[ MDKSA-2007:200 ] - Updated tk packages fix vulnerabilities
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2007:200
http://www.mandriva.com/security/
_______________________________________________________________________
Package : tk
Date : October 18, 2007
Affected: 2007.0, 2007.1, 2008.0, Corporate 3.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
A vulnerablity in Tk was found that could be used to overrun a buffer
when loading certain GIF images. If a user were tricked into opening
a specially crafted GIF file, it could lead to a denial of service
condition or possibly the execution of arbitrary code with the user's
privileges.
Updated packages have been patched to prevent this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5137
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5378
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.0:
60f740fa8977a3d6ab49a40b750a3d1b
2007.0/i586/libtk8.4-8.4.13-1.1mdv2007.0.i586.rpm
05990645a727a885dd8fe6608f5dc8b8
2007.0/i586/libtk8.4-devel-8.4.13-1.1mdv2007.0.i586.rpm
6a5bcabc72b1395745a3d43c3b915465 2007.0/i586/tk-8.4.13-1.1mdv2007.0.i586.rpm
db9748c866c5e06eff04bc21dd6bf459 2007.0/SRPMS/tk-8.4.13-1.1mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
2df6cd7b62339579d5ae094cb8599b06
2007.0/x86_64/lib64tk8.4-8.4.13-1.1mdv2007.0.x86_64.rpm
fab4f39016d8ee9222547cc720c5769e
2007.0/x86_64/lib64tk8.4-devel-8.4.13-1.1mdv2007.0.x86_64.rpm
7b0c87404cffe6cb73fd731c312e9369
2007.0/x86_64/tk-8.4.13-1.1mdv2007.0.x86_64.rpm
db9748c866c5e06eff04bc21dd6bf459 2007.0/SRPMS/tk-8.4.13-1.1mdv2007.0.src.rpm
Mandriva Linux 2007.1:
e33895b367c8d1982f3269a5c73dc801
2007.1/i586/libtk8.4-8.4.14-1.1mdv2007.1.i586.rpm
7dc650450f7d3d307411935bea210cf8
2007.1/i586/libtk8.4-devel-8.4.14-1.1mdv2007.1.i586.rpm
7b97b6cf3fd8032fd3ee3ce4ad7c255f 2007.1/i586/tk-8.4.14-1.1mdv2007.1.i586.rpm
c4e8e865f6c1d3e36bb201e2ee2f9ab1 2007.1/SRPMS/tk-8.4.14-1.1mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64:
11e5c61b9e2703782c8ce440270a3eaf
2007.1/x86_64/lib64tk8.4-8.4.14-1.1mdv2007.1.x86_64.rpm
27430c69edd74459d4b8be1edb2f4613
2007.1/x86_64/lib64tk8.4-devel-8.4.14-1.1mdv2007.1.x86_64.rpm
118d089330e5a08125f5a2b15a7c2f8a
2007.1/x86_64/tk-8.4.14-1.1mdv2007.1.x86_64.rpm
c4e8e865f6c1d3e36bb201e2ee2f9ab1 2007.1/SRPMS/tk-8.4.14-1.1mdv2007.1.src.rpm
Mandriva Linux 2008.0:
46626982fee7008f9c33437c36de3ce3
2008.0/i586/libtk-devel-8.5a6-8.1mdv2008.0.i586.rpm
f9ee0b9ae377c06319de116ef3b5cd34
2008.0/i586/libtk8.5-8.5a6-8.1mdv2008.0.i586.rpm
c52bd1e8b18c214715e5a83a05d5ce77 2008.0/i586/tk-8.5a6-8.1mdv2008.0.i586.rpm
988dbc066b5e5ced3b97edcefd171a8a 2008.0/SRPMS/tk-8.5a6-8.1mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
02c6ef1b37706392f4fabf98a570c50f
2008.0/x86_64/lib64tk-devel-8.5a6-8.1mdv2008.0.x86_64.rpm
f47bbdadd81cc964898046fde9e3d9f4
2008.0/x86_64/lib64tk8.5-8.5a6-8.1mdv2008.0.x86_64.rpm
d247ad4d59c410442db053159220e16b
2008.0/x86_64/tk-8.5a6-8.1mdv2008.0.x86_64.rpm
988dbc066b5e5ced3b97edcefd171a8a 2008.0/SRPMS/tk-8.5a6-8.1mdv2008.0.src.rpm
Corporate 3.0:
66a845d440a9e2349213fae27271c780
corporate/3.0/i586/expect-8.4.5-3.1.C30mdk.i586.rpm
27bedea45e60fc2da882019c8b31d3a7
corporate/3.0/i586/itcl-8.4.5-3.1.C30mdk.i586.rpm
de54d041b4c3e2543cc3da2f0c657a81
corporate/3.0/i586/tcl-8.4.5-3.1.C30mdk.i586.rpm
36be5f9bac328bf45baeac3cdbdd47ff
corporate/3.0/i586/tcllib-8.4.5-3.1.C30mdk.i586.rpm
406b9d9ddaaf92b60c7baf154ffcf410
corporate/3.0/i586/tclx-8.4.5-3.1.C30mdk.i586.rpm
477a109cb62b37fd8bf41ca1df368aa1
corporate/3.0/i586/tix-8.4.5-3.1.C30mdk.i586.rpm
d893211a561731ad81935ac16210fd73
corporate/3.0/i586/tk-8.4.5-3.1.C30mdk.i586.rpm
b60191000be9b0abd1c8c9a199aff8c4
corporate/3.0/SRPMS/tcltk-8.4.5-3.1.C30mdk.src.rpm
Corporate 4.0:
d501589065ada8f8443f118b3e50a86b
corporate/4.0/i586/expect-8.4.11-1.1.20060mlcs4.i586.rpm
3b3dd07ea762151dea7a858ffb40a950
corporate/4.0/i586/itcl-8.4.11-1.1.20060mlcs4.i586.rpm
ce8a6ba003a58318d88d9cf85701d108
corporate/4.0/i586/iwidgets-8.4.11-1.1.20060mlcs4.i586.rpm
fc38d955a50378b5e60a13e56fb72d92
corporate/4.0/i586/libtcl8.4-8.4.11-1.1.20060mlcs4.i586.rpm
5f811fc02c05775092056dcbcce5cdfa
corporate/4.0/i586/libtk8.4-8.4.11-1.1.20060mlcs4.i586.rpm
d556c96e07f5874434cb6de855ad3397
corporate/4.0/i586/tcl-8.4.11-1.1.20060mlcs4.i586.rpm
ec615811cd2d9a30d70e19efcbc3e5d1
corporate/4.0/i586/tcllib-8.4.11-1.1.20060mlcs4.i586.rpm
5fa89f9eedf7bf7c9bfa6b4532c3f745
corporate/4.0/i586/tclx-8.4.11-1.1.20060mlcs4.i586.rpm
50c4cf284aae086ee97c5c88264e380b
corporate/4.0/i586/tix-8.4.11-1.1.20060mlcs4.i586.rpm
9c10c63d3114b15276006bc13ac22135
corporate/4.0/i586/tk-8.4.11-1.1.20060mlcs4.i586.rpm
01f4fd97200cab45c5e438bc2de16ef3
corporate/4.0/SRPMS/tcltk-8.4.11-1.1.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
e0046f480e791d86126b47b1e60e070d
corporate/4.0/x86_64/expect-8.4.11-1.1.20060mlcs4.x86_64.rpm
b3e645973c2aa36643fa991a36250c79
corporate/4.0/x86_64/itcl-8.4.11-1.1.20060mlcs4.x86_64.rpm
735a36431c6154be8b02a39adc9b2116
corporate/4.0/x86_64/iwidgets-8.4.11-1.1.20060mlcs4.x86_64.rpm
bd7b3b9a4da0ae6c8f44289ca8287a77
corporate/4.0/x86_64/lib64tcl8.4-8.4.11-1.1.20060mlcs4.x86_64.rpm
79738e06527efc5988f42fa0dcb47c4b
corporate/4.0/x86_64/lib64tk8.4-8.4.11-1.1.20060mlcs4.x86_64.rpm
43e3fa88ab61c2de84627d0fdc73ded0
corporate/4.0/x86_64/tcl-8.4.11-1.1.20060mlcs4.x86_64.rpm
91f8eb2f70ceb0a18dfcea1cb5cba0b9
corporate/4.0/x86_64/tcllib-8.4.11-1.1.20060mlcs4.x86_64.rpm
a229460593913f7057e23e0556a85b77
corporate/4.0/x86_64/tclx-8.4.11-1.1.20060mlcs4.x86_64.rpm
c7247488fcd4de1f54a9427157b8fbeb
corporate/4.0/x86_64/tix-8.4.11-1.1.20060mlcs4.x86_64.rpm
3b30e0802b236a1a60a55c67f9f36746
corporate/4.0/x86_64/tk-8.4.11-1.1.20060mlcs4.x86_64.rpm
01f4fd97200cab45c5e438bc2de16ef3
corporate/4.0/SRPMS/tcltk-8.4.11-1.1.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFHF6xFmqjQ0CJFipgRAu8bAJ9GtA0FLzMG/dUWCy5dfWWQIfySBwCgy8cj
rAKbfS9luXheK00ZdJGpFNE=
=Dzys
-----END PGP SIGNATURE-----