Ubuntu: Tk vulnerability

    Date11 Oct 2007
    CategoryUbuntu
    3832
    Posted ByLinuxSecurity Advisories
    It was discovered that Tk could be made to overrun a buffer when loading certain images. If a user were tricked into opening a specially crafted GIF image, remote attackers could cause a denial of service or execute arbitrary code with user privileges.
    =========================================================== 
    Ubuntu Security Notice USN-529-1           October 11, 2007
    tk8.3, tk8.4 vulnerability
    CVE-2007-5137
    ===========================================================
    
    A security issue affects the following Ubuntu releases:
    
    Ubuntu 6.06 LTS
    Ubuntu 6.10
    Ubuntu 7.04
    
    This advisory also applies to the corresponding versions of
    Kubuntu, Edubuntu, and Xubuntu.
    
    The problem can be corrected by upgrading your system to the
    following package versions:
    
    Ubuntu 6.06 LTS:
      tk8.3                           8.3.5-4ubuntu1.1
      tk8.4                           8.4.12-0ubuntu1.1
    
    Ubuntu 6.10:
      tk8.3                           8.3.5-6ubuntu1.1
      tk8.4                           8.4.12-1ubuntu0.1
    
    Ubuntu 7.04:
      tk8.3                           8.3.5-6ubuntu2.1
      tk8.4                           8.4.14-0ubuntu2.1
    
    In general, a standard system upgrade is sufficient to affect the
    necessary changes.
    
    Details follow:
    
    It was discovered that Tk could be made to overrun a buffer when loading
    certain images. If a user were tricked into opening a specially crafted
    GIF image, remote attackers could cause a denial of service or execute
    arbitrary code with user privileges.
    
    
    Updated packages for Ubuntu 6.06 LTS:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5-4ubuntu1.1.diff.gz
          Size/MD5:    27182 18c232cfe73ac5ae715070dfebaf48dd
        http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5-4ubuntu1.1.dsc
          Size/MD5:      625 2bf4b0d96dc731beff2a178bdb2540e6
        http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5.orig.tar.gz
          Size/MD5:  2598030 363a55d31d94e05159e9212074c68004
        http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.12-0ubuntu1.1.diff.gz
          Size/MD5:    20932 a2f008e9541d7be33d7db50523c37b00
        http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.12-0ubuntu1.1.dsc
          Size/MD5:      681 504b049b89ce1246f115e799ea66b237
        http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.12.orig.tar.gz
          Size/MD5:  3245547 316491cb82d898b434842353aed1f0d6
    
      Architecture independent packages:
    
        http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4-doc_8.4.12-0ubuntu1.1_all.deb
          Size/MD5:   788236 f7dd9433611523eb5d7fef0632dfe3b8
        http://security.ubuntu.com/ubuntu/pool/universe/t/tk8.3/tk8.3-doc_8.3.5-4ubuntu1.1_all.deb
          Size/MD5:   656814 dc65f7aad63f5c1b95d750d0b3b1a4ff
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3-dev_8.3.5-4ubuntu1.1_amd64.deb
          Size/MD5:   697378 ad59718575154976eac75cabdf586a1b
        http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5-4ubuntu1.1_amd64.deb
          Size/MD5:  2919466 fd69617e3af1eaf6ab4f1924023e7397
        http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4-dev_8.4.12-0ubuntu1.1_amd64.deb
          Size/MD5:   846730 43d571a2718de9eafe47d27277d560fb
        http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.12-0ubuntu1.1_amd64.deb
          Size/MD5:  1012152 835d3e558b69e82bac79cf49b3d00455
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3-dev_8.3.5-4ubuntu1.1_i386.deb
          Size/MD5:   647936 e0d48ac4951015b6936ce8d2d621a652
        http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5-4ubuntu1.1_i386.deb
          Size/MD5:  2732352 17a138d2f5749d76e97a8d7683c06da7
        http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4-dev_8.4.12-0ubuntu1.1_i386.deb
          Size/MD5:   792968 e724cd0fc9bbeac75658a14f8b27e4d5
        http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.12-0ubuntu1.1_i386.deb
          Size/MD5:   956558 41be9d0901d3a1ac67c7c23fd5e89720
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3-dev_8.3.5-4ubuntu1.1_powerpc.deb
          Size/MD5:   659876 b5848bcaac427affab78776a35721fdc
        http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5-4ubuntu1.1_powerpc.deb
          Size/MD5:  2931772 23c381d16d06bd5e31732abcc5aab20c
        http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4-dev_8.4.12-0ubuntu1.1_powerpc.deb
          Size/MD5:   806632 86aceab2be696d6b5d561ef9c82dcdf3
        http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.12-0ubuntu1.1_powerpc.deb
          Size/MD5:   999446 d37165f8011c609240d107351dce4764
    
