.i586.rpm 7dc650450f7d3d307411935bea210cf8 2007.1/i586/libtk8.4-devel-8.4.14-1.1mdv2007.1.i586.rpm 7b97b6cf3fd8032fd3ee3ce4ad7c255f 2007.1/i586/tk-8.4.14-1.1mdv2007.1.i586.rpm c4e8e865f6c1d3e36bb201e2ee2f9ab1 2007.1/SRPMS/tk-8.4.14-1.1mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: 11e5c61b9e2703782c8ce440270a3eaf 2007.1/x86_64/lib64tk8.4-8.4.14-1.1mdv2007.1.x86_64.rpm 27430c69edd74459d4b8be1edb2f4613 2007.1/x86_64/lib64tk8.4-devel-8.4.14-1.1mdv2007.1.x86_64.rpm 118d089330e5a08125f5a2b15a7c2f8a 2007.1/x86_64/tk-8.4.14-1.1mdv2007.1.x86_64.rpm c4e8e865f6c1d3e36bb201e2ee2f9ab1 2007.1/SRPMS/tk-8.4.14-1.1mdv2007.1.src.rpm Mandriva Linux 2008.0: 46626982fee7008f9c33437c36de3ce3 2008.0/i586/libtk-devel-8.5a6-8.1mdv2008.0.i586.rpm f9ee0b9ae377c06319de116ef3b5cd34 2008.0/i586/libtk8.5-8.5a6-8.1mdv2008.0.i586.rpm c52bd1e8b18c214715e5a83a05d5ce77 2008.0/i586/tk-8.5a6-8.1mdv2008.0.i586.rpm 988dbc066b5e5ced3b97edcefd171a8a 2008.0/SRPMS/tk-8.5a6-8.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 02c6ef1b37706392f4fabf98a570c50f 2008.0/x86_64/lib64tk-devel-8.5a6-8.1mdv2008.0.x86_64.rpm f47bbdadd81cc964898046fde9e3d9f4 2008.0/x86_64/lib64tk8.5-8.5a6-8.1mdv2008.0.x86_64.rpm d247ad4d59c410442db053159220e16b 2008.0/x86_64/tk-8.5a6-8.1mdv2008.0.x86_64.rpm 988dbc066b5e5ced3b97edcefd171a8a 2008.0/SRPMS/tk-8.5a6-8.1mdv2008.0.src.rpm Corporate 3.0: 66a845d440a9e2349213fae27271c780 corporate/3.0/i586/expect-8.4.5-3.1.C30mdk.i586.rpm 27bedea45e60fc2da882019c8b31d3a7 corporate/3.0/i586/itcl-8.4.5-3.1.C30mdk.i586.rpm de54d041b4c3e2543cc3da2f0c657a81 corporate/3.0/i586/tcl-8.4.5-3.1.C30mdk.i586.rpm 36be5f9bac328bf45baeac3cdbdd47ff corporate/3.0/i586/tcllib-8.4.5-3.1.C30mdk.i586.rpm 406b9d9ddaaf92b60c7baf154ffcf410 corporate/3.0/i586/tclx-8.4.5-3.1.C30mdk.i586.rpm 477a109cb62b37fd8bf41ca1df368aa1 corporate/3.0/i586/tix-8.4.5-3.1.C30mdk.i586.rpm d893211a561731ad81935ac16210fd73 corporate/3.0/i586/tk-8.4.5-3.1.C30mdk.i586.rpm b60191000be9b0abd1c8c9a199aff8c4 corporate/3.0/SRPMS/tcltk-8.4.5-3.1.C30mdk.src.rpm Corporate 4.0: d501589065ada8f8443f118b3e50a86b corporate/4.0/i586/expect-8.4.11-1.1.20060mlcs4.i586.rpm 3b3dd07ea762151dea7a858ffb40a950 corporate/4.0/i586/itcl-8.4.11-1.1.20060mlcs4.i586.rpm ce8a6ba003a58318d88d9cf85701d108 corporate/4.0/i586/iwidgets-8.4.11-1.1.20060mlcs4.i586.rpm fc38d955a50378b5e60a13e56fb72d92 corporate/4.0/i586/libtcl8.4-8.4.11-1.1.20060mlcs4.i586.rpm 5f811fc02c05775092056dcbcce5cdfa corporate/4.0/i586/libtk8.4-8.4.11-1.1.20060mlcs4.i586.rpm d556c96e07f5874434cb6de855ad3397 corporate/4.0/i586/tcl-8.4.11-1.1.20060mlcs4.i586.rpm ec615811cd2d9a30d70e19efcbc3e5d1 corporate/4.0/i586/tcllib-8.4.11-1.1.20060mlcs4.i586.rpm 5fa89f9eedf7bf7c9bfa6b4532c3f745 corporate/4.0/i586/tclx-8.4.11-1.1.20060mlcs4.i586.rpm 50c4cf284aae086ee97c5c88264e380b corporate/4.0/i586/tix-8.4.11-1.1.20060mlcs4.i586.rpm 9c10c63d3114b15276006bc13ac22135 corporate/4.0/i586/tk-8.4.11-1.1.20060mlcs4.i586.rpm 01f4fd97200cab45c5e438bc2de16ef3 corporate/4.0/SRPMS/tcltk-8.4.11-1.1.20060mlcs4.src.rpm Corporate 4.0/X86_64: e0046f480e791d86126b47b1e60e070d corporate/4.0/x86_64/expect-8.4.11-1.1.20060mlcs4.x86_64.rpm b3e645973c2aa36643fa991a36250c79 corporate/4.0/x86_64/itcl-8.4.11-1.1.20060mlcs4.x86_64.rpm 735a36431c6154be8b02a39adc9b2116 corporate/4.0/x86_64/iwidgets-8.4.11-1.1.20060mlcs4.x86_64.rpm bd7b3b9a4da0ae6c8f44289ca8287a77 corporate/4.0/x86_64/lib64tcl8.4-8.4.11-1.1.20060mlcs4.x86_64.rpm 79738e06527efc5988f42fa0dcb47c4b corporate/4.0/x86_64/lib64tk8.4-8.4.11-1.1.20060mlcs4.x86_64.rpm 43e3fa88ab61c2de84627d0fdc73ded0 corporate/4.0/x86_64/tcl-8.4.11-1.1.20060mlcs4.x86_64.rpm 91f8eb2f70ceb0a18dfcea1cb5cba0b9 corporate/4.0/x86_64/tcllib-8.4.11-1.1.20060mlcs4.x86_64.rpm a229460593913f7057e23e0556a85b77 corporate/4.0/x86_64/tclx-8.4.11-1.1.20060mlcs4.x86_64.rpm c7247488fcd4de1f54a9427157b8fbeb corporate/4.0/x86_64/tix-8.4.11-1.1.20060mlcs4.x86_64.rpm 3b30e0802b236a1a60a55c67f9f36746 corporate/4.0/x86_64/tk-8.4.11-1.1.20060mlcs4.x86_64.rpm 01f4fd97200cab45c5e438bc2de16ef3 corporate/4.0/SRPMS/tcltk-8.4.11-1.1.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHF6xFmqjQ0CJFipgRAu8bAJ9GtA0FLzMG/dUWCy5dfWWQIfySBwCgy8cj rAKbfS9luXheK00ZdJGpFNE= =Dzys -----END PGP SIGNATURE-----