Login
Newsletter
Werbung
Sicherheit: Zwei Probleme in tk
Aktuelle Meldungen Distributionen
Name: Zwei Probleme in tk
ID: MDKSA-2007:200
Distribution: Mandriva
Plattformen: Mandriva Corporate 3.0, Mandriva Corporate 4.0, Mandriva 2007.0, Mandriva 2007.1, Mandriva 2008.0
Datum: Fr, 19. Oktober 2007, 03:50
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5137
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5378
Applikationen: Tcl/Tk

Originalnachricht

 
This is a multi-part message in MIME format...

------------=_1192758620-4794-1284


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2007:200
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : tk
 Date    : October 18, 2007
 Affected: 2007.0, 2007.1, 2008.0, Corporate 3.0, Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 A vulnerablity in Tk was found that could be used to overrun a buffer
 when loading certain GIF images.  If a user were tricked into opening
 a specially crafted GIF file, it could lead to a denial of service
 condition or possibly the execution of arbitrary code with the user's
 privileges.
 
 Updated packages have been patched to prevent this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5137
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5378
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 60f740fa8977a3d6ab49a40b750a3d1b 
 2007.0/i586/libtk8.4-8.4.13-1.1mdv2007.0.i586.rpm
 05990645a727a885dd8fe6608f5dc8b8 
 2007.0/i586/libtk8.4-devel-8.4.13-1.1mdv2007.0.i586.rpm
 6a5bcabc72b1395745a3d43c3b915465  2007.0/i586/tk-8.4.13-1.1mdv2007.0.i586.rpm 
 db9748c866c5e06eff04bc21dd6bf459  2007.0/SRPMS/tk-8.4.13-1.1mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 2df6cd7b62339579d5ae094cb8599b06 
 2007.0/x86_64/lib64tk8.4-8.4.13-1.1mdv2007.0.x86_64.rpm
 fab4f39016d8ee9222547cc720c5769e 
 2007.0/x86_64/lib64tk8.4-devel-8.4.13-1.1mdv2007.0.x86_64.rpm
 7b0c87404cffe6cb73fd731c312e9369 
 2007.0/x86_64/tk-8.4.13-1.1mdv2007.0.x86_64.rpm 
 db9748c866c5e06eff04bc21dd6bf459  2007.0/SRPMS/tk-8.4.13-1.1mdv2007.0.src.rpm

 Mandriva Linux 2007.1:
 e33895b367c8d1982f3269a5c73dc801 
 2007.1/i586/libtk8.4-8.4.14-1.1mdv2007.1.i586.rpm
 7dc650450f7d3d307411935bea210cf8 
 2007.1/i586/libtk8.4-devel-8.4.14-1.1mdv2007.1.i586.rpm
 7b97b6cf3fd8032fd3ee3ce4ad7c255f  2007.1/i586/tk-8.4.14-1.1mdv2007.1.i586.rpm 
 c4e8e865f6c1d3e36bb201e2ee2f9ab1  2007.1/SRPMS/tk-8.4.14-1.1mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 11e5c61b9e2703782c8ce440270a3eaf 
 2007.1/x86_64/lib64tk8.4-8.4.14-1.1mdv2007.1.x86_64.rpm
 27430c69edd74459d4b8be1edb2f4613 
 2007.1/x86_64/lib64tk8.4-devel-8.4.14-1.1mdv2007.1.x86_64.rpm
 118d089330e5a08125f5a2b15a7c2f8a 
 2007.1/x86_64/tk-8.4.14-1.1mdv2007.1.x86_64.rpm 
 c4e8e865f6c1d3e36bb201e2ee2f9ab1  2007.1/SRPMS/tk-8.4.14-1.1mdv2007.1.src.rpm

 Mandriva Linux 2008.0:
 46626982fee7008f9c33437c36de3ce3 
 2008.0/i586/libtk-devel-8.5a6-8.1mdv2008.0.i586.rpm
 f9ee0b9ae377c06319de116ef3b5cd34 
 2008.0/i586/libtk8.5-8.5a6-8.1mdv2008.0.i586.rpm
 c52bd1e8b18c214715e5a83a05d5ce77  2008.0/i586/tk-8.5a6-8.1mdv2008.0.i586.rpm 
 988dbc066b5e5ced3b97edcefd171a8a  2008.0/SRPMS/tk-8.5a6-8.1mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 02c6ef1b37706392f4fabf98a570c50f 
 2008.0/x86_64/lib64tk-devel-8.5a6-8.1mdv2008.0.x86_64.rpm
 f47bbdadd81cc964898046fde9e3d9f4 
 2008.0/x86_64/lib64tk8.5-8.5a6-8.1mdv2008.0.x86_64.rpm
 d247ad4d59c410442db053159220e16b 
 2008.0/x86_64/tk-8.5a6-8.1mdv2008.0.x86_64.rpm 
 988dbc066b5e5ced3b97edcefd171a8a  2008.0/SRPMS/tk-8.5a6-8.1mdv2008.0.src.rpm

