what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Debian Linux Security Advisory 1416-1

Debian Linux Security Advisory 1416-1
Posted Nov 28, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1416-1 - It was discovered that Tk, a cross-platform graphical toolkit for Tcl performs insufficient input validation in the code used to load GIF images, which may lead to the execution of arbitrary code.

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2007-5378
SHA-256 | 0c4d6292b13a01501302bcef3d53bd3d3f5c806f08a08eda4a7d8d67b8e70dc4

Debian Linux Security Advisory 1416-1

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1416-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
November 27, 2007 https://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : tk8.3
Vulnerability : buffer overflow
Problem type : local(remote)
Debian-specific: no
CVE Id(s) : CVE-2007-5378

It was discovered that Tk, a cross-platform graphical toolkit for Tcl
performs insufficient input validation in the code used to load GIF
images, which may lead to the execution of arbitrary code.

For the stable distribution (etch), this problem has been fixed in
version 8.3.5-6etch1.

Due to the technical limitation in the Debian archive scripts the update
for the old stable distribution (sarge) cannot be released in sync with
the update for the stable distribution. It will be provided in the next
days.

We recommend that you upgrade your tk8.3 packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian (stable)
- ---------------

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

https://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch1.dsc
Size/MD5 checksum: 672 de719ed8329448b60a2aa5222d94b4c5
https://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch1.diff.gz
Size/MD5 checksum: 28583 de9d57ab9820f98f01a71cab78b9a51c
https://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5.orig.tar.gz
Size/MD5 checksum: 2598030 363a55d31d94e05159e9212074c68004

Architecture independent packages:

https://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-doc_8.3.5-6etch1_all.deb
Size/MD5 checksum: 656798 11b87b5e83e8adfa2e19dc93567c422f

alpha architecture (DEC Alpha)

https://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch1_alpha.deb
Size/MD5 checksum: 808264 05534d541c67856fd7df57bee0b7448f
https://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch1_alpha.deb
Size/MD5 checksum: 870224 c8f3c39de9dbdbe34afc0558653e97f2

amd64 architecture (AMD x86_64 (AMD64))

https://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch1_amd64.deb
Size/MD5 checksum: 691340 3aa055a50b0c1864712cad543240cab6
https://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch1_amd64.deb
Size/MD5 checksum: 830790 50c07325658b74d25d06e239012da590

arm architecture (ARM)

https://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch1_arm.deb
Size/MD5 checksum: 649782 33621a77aaf49894dc7962d7579ae2c3
https://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch1_arm.deb
Size/MD5 checksum: 802848 7619e44e0c07804307f3b3d59d97589a

hppa architecture (HP PA RISC)

https://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch1_hppa.deb
Size/MD5 checksum: 888990 d9eaf0227c0594236389bf877747744e
https://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch1_hppa.deb
Size/MD5 checksum: 773376 c06fc4983e04a409811c6b070a7d0b4a

i386 architecture (Intel ia32)

https://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch1_i386.deb
Size/MD5 checksum: 670426 3bf93bae2527f043b01edb3018de4d90
https://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch1_i386.deb
Size/MD5 checksum: 803736 99d6c8562e60a2648817db63555fcbc1

ia64 architecture (Intel ia64)

https://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch1_ia64.deb
Size/MD5 checksum: 1057842 45e3159db424788b401d4a98c1dfb511
https://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch1_ia64.deb
Size/MD5 checksum: 959436 9cce282e61e257655301ad47ddc03ac1

mips architecture (MIPS (Big Endian))

https://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch1_mips.deb
Size/MD5 checksum: 824708 437a50b7cfd05d863b9a4a97b596969e
https://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch1_mips.deb
Size/MD5 checksum: 725262 8a50f4b098e50fec648ce187139f8af8

mipsel architecture (MIPS (Little Endian))

https://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch1_mipsel.deb
Size/MD5 checksum: 822976 3451e740c116b8fbf77c07e744624637
https://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch1_mipsel.deb
Size/MD5 checksum: 725896 6c09774f07d8463251684f26c1bcda1f

powerpc architecture (PowerPC)

https://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch1_powerpc.deb
Size/MD5 checksum: 824230 2251a2ee8548aeeb72dd4a1f425fc2b0
https://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch1_powerpc.deb
Size/MD5 checksum: 659860 d0332098901ff52792d9ab560b242b61

s390 architecture (IBM S/390)

https://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch1_s390.deb
Size/MD5 checksum: 693954 324775b60e7224a3aab44b895a3eb7b9
https://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch1_s390.deb
Size/MD5 checksum: 838370 1a04c4abe7846022366f401a7049e83e

sparc architecture (Sun SPARC/UltraSPARC)

https://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch1_sparc.deb
Size/MD5 checksum: 805234 9bc0cd3ac6d1a375ffe56d889d4967a7
https://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch1_sparc.deb
Size/MD5 checksum: 680440 328ed71bd6147eb48d1843ad04d7406c


These files will probably be moved into the stable distribution on
its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb https://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and https://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHTIQpXm3vHE4uyloRAu3YAJ9RDQkX0xRClWaEiZVkEU1A7/IHAgCdECYE
O227xjm2evaV0ZuE5krU8lU=
=ywra
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close