MDKSA-2007:200

Nom du paquet

tk

Date

2007-10-18

Advisory ID

MDKSA-2007:200

Affected versions

CS4.0 x86_64 , 2007.0 x86_64 , 2007.1 i586 , 2007.0 i586 , CS4.0 i586 , 2008.0 x86_64 , CS3.0 i586 , 2008.0 i586 , 2007.1 x86_64

Problem description

A vulnerablity in Tk was found that could be used to overrun a buffer
when loading certain GIF images. If a user were tricked into opening
a specially crafted GIF file, it could lead to a denial of service
condition or possibly the execution of arbitrary code with the user's
privileges.

Updated packages have been patched to prevent this issue.

Updated packages

CS4.0 x86_64

 e0046f480e791d86126b47b1e60e070d  corporate/4.0/x86_64/expect-8.4.11-1.1.20060mlcs4.x86_64.rpm
 b3e645973c2aa36643fa991a36250c79  corporate/4.0/x86_64/itcl-8.4.11-1.1.20060mlcs4.x86_64.rpm
 735a36431c6154be8b02a39adc9b2116  corporate/4.0/x86_64/iwidgets-8.4.11-1.1.20060mlcs4.x86_64.rpm
 bd7b3b9a4da0ae6c8f44289ca8287a77  corporate/4.0/x86_64/lib64tcl8.4-8.4.11-1.1.20060mlcs4.x86_64.rpm
 79738e06527efc5988f42fa0dcb47c4b  corporate/4.0/x86_64/lib64tk8.4-8.4.11-1.1.20060mlcs4.x86_64.rpm
 43e3fa88ab61c2de84627d0fdc73ded0  corporate/4.0/x86_64/tcl-8.4.11-1.1.20060mlcs4.x86_64.rpm
 91f8eb2f70ceb0a18dfcea1cb5cba0b9  corporate/4.0/x86_64/tcllib-8.4.11-1.1.20060mlcs4.x86_64.rpm
 a229460593913f7057e23e0556a85b77  corporate/4.0/x86_64/tclx-8.4.11-1.1.20060mlcs4.x86_64.rpm
 c7247488fcd4de1f54a9427157b8fbeb  corporate/4.0/x86_64/tix-8.4.11-1.1.20060mlcs4.x86_64.rpm
 3b30e0802b236a1a60a55c67f9f36746  corporate/4.0/x86_64/tk-8.4.11-1.1.20060mlcs4.x86_64.rpm 
 01f4fd97200cab45c5e438bc2de16ef3  corporate/4.0/SRPMS/tcltk-8.4.11-1.1.20060mlcs4.src.rpm

2007.0 x86_64

 2df6cd7b62339579d5ae094cb8599b06  2007.0/x86_64/lib64tk8.4-8.4.13-1.1mdv2007.0.x86_64.rpm
 fab4f39016d8ee9222547cc720c5769e  2007.0/x86_64/lib64tk8.4-devel-8.4.13-1.1mdv2007.0.x86_64.rpm
 7b0c87404cffe6cb73fd731c312e9369  2007.0/x86_64/tk-8.4.13-1.1mdv2007.0.x86_64.rpm 
 db9748c866c5e06eff04bc21dd6bf459  2007.0/SRPMS/tk-8.4.13-1.1mdv2007.0.src.rpm

2007.1 i586

 e33895b367c8d1982f3269a5c73dc801  2007.1/i586/libtk8.4-8.4.14-1.1mdv2007.1.i586.rpm
 7dc650450f7d3d307411935bea210cf8  2007.1/i586/libtk8.4-devel-8.4.14-1.1mdv2007.1.i586.rpm
 7b97b6cf3fd8032fd3ee3ce4ad7c255f  2007.1/i586/tk-8.4.14-1.1mdv2007.1.i586.rpm 
 c4e8e865f6c1d3e36bb201e2ee2f9ab1  2007.1/SRPMS/tk-8.4.14-1.1mdv2007.1.src.rpm

2007.0 i586

 60f740fa8977a3d6ab49a40b750a3d1b  2007.0/i586/libtk8.4-8.4.13-1.1mdv2007.0.i586.rpm
 05990645a727a885dd8fe6608f5dc8b8  2007.0/i586/libtk8.4-devel-8.4.13-1.1mdv2007.0.i586.rpm
 6a5bcabc72b1395745a3d43c3b915465  2007.0/i586/tk-8.4.13-1.1mdv2007.0.i586.rpm 
 db9748c866c5e06eff04bc21dd6bf459  2007.0/SRPMS/tk-8.4.13-1.1mdv2007.0.src.rpm