      sparc architecture (Sun SPARC/UltraSPARC):
    
        http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3-dev_8.3.5-4ubuntu1.1_sparc.deb
          Size/MD5:   680008 3c9c3ee96a4fee367ccfd65f3576854d
        http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5-4ubuntu1.1_sparc.deb
          Size/MD5:  2792092 080fdef4dd1b659d98467ae86d624c0c
        http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4-dev_8.4.12-0ubuntu1.1_sparc.deb
          Size/MD5:   826668 8977e2bb1dde135274dbd06b20694703
        http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.12-0ubuntu1.1_sparc.deb
          Size/MD5:   978958 5d7837807bb85880ee33ec869adeae1f
    
    Updated packages for Ubuntu 6.10:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5-6ubuntu1.1.diff.gz
          Size/MD5:    27419 dc87abe90a6ebec0b47010f660032003
        http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5-6ubuntu1.1.dsc
          Size/MD5:      680 1fc9de2bde00e1dd3cc1306dc6d6da04
        http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5.orig.tar.gz
          Size/MD5:  2598030 363a55d31d94e05159e9212074c68004
        http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.12-1ubuntu0.1.diff.gz
          Size/MD5:    21250 f96722290a7b084194de6161d79b0062
        http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.12-1ubuntu0.1.dsc
          Size/MD5:      681 fb2d2c2c4466afc6177638527d8e8872
        http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.12.orig.tar.gz
          Size/MD5:  3245547 316491cb82d898b434842353aed1f0d6
    
      Architecture independent packages:
    
        http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3-doc_8.3.5-6ubuntu1.1_all.deb
          Size/MD5:   656986 115134300fb7482b6a3f4779a9c4e765
        http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4-doc_8.4.12-1ubuntu0.1_all.deb
          Size/MD5:   788208 e2797c7c1afaea47e0ee06c70d568038
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3-dev_8.3.5-6ubuntu1.1_amd64.deb
          Size/MD5:   695078 d8bada6d71621e11e18899977c3edade
        http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5-6ubuntu1.1_amd64.deb
          Size/MD5:   831894 a6f35a385fa86e79db973e954938e0bb
        http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4-dev_8.4.12-1ubuntu0.1_amd64.deb
          Size/MD5:   843436 b9319791bd8b053418150ed07df23997
        http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.12-1ubuntu0.1_amd64.deb
          Size/MD5:  1009248 f66fa778d4a03f9d13a173015ed9224a
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3-dev_8.3.5-6ubuntu1.1_i386.deb
          Size/MD5:   671922 8b8d565f9757d34c2af451db2fa9bd63
        http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5-6ubuntu1.1_i386.deb
          Size/MD5:   804212 3f48315bc7ea7706803e940b37b25f23
        http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4-dev_8.4.12-1ubuntu0.1_i386.deb
          Size/MD5:   819580 d0c0643117eca62c153880c85bf92b03
        http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.12-1ubuntu0.1_i386.deb
          Size/MD5:   977614 f96da8c646399b6ad7e71029bb65d3b1
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3-dev_8.3.5-6ubuntu1.1_powerpc.deb
          Size/MD5:   663954 5c3f936a08ba71ec95c52d50b611fb5d
        http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5-6ubuntu1.1_powerpc.deb
          Size/MD5:   827066 cfb03dab444cb9d69e5c8344a0c8a160
        http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4-dev_8.4.12-1ubuntu0.1_powerpc.deb
          Size/MD5:   812316 245adbc51f62891540116c432c3ebcd4
        http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.12-1ubuntu0.1_powerpc.deb
          Size/MD5:  1001796 30e31e66f5d46e40dd16db0b618d5228
    
      sparc architecture (Sun SPARC/UltraSPARC):
    
        http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3-dev_8.3.5-6ubuntu1.1_sparc.deb
          Size/MD5:   686014 cb564e3dcaf07812d49c89d421b7f518
        http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5-6ubuntu1.1_sparc.deb
          Size/MD5:   809634 db243a2c6a304147739826ddd6ee07a0
        http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4-dev_8.4.12-1ubuntu0.1_sparc.deb
          Size/MD5:   830600 f81e2e0935c3a745bffbe1e259e4383b
        http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.12-1ubuntu0.1_sparc.deb
          Size/MD5:   982466 fa93b720c74dd7fdb5b760dd8eee2259
    
