Fedora: FEDORA-2007-2564 Critical: Tcl/Tk Buffer Overflow Execution

When paired with the Tcl scripting language, Tk provides a fast and powerful

way to create cross-platform GUI applications.

Buffer overflow in the ReadImage function in generic/tkImgGIF.c in Tcl (Tcl/Tk) before 8.4.16 allows remote attackers to execute arbitrary code via multi-frame interlaced GIF files in which later frames are smaller than the first.

* Mon Oct 15 2007 Marcela Maslanova - 1:8.4.13-6

- CVE-2007-5137 gif buffer overflow

[ 1 ] CVE-2007-5137

2f9dbe2132bf4fc78f8421e5ef6b9066d908c961 tk-8.4.13-6.fc7.ppc64.rpm

dfd62ad97a40e452f90f1d303332decbd274524d tk-debuginfo-8.4.13-6.fc7.ppc64.rpm

caf8b249afc9309cde1cc24b4946652045487912 tk-devel-8.4.13-6.fc7.ppc64.rpm

283a46b8af5b941e56f190b2f480d5447c86e84b tk-8.4.13-6.fc7.i386.rpm

55c6896d1c31cd6c6e053275e6ebe218e02b17fa tk-debuginfo-8.4.13-6.fc7.i386.rpm

9ae4f4e6258199851a8ad0b57feb448952f48956 tk-devel-8.4.13-6.fc7.i386.rpm

37d7a2427add562debe4db70c17c26d9d25556c7 tk-debuginfo-8.4.13-6.fc7.x86_64.rpm

15470e5810da218ab82bcc5b4cf609609b5c2d07 tk-8.4.13-6.fc7.x86_64.rpm

b119aeb80fbdc14e5bcedbcfbc7a265da6a3ac96 tk-devel-8.4.13-6.fc7.x86_64.rpm

d15bf067c74b67c516a8d3d482f00ba767de1a04 tk-8.4.13-6.fc7.ppc.rpm

e117e10b20001966a93fd96eba81a6541d7cd701 tk-debuginfo-8.4.13-6.fc7.ppc.rpm

2855c76d43b4dcbc5e84bfcef6632ba16fb584cd tk-devel-8.4.13-6.fc7.ppc.rpm

7781a6f38cca6f9c65027d00e85fd92cb4ad0935 tk-8.4.13-6.fc7.src.rpm

This update can be installed with the "yum" update program. Use

su -c 'yum update tk'

at the command line. For more information, refer to "Managing Software

with yum", available at .

Fedora-package-announce mailing list

Fedora-package-announce@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/