=========================================================== Ubuntu Security Notice USN-664-1 November 06, 2008 tk8.0, tk8.3, tk8.4 vulnerability CVE-2008-0553 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: tk8.0 8.0.5-11ubuntu0.1 tk8.3 8.3.5-4ubuntu1.2 tk8.4 8.4.12-0ubuntu1.2 Ubuntu 7.10: tk8.3 8.3.5-6ubuntu3.1 tk8.4 8.4.15-1ubuntu1.1 Ubuntu 8.04 LTS: tk8.4 8.4.16-2ubuntu1.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that Tk could be made to overrun a buffer when loading certain images. If a user were tricked into opening a specially crafted GIF image, remote attackers could cause a denial of service or execute arbitrary code with user privileges. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/t/tk8.0/tk8.0_8.0.5-11ubuntu0.1.diff.gz Size/MD5: 455767 624a4aaeda503706d929f7d8f203a3e3 http://security.ubuntu.com/ubuntu/pool/main/t/tk8.0/tk8.0_8.0.5-11ubuntu0.1.dsc Size/MD5: 1019 9f9fde8c98171c13cf504bb2c2bdde17 http://security.ubuntu.com/ubuntu/pool/main/t/tk8.0/tk8.0_8.0.5.orig.tar.gz Size/MD5: 2033223 3ae92b86c01ec99a1872697294839e64 http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5-4ubuntu1.2.diff.gz Size/MD5: 28060 51b033f7ac63ec0dc35fb3ebcb50f418 http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5-4ubuntu1.2.dsc Size/MD5: 1023 49db61772bb838f83df230b214161907 http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5.orig.tar.gz Size/MD5: 2598030 363a55d31d94e05159e9212074c68004 http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.12-0ubuntu1.2.diff.gz Size/MD5: 21534 2e49f47d0df578cddbfb9775469d168b http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.12-0ubuntu1.2.dsc Size/MD5: 1083 a3ad94f647e37b3da2d3ea2274bb6f08 http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.12.orig.tar.gz Size/MD5: 3245547 316491cb82d898b434842353aed1f0d6 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4-doc_8.4.12-0ubuntu1.2_all.deb Size/MD5: 788200 01dc19de0b3d36acea0541622129a442 http://security.ubuntu.com/ubuntu/pool/universe/t/tk8.0/tk8.0-doc_8.0.5-11ubuntu0.1_all.deb Size/MD5: 555110 8da51243a21a0d0e03c4bb5c33389e42 http://security.ubuntu.com/ubuntu/pool/universe/t/tk8.3/tk8.3-doc_8.3.5-4ubuntu1.2_all.deb Size/MD5: 656938 24d91aed7f2612ac56b56bbf16a6b3a8 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/t/tk8.0/tk8.0_8.0.5-11ubuntu0.1_amd64.deb Size/MD5: 1242594 9c6cb511fc3ec39fc4f338f616597307 http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3-dev_8.3.5-4ubuntu1.2_amd64.deb Size/MD5: 697568 d47ef6fa6c4269899d84273a3c502318 http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5-4ubuntu1.2_amd64.deb Size/MD5: 2919866 9851c5e98c5820edee0cb73134e4465f http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4-dev_8.4.12-0ubuntu1.2_amd64.deb Size/MD5: 846932 7203e3548032f5e126c3e04adddcd9bb http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.12-0ubuntu1.2_amd64.deb Size/MD5: 1012164 e8d1cc364274f2c92fff254bf0cf31ff http://security.ubuntu.com/ubuntu/pool/universe/t/tk8.0/tk8.0-dev_8.0.5-11ubuntu0.1_amd64.deb Size/MD5: 564798 d6aaa3faa675ae34f5517b9a800ec4e7 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/t/tk8.0/tk8.0_8.0.5-11ubuntu0.1_i386.deb Size/MD5: 1112956 b27a3e79df915bff0aa557bdae8eac0d http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3-dev_8.3.5-4ubuntu1.2_i386.deb Size/MD5: 648134 6747530f3380f84cbdc637e2c4ed3429 http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5-4ubuntu1.2_i386.deb Size/MD5: 2732568 5f1bc057480c20a0e66414b58a34ff58 http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4-dev_8.4.12-0ubuntu1.2_i386.deb Size/MD5: 793148 229b89170088c480db48a32f92ff28ba http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.12-0ubuntu1.2_i386.deb Size/MD5: 956516 0f531a37707a2e5db21c050fbaf752bd