 Corporate 3.0:
 66a845d440a9e2349213fae27271c780 
 corporate/3.0/i586/expect-8.4.5-3.1.C30mdk.i586.rpm
 27bedea45e60fc2da882019c8b31d3a7 
 corporate/3.0/i586/itcl-8.4.5-3.1.C30mdk.i586.rpm
 de54d041b4c3e2543cc3da2f0c657a81 
 corporate/3.0/i586/tcl-8.4.5-3.1.C30mdk.i586.rpm
 36be5f9bac328bf45baeac3cdbdd47ff 
 corporate/3.0/i586/tcllib-8.4.5-3.1.C30mdk.i586.rpm
 406b9d9ddaaf92b60c7baf154ffcf410 
 corporate/3.0/i586/tclx-8.4.5-3.1.C30mdk.i586.rpm
 477a109cb62b37fd8bf41ca1df368aa1 
 corporate/3.0/i586/tix-8.4.5-3.1.C30mdk.i586.rpm
 d893211a561731ad81935ac16210fd73 
 corporate/3.0/i586/tk-8.4.5-3.1.C30mdk.i586.rpm 
 b60191000be9b0abd1c8c9a199aff8c4 
 corporate/3.0/SRPMS/tcltk-8.4.5-3.1.C30mdk.src.rpm

 Corporate 4.0:
 d501589065ada8f8443f118b3e50a86b 
 corporate/4.0/i586/expect-8.4.11-1.1.20060mlcs4.i586.rpm
 3b3dd07ea762151dea7a858ffb40a950 
 corporate/4.0/i586/itcl-8.4.11-1.1.20060mlcs4.i586.rpm
 ce8a6ba003a58318d88d9cf85701d108 
 corporate/4.0/i586/iwidgets-8.4.11-1.1.20060mlcs4.i586.rpm
 fc38d955a50378b5e60a13e56fb72d92 
 corporate/4.0/i586/libtcl8.4-8.4.11-1.1.20060mlcs4.i586.rpm
 5f811fc02c05775092056dcbcce5cdfa 
 corporate/4.0/i586/libtk8.4-8.4.11-1.1.20060mlcs4.i586.rpm
 d556c96e07f5874434cb6de855ad3397 
 corporate/4.0/i586/tcl-8.4.11-1.1.20060mlcs4.i586.rpm
 ec615811cd2d9a30d70e19efcbc3e5d1 
 corporate/4.0/i586/tcllib-8.4.11-1.1.20060mlcs4.i586.rpm
 5fa89f9eedf7bf7c9bfa6b4532c3f745 
 corporate/4.0/i586/tclx-8.4.11-1.1.20060mlcs4.i586.rpm
 50c4cf284aae086ee97c5c88264e380b 
 corporate/4.0/i586/tix-8.4.11-1.1.20060mlcs4.i586.rpm
 9c10c63d3114b15276006bc13ac22135 
 corporate/4.0/i586/tk-8.4.11-1.1.20060mlcs4.i586.rpm 
 01f4fd97200cab45c5e438bc2de16ef3 
 corporate/4.0/SRPMS/tcltk-8.4.11-1.1.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 e0046f480e791d86126b47b1e60e070d 
 corporate/4.0/x86_64/expect-8.4.11-1.1.20060mlcs4.x86_64.rpm
 b3e645973c2aa36643fa991a36250c79 
 corporate/4.0/x86_64/itcl-8.4.11-1.1.20060mlcs4.x86_64.rpm
 735a36431c6154be8b02a39adc9b2116 
 corporate/4.0/x86_64/iwidgets-8.4.11-1.1.20060mlcs4.x86_64.rpm
 bd7b3b9a4da0ae6c8f44289ca8287a77 
 corporate/4.0/x86_64/lib64tcl8.4-8.4.11-1.1.20060mlcs4.x86_64.rpm
 79738e06527efc5988f42fa0dcb47c4b 
 corporate/4.0/x86_64/lib64tk8.4-8.4.11-1.1.20060mlcs4.x86_64.rpm
 43e3fa88ab61c2de84627d0fdc73ded0 
 corporate/4.0/x86_64/tcl-8.4.11-1.1.20060mlcs4.x86_64.rpm
 91f8eb2f70ceb0a18dfcea1cb5cba0b9 
 corporate/4.0/x86_64/tcllib-8.4.11-1.1.20060mlcs4.x86_64.rpm
 a229460593913f7057e23e0556a85b77 
 corporate/4.0/x86_64/tclx-8.4.11-1.1.20060mlcs4.x86_64.rpm
 c7247488fcd4de1f54a9427157b8fbeb 
 corporate/4.0/x86_64/tix-8.4.11-1.1.20060mlcs4.x86_64.rpm
 3b30e0802b236a1a60a55c67f9f36746 
 corporate/4.0/x86_64/tk-8.4.11-1.1.20060mlcs4.x86_64.rpm 
 01f4fd97200cab45c5e438bc2de16ef3 
 corporate/4.0/SRPMS/tcltk-8.4.11-1.1.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFHF6xFmqjQ0CJFipgRAu8bAJ9GtA0FLzMG/dUWCy5dfWWQIfySBwCgy8cj
rAKbfS9luXheK00ZdJGpFNE=
=Dzys
-----END PGP SIGNATURE-----


------------=_1192758620-4794-1284
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva? 
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1192758620-4794-1284--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung