Login
Newsletter
Werbung
Sicherheit: Pufferüberlauf in tk
Aktuelle Meldungen Distributionen
Name: Pufferüberlauf in tk
ID: MDVSA-2008:041
Distribution: Mandriva
Plattformen: Mandriva Corporate 3.0, Mandriva Corporate 4.0, Mandriva 2007.0, Mandriva 2007.1, Mandriva 2008.0
Datum: Fr, 8. Februar 2008, 03:56
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0553
Applikationen: Tcl/Tk

Originalnachricht

 
This is a multi-part message in MIME format...

------------=_1202439398-4794-9833


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDVSA-2008:041
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : tk
 Date    : February 7, 2008
 Affected: 2007.0, 2007.1, 2008.0, Corporate 3.0, Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 The ReadImage() function in Tk did not check codeSize read from GIF
 images prior to initializing the append array, which could lead to
 a buffer overflow with unknown impact.
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0553
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 313a17f5bd97cfa3585e4c081980a277 
 2007.0/i586/libtk8.4-8.4.13-1.2mdv2007.0.i586.rpm
 0f3e50eb6d0ad4171466a77563647f06 
 2007.0/i586/libtk8.4-devel-8.4.13-1.2mdv2007.0.i586.rpm
 4343ad52dcaaa9c2b3a721203c55e55a  2007.0/i586/tk-8.4.13-1.2mdv2007.0.i586.rpm 
 00af2123b29298539e37a1b24d832774  2007.0/SRPMS/tk-8.4.13-1.2mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 9c7d84dbf13a2595d97ddd4f2909d739 
 2007.0/x86_64/lib64tk8.4-8.4.13-1.2mdv2007.0.x86_64.rpm
 83703461ccd52243d299dd0a00611019 
 2007.0/x86_64/lib64tk8.4-devel-8.4.13-1.2mdv2007.0.x86_64.rpm
 16be00250d31baa14b8daaef1050a849 
 2007.0/x86_64/tk-8.4.13-1.2mdv2007.0.x86_64.rpm 
 00af2123b29298539e37a1b24d832774  2007.0/SRPMS/tk-8.4.13-1.2mdv2007.0.src.rpm

 Mandriva Linux 2007.1:
 59fc6defd594590a401cd16796769921 
 2007.1/i586/libtk8.4-8.4.14-1.2mdv2007.1.i586.rpm
 d0a31e7f5bb7f15b981c91ad8cea16ed 
 2007.1/i586/libtk8.4-devel-8.4.14-1.2mdv2007.1.i586.rpm
 0fd5d28dc25ff74443b1a1aa9c9f0f51  2007.1/i586/tk-8.4.14-1.2mdv2007.1.i586.rpm 
 a84a7d5dec8ce5863e6a9b95f947522c  2007.1/SRPMS/tk-8.4.14-1.2mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 38bc8310c8500041edaa37c96947c2ad 
 2007.1/x86_64/lib64tk8.4-8.4.14-1.2mdv2007.1.x86_64.rpm
 aa08bf6f098a79dc2c788f646891cc9c 
 2007.1/x86_64/lib64tk8.4-devel-8.4.14-1.2mdv2007.1.x86_64.rpm
 110f8dfe0cabf73be25c5199c6a6573a 
 2007.1/x86_64/tk-8.4.14-1.2mdv2007.1.x86_64.rpm 
 a84a7d5dec8ce5863e6a9b95f947522c  2007.1/SRPMS/tk-8.4.14-1.2mdv2007.1.src.rpm

 Mandriva Linux 2008.0:
 e508b67d8677e460b82fef4ca62cad11 
 2008.0/i586/libtk-devel-8.5a6-8.2mdv2008.0.i586.rpm
 35fce37958832c7edbf4e8f2d63c9a72 
 2008.0/i586/libtk8.5-8.5a6-8.2mdv2008.0.i586.rpm
 c6a98c234a266e8f598261fd083efb66  2008.0/i586/tk-8.5a6-8.2mdv2008.0.i586.rpm 
 5bf712675013ea0217a40b88b250eec6  2008.0/SRPMS/tk-8.5a6-8.2mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 8600972bc80fe3d7dd4c38996fd3ebaf 
 2008.0/x86_64/lib64tk-devel-8.5a6-8.2mdv2008.0.x86_64.rpm
 afc55de6e27641bb41ddeff756f5fd7e 
 2008.0/x86_64/lib64tk8.5-8.5a6-8.2mdv2008.0.x86_64.rpm
 ea6772c14e7ff43edf66c8b11cdb9220 
 2008.0/x86_64/tk-8.5a6-8.2mdv2008.0.x86_64.rpm 
 5bf712675013ea0217a40b88b250eec6  2008.0/SRPMS/tk-8.5a6-8.2mdv2008.0.src.rpm