http://security.ubuntu.com/ubuntu/pool/universe/t/tk8.0/tk8.0-dev_8.0.5-11ubuntu0.1_i386.deb Size/MD5: 521652 6c10e6945c334c1506dacc9970367d03 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/t/tk8.0/tk8.0_8.0.5-11ubuntu0.1_powerpc.deb Size/MD5: 1230088 02a5a6f0bc73b94fd4c16d31bc633109 http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3-dev_8.3.5-4ubuntu1.2_powerpc.deb Size/MD5: 660074 c89495d38a922de0f188199d47971dbc http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5-4ubuntu1.2_powerpc.deb Size/MD5: 2932018 5e9388afbb35c561aff87c1ae83a322e http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4-dev_8.4.12-0ubuntu1.2_powerpc.deb Size/MD5: 806852 8d6a9dcacbf8725abf1f0beead19de65 http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.12-0ubuntu1.2_powerpc.deb Size/MD5: 999658 c483c85e3736eccf66f597f2e3deea13 http://security.ubuntu.com/ubuntu/pool/universe/t/tk8.0/tk8.0-dev_8.0.5-11ubuntu0.1_powerpc.deb Size/MD5: 533942 2b539c0f193b96518588ea1ba35d0cf6 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/t/tk8.0/tk8.0_8.0.5-11ubuntu0.1_sparc.deb Size/MD5: 1128404 dd01474892069952e4d23b7e46db81c8 http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3-dev_8.3.5-4ubuntu1.2_sparc.deb Size/MD5: 680266 2500c749b23b90a590d193f6687f4835 http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5-4ubuntu1.2_sparc.deb Size/MD5: 2792458 c8c5259f432014f64d0a3f91de2d1125 http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4-dev_8.4.12-0ubuntu1.2_sparc.deb Size/MD5: 826916 ba6ab8fd313bd283accfc849e56b7d30 http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.12-0ubuntu1.2_sparc.deb Size/MD5: 979172 0dc20a66a68b6b09227fa607ad9e9864 http://security.ubuntu.com/ubuntu/pool/universe/t/tk8.0/tk8.0-dev_8.0.5-11ubuntu0.1_sparc.deb Size/MD5: 538652 3d27539675cdf3fbf2a05546321ad736 Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5-6ubuntu3.1.diff.gz Size/MD5: 28401 56ae8da9e13ba5c50b5383a87e518452 http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5-6ubuntu3.1.dsc Size/MD5: 1162 9377043998c247fea3cb21cb2e93a49c http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5.orig.tar.gz Size/MD5: 2598030 363a55d31d94e05159e9212074c68004 http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.15-1ubuntu1.1.diff.gz Size/MD5: 11022 fabe1a67b27e694f25b384746589bbb8 http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.15-1ubuntu1.1.dsc Size/MD5: 1277 09200463daf224b1f7ab29b95bb50a3a http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.15.orig.tar.gz Size/MD5: 3340313 68777568d818e1980dda4b6b02b92f1a Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3-doc_8.3.5-6ubuntu3.1_all.deb Size/MD5: 657166 4713b2254c2467e6975c7a2fd2be4346 http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4-doc_8.4.15-1ubuntu1.1_all.deb Size/MD5: 806328 4e47f9174acbf2dd54a90b52991ec806 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3-dev_8.3.5-6ubuntu3.1_amd64.deb Size/MD5: 697782 8d9f3c14931017633eef838c86b866e8 http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5-6ubuntu3.1_amd64.deb Size/MD5: 838492 2def3ba9f59eddd2c7a6dd4a4ed504b4 http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4-dev_8.4.15-1ubuntu1.1_amd64.deb Size/MD5: 865754 539d4df4c8f30b21d8d3be213b9e2613 http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.15-1ubuntu1.1_amd64.deb Size/MD5: 1036114 b7f8a3d7f278382d4208f69f22c292a1 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3-dev_8.3.5-6ubuntu3.1_i386.deb Size/MD5: 672294 253fbc3e57601da574d4902318104e27 http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5-6ubuntu3.1_i386.deb Size/MD5: 809568 d14ddfa099c9e1d86e51c33ca4297a6b http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4-dev_8.4.15-1ubuntu1.1_i386.deb