    Updated packages for Ubuntu 7.04:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5-6ubuntu2.1.diff.gz
          Size/MD5:    27536 2e1f8e3542db1221dadb528cb763515a
        http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5-6ubuntu2.1.dsc
          Size/MD5:      764 ccf27eb659386f992065562a7f4ccdcd
        http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5.orig.tar.gz
          Size/MD5:  2598030 363a55d31d94e05159e9212074c68004
        http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.14-0ubuntu2.1.diff.gz
          Size/MD5:    20404 979db86bd23cd5d1ba11ae13393cbbf6
        http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.14-0ubuntu2.1.dsc
          Size/MD5:      766 a007758d76c0de1ce27cfb9d190f0562
        http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.14.orig.tar.gz
          Size/MD5:  3268223 d12f591f5689f95c82bfb9c1015407bb
    
      Architecture independent packages:
    
        http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3-doc_8.3.5-6ubuntu2.1_all.deb
          Size/MD5:   657038 41dcdb86d81385d0217b2ed01a9dadc5
        http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4-doc_8.4.14-0ubuntu2.1_all.deb
          Size/MD5:   798298 a19b4b74e3ff8b307ba1312b01eb0846
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3-dev_8.3.5-6ubuntu2.1_amd64.deb
          Size/MD5:   695462 ef341b05ceb4442d2fa787c4601442ad
        http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5-6ubuntu2.1_amd64.deb
          Size/MD5:   837440 e3f7627d608272b2968fed3097e56189
        http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4-dev_8.4.14-0ubuntu2.1_amd64.deb
          Size/MD5:   854790 cf06de203ba9f7e23533c3e988e6a092
        http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.14-0ubuntu2.1_amd64.deb
          Size/MD5:  1027922 e3965e81c3e0554c72ea50099ef1ae95
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3-dev_8.3.5-6ubuntu2.1_i386.deb
          Size/MD5:   671976 70a9f33b2419628923eeade00a91d6d7
        http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5-6ubuntu2.1_i386.deb
          Size/MD5:   809356 257d6422e86aea93933f498dcea48235
        http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4-dev_8.4.14-0ubuntu2.1_i386.deb
          Size/MD5:   830752 4e7e99a5071c0d3722282d93034105b9
        http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.14-0ubuntu2.1_i386.deb
          Size/MD5:   996014 46222052be37d2cb282a5e0a02209817
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3-dev_8.3.5-6ubuntu2.1_powerpc.deb
          Size/MD5:   670688 21f2a7b3665b6361b2444f7f98bc158d
        http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5-6ubuntu2.1_powerpc.deb
          Size/MD5:   831940 819e6426c03f52442b7f8c05f8bdc61f
        http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4-dev_8.4.14-0ubuntu2.1_powerpc.deb
          Size/MD5:   832062 a6343805717f88b2fbfb9bffefdd355a
        http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.14-0ubuntu2.1_powerpc.deb
          Size/MD5:  1034612 4f9be15a98a8db40f250f915a2f5658c
    
      sparc architecture (Sun SPARC/UltraSPARC):
    
        http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3-dev_8.3.5-6ubuntu2.1_sparc.deb
          Size/MD5:   685690 55ae6b1c858fc6b126f17dc9655f3b11
        http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5-6ubuntu2.1_sparc.deb
          Size/MD5:   813948 4f292972586dd313133a3e86a4cd60b3
        http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4-dev_8.4.14-0ubuntu2.1_sparc.deb
          Size/MD5:   841456 16158430f66eefabdfa7c5254add6b2a
        http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.14-0ubuntu2.1_sparc.deb
          Size/MD5:  1000590 f4123ed9ce40b12953aac59fda5013d9
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"23","type":"x","order":"1","pct":53.49,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":11.63,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"15","type":"x","order":"3","pct":34.88,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.