Debian: New libtk-img packages fix arbitrary code execution

    Date19 Jun 2008
    CategoryDebian
    4572
    Posted ByLinuxSecurity Advisories
    It was discovered that a buffer overflow in the GIF image parsing code of Tk, a cross-platform graphical toolkit, could lead to denial of service and potentially the execution of arbitrary code.
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1598-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                          Thijs Kinkhorst
    June 19, 2008                         http://www.debian.org/security/faq
    - ------------------------------------------------------------------------
    
    Package        : libtk-img
    Vulnerability  : buffer overflow
    Problem type   : local (remote)
    Debian-specific: no
    CVE Id(s)      : CVE-2008-0553
    
    It was discovered that a buffer overflow in the GIF image parsing code
    of Tk, a cross-platform graphical toolkit, could lead to denial of
    service and potentially the execution of arbitrary code.
    
    For the stable distribution (etch), this problem has been fixed in version
    1:1.3-15etch2.
    
    For the unstable distribution (sid), this problem has been fixed in
    version 1:1.3-release-7.
    
    We recommend that you upgrade your libtk-img package.
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 4.0 alias etch
    - -------------------------------
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-15etch2.dsc
        Size/MD5 checksum:      955 899003c10c63f4045b6df8ef32d3fafe
      http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3.orig.tar.gz
        Size/MD5 checksum:  3918119 ee19a7fdaaa64e9d85eeecd3b78bce8f
      http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-15etch2.diff.gz
        Size/MD5 checksum:   242795 deb7118d93d3657201e4892c0e62e1d2
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-15etch2_amd64.deb
        Size/MD5 checksum:   461706 7394a577a99522bdabcf6016dcc05de7
    
    arm architecture (ARM)
    
      http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-15etch2_arm.deb
        Size/MD5 checksum:   435110 96a6c430a51de8914023256029ebac06
    
    hppa architecture (HP PA RISC)
    
      http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-15etch2_hppa.deb
        Size/MD5 checksum:   488468 78173de530e68252090369658db6dab7
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-15etch2_i386.deb
        Size/MD5 checksum:   431784 902eaac4fba63bccf7be864ff1242aa0
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-15etch2_ia64.deb
        Size/MD5 checksum:   601570 4c004fd7d945b8f3e4591b5bf27ce0a8
    
    mips architecture (MIPS (Big Endian))
    
      http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-15etch2_mips.deb
        Size/MD5 checksum:   445292 33639ca7ed46125b98e503c2b82e34e8
    
    mipsel architecture (MIPS (Little Endian))
    
      http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-15etch2_mipsel.deb
        Size/MD5 checksum:   440938 20d279c06711eb509f42d48ac697ba9f
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-15etch2_powerpc.deb
        Size/MD5 checksum:   452162 8e87166cc45ccbf4c0a38ee36993f472
    
    s390 architecture (IBM S/390)
    
      http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-15etch2_s390.deb
        Size/MD5 checksum:   457402 2857259815207722d226c8fd90e78923
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-15etch2_sparc.deb
        Size/MD5 checksum:   421954 686340dad232ce09f661569e37387b4d
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"65","type":"x","order":"1","pct":57.52,"resources":[]},{"id":"88","title":"Should be more technical","votes":"15","type":"x","order":"2","pct":13.27,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"33","type":"x","order":"3","pct":29.2,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.