Size/MD5: 840150 45ae7d4de5e8307b43da6fed285e0f0f http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.15-1ubuntu1.1_i386.deb Size/MD5: 1002570 0feb06f1239d4dc3a09cecebb818df80 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/t/tk8.3/tk8.3-dev_8.3.5-6ubuntu3.1_lpia.deb Size/MD5: 664762 6b2c167a411b5bc6b51e897dbfc72d44 http://ports.ubuntu.com/pool/main/t/tk8.3/tk8.3_8.3.5-6ubuntu3.1_lpia.deb Size/MD5: 809050 11fc7f117ba6f757a9cc3d4dabde6a61 http://ports.ubuntu.com/pool/main/t/tk8.4/tk8.4-dev_8.4.15-1ubuntu1.1_lpia.deb Size/MD5: 832466 5aadc7ef038e680eeb50ff329578c7e7 http://ports.ubuntu.com/pool/main/t/tk8.4/tk8.4_8.4.15-1ubuntu1.1_lpia.deb Size/MD5: 1002542 93e6840019c82592f4acdce31e7d8832 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3-dev_8.3.5-6ubuntu3.1_powerpc.deb Size/MD5: 671038 7a7cc41b5cafa1a63d0e7c0c97a2e3e1 http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5-6ubuntu3.1_powerpc.deb Size/MD5: 844566 0fb95d839a8b8ed6244818c6217738fb http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4-dev_8.4.15-1ubuntu1.1_powerpc.deb Size/MD5: 841154 8405745783c484b3391101a6d238f2c4 http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.15-1ubuntu1.1_powerpc.deb Size/MD5: 1042582 27069ff173a63b8c6e5b7755666ca238 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3-dev_8.3.5-6ubuntu3.1_sparc.deb Size/MD5: 686192 4b6bbb17d26c6f730457f847b6b086ca http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5-6ubuntu3.1_sparc.deb Size/MD5: 814140 c662b08e362151a5b6168383c2558e6f http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4-dev_8.4.15-1ubuntu1.1_sparc.deb Size/MD5: 850358 6ef19660783562ad79980d834d22af7e http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.15-1ubuntu1.1_sparc.deb Size/MD5: 1009164 9cf16927296e3566146cab438e5bcf0c Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.16-2ubuntu1.1.diff.gz Size/MD5: 11255 fddfeb381414ae5ad3f1b666f0a3bbb3 http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.16-2ubuntu1.1.dsc Size/MD5: 1343 2239977514a8b8b5a55a152264f8567b http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.16.orig.tar.gz Size/MD5: 3344618 24d18fbebe3bb8853e418431be01bf2c Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4-doc_8.4.16-2ubuntu1.1_all.deb Size/MD5: 810520 ef5e83ada9997a86ea6c81d53dcc069a amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4-dev_8.4.16-2ubuntu1.1_amd64.deb Size/MD5: 875806 d01319038e80337d979c4f0c1a425cb8 http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.16-2ubuntu1.1_amd64.deb Size/MD5: 1041820 2c9caebfc0d4d920b34502f056aa928a i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4-dev_8.4.16-2ubuntu1.1_i386.deb Size/MD5: 843216 d6efa05e7cb077b59c8e4b37dadedde9 http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.16-2ubuntu1.1_i386.deb Size/MD5: 1001132 c7d3727a22902bc4573fd7f685e1f381 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/t/tk8.4/tk8.4-dev_8.4.16-2ubuntu1.1_lpia.deb Size/MD5: 836000 f91f94686955b0b76362206336a96929 http://ports.ubuntu.com/pool/main/t/tk8.4/tk8.4_8.4.16-2ubuntu1.1_lpia.deb Size/MD5: 999502 fdd407d2c354c3b61baffb84550af475 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/t/tk8.4/tk8.4-dev_8.4.16-2ubuntu1.1_powerpc.deb Size/MD5: 852414 119d5a95f72b3e21d7a49b5411be4cfa http://ports.ubuntu.com/pool/main/t/tk8.4/tk8.4_8.4.16-2ubuntu1.1_powerpc.deb Size/MD5: 1043522 d7c78251011f26489c28eb54bfabb699 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/t/tk8.4/tk8.4-dev_8.4.16-2ubuntu1.1_sparc.deb Size/MD5: 841910 d7123dbc22b32711a226e49c95db23dc http://ports.ubuntu.com/pool/main/t/tk8.4/tk8.4_8.4.16-2ubuntu1.1_sparc.deb Size/MD5: 1001600 fe343da05ac4e8e03e81ceb805e04dc2
Attachment:
signature.asc
Description: This is a digitally signed message part