CS4.0 i586

 d501589065ada8f8443f118b3e50a86b  corporate/4.0/i586/expect-8.4.11-1.1.20060mlcs4.i586.rpm
 3b3dd07ea762151dea7a858ffb40a950  corporate/4.0/i586/itcl-8.4.11-1.1.20060mlcs4.i586.rpm
 ce8a6ba003a58318d88d9cf85701d108  corporate/4.0/i586/iwidgets-8.4.11-1.1.20060mlcs4.i586.rpm
 fc38d955a50378b5e60a13e56fb72d92  corporate/4.0/i586/libtcl8.4-8.4.11-1.1.20060mlcs4.i586.rpm
 5f811fc02c05775092056dcbcce5cdfa  corporate/4.0/i586/libtk8.4-8.4.11-1.1.20060mlcs4.i586.rpm
 d556c96e07f5874434cb6de855ad3397  corporate/4.0/i586/tcl-8.4.11-1.1.20060mlcs4.i586.rpm
 ec615811cd2d9a30d70e19efcbc3e5d1  corporate/4.0/i586/tcllib-8.4.11-1.1.20060mlcs4.i586.rpm
 5fa89f9eedf7bf7c9bfa6b4532c3f745  corporate/4.0/i586/tclx-8.4.11-1.1.20060mlcs4.i586.rpm
 50c4cf284aae086ee97c5c88264e380b  corporate/4.0/i586/tix-8.4.11-1.1.20060mlcs4.i586.rpm
 9c10c63d3114b15276006bc13ac22135  corporate/4.0/i586/tk-8.4.11-1.1.20060mlcs4.i586.rpm 
 01f4fd97200cab45c5e438bc2de16ef3  corporate/4.0/SRPMS/tcltk-8.4.11-1.1.20060mlcs4.src.rpm

2008.0 x86_64

 02c6ef1b37706392f4fabf98a570c50f  2008.0/x86_64/lib64tk-devel-8.5a6-8.1mdv2008.0.x86_64.rpm
 f47bbdadd81cc964898046fde9e3d9f4  2008.0/x86_64/lib64tk8.5-8.5a6-8.1mdv2008.0.x86_64.rpm
 d247ad4d59c410442db053159220e16b  2008.0/x86_64/tk-8.5a6-8.1mdv2008.0.x86_64.rpm 
 988dbc066b5e5ced3b97edcefd171a8a  2008.0/SRPMS/tk-8.5a6-8.1mdv2008.0.src.rpm

CS3.0 i586

 66a845d440a9e2349213fae27271c780  corporate/3.0/i586/expect-8.4.5-3.1.C30mdk.i586.rpm
 27bedea45e60fc2da882019c8b31d3a7  corporate/3.0/i586/itcl-8.4.5-3.1.C30mdk.i586.rpm
 de54d041b4c3e2543cc3da2f0c657a81  corporate/3.0/i586/tcl-8.4.5-3.1.C30mdk.i586.rpm
 36be5f9bac328bf45baeac3cdbdd47ff  corporate/3.0/i586/tcllib-8.4.5-3.1.C30mdk.i586.rpm
 406b9d9ddaaf92b60c7baf154ffcf410  corporate/3.0/i586/tclx-8.4.5-3.1.C30mdk.i586.rpm
 477a109cb62b37fd8bf41ca1df368aa1  corporate/3.0/i586/tix-8.4.5-3.1.C30mdk.i586.rpm
 d893211a561731ad81935ac16210fd73  corporate/3.0/i586/tk-8.4.5-3.1.C30mdk.i586.rpm 
 b60191000be9b0abd1c8c9a199aff8c4  corporate/3.0/SRPMS/tcltk-8.4.5-3.1.C30mdk.src.rpm

2008.0 i586

 46626982fee7008f9c33437c36de3ce3  2008.0/i586/libtk-devel-8.5a6-8.1mdv2008.0.i586.rpm
 f9ee0b9ae377c06319de116ef3b5cd34  2008.0/i586/libtk8.5-8.5a6-8.1mdv2008.0.i586.rpm
 c52bd1e8b18c214715e5a83a05d5ce77  2008.0/i586/tk-8.5a6-8.1mdv2008.0.i586.rpm 
 988dbc066b5e5ced3b97edcefd171a8a  2008.0/SRPMS/tk-8.5a6-8.1mdv2008.0.src.rpm

2007.1 x86_64

 11e5c61b9e2703782c8ce440270a3eaf  2007.1/x86_64/lib64tk8.4-8.4.14-1.1mdv2007.1.x86_64.rpm
 27430c69edd74459d4b8be1edb2f4613  2007.1/x86_64/lib64tk8.4-devel-8.4.14-1.1mdv2007.1.x86_64.rpm
 118d089330e5a08125f5a2b15a7c2f8a  2007.1/x86_64/tk-8.4.14-1.1mdv2007.1.x86_64.rpm 
 c4e8e865f6c1d3e36bb201e2ee2f9ab1  2007.1/SRPMS/tk-8.4.14-1.1mdv2007.1.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5137
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5378