 Corporate 3.0:
 3b1d115b2af8da6031f9516258ff6189 
 corporate/3.0/i586/expect-8.4.5-3.2.C30mdk.i586.rpm
 e7f0b7e434eeb9c0e610b9243a7a77f2 
 corporate/3.0/i586/itcl-8.4.5-3.2.C30mdk.i586.rpm
 8994456be1907adba99f888605eeb9b0 
 corporate/3.0/i586/tcl-8.4.5-3.2.C30mdk.i586.rpm
 559e5c236040dd10c97d68029471a2db 
 corporate/3.0/i586/tcllib-8.4.5-3.2.C30mdk.i586.rpm
 806fee7439ca70c4c3a07b452e235b6e 
 corporate/3.0/i586/tclx-8.4.5-3.2.C30mdk.i586.rpm
 b43dfda12ad3b87ba08d2fe251f9b789 
 corporate/3.0/i586/tix-8.4.5-3.2.C30mdk.i586.rpm
 c0def25f6136448cec4b5f76c9ef7768 
 corporate/3.0/i586/tk-8.4.5-3.2.C30mdk.i586.rpm 
 77bfafd2bc669a44229c98235d9d7ddf 
 corporate/3.0/SRPMS/tcltk-8.4.5-3.2.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 087fb2465422f9a986058ea7ef94805f 
 corporate/3.0/x86_64/expect-8.4.5-3.2.C30mdk.x86_64.rpm
 da7a9ad6f31bf88c450d1a420622eecb 
 corporate/3.0/x86_64/itcl-8.4.5-3.2.C30mdk.x86_64.rpm
 86e4f3730cb0df460e4046e145e6f23d 
 corporate/3.0/x86_64/tcl-8.4.5-3.2.C30mdk.x86_64.rpm
 a11c191d79f26ee41f0b3409e7ff9f45 
 corporate/3.0/x86_64/tcllib-8.4.5-3.2.C30mdk.x86_64.rpm
 c7aacd94b3ffcf5d08b0f849ff11c2fd 
 corporate/3.0/x86_64/tclx-8.4.5-3.2.C30mdk.x86_64.rpm
 b8d04ce8ef73561878c872ecf648cccc 
 corporate/3.0/x86_64/tix-8.4.5-3.2.C30mdk.x86_64.rpm
 422837916e450af91a6138cc1b9d293a 
 corporate/3.0/x86_64/tk-8.4.5-3.2.C30mdk.x86_64.rpm 
 77bfafd2bc669a44229c98235d9d7ddf 
 corporate/3.0/SRPMS/tcltk-8.4.5-3.2.C30mdk.src.rpm

 Corporate 4.0:
 0a8ab7cee460cd844fc36ffae18f22cf 
 corporate/4.0/i586/expect-8.4.11-1.2.20060mlcs4.i586.rpm
 d8e97408f980801d3033771bddd3654c 
 corporate/4.0/i586/itcl-8.4.11-1.2.20060mlcs4.i586.rpm
 b1a73ccba0f46a7368752f61037d55d4 
 corporate/4.0/i586/iwidgets-8.4.11-1.2.20060mlcs4.i586.rpm
 dbe4336575a216ab49ba2896707d1a42 
 corporate/4.0/i586/libtcl8.4-8.4.11-1.2.20060mlcs4.i586.rpm
 8eca04215b8688949d00428075bb7e6c 
 corporate/4.0/i586/libtk8.4-8.4.11-1.2.20060mlcs4.i586.rpm
 a1eaa7f756cdc305b4289eb048f4c27d 
 corporate/4.0/i586/tcl-8.4.11-1.2.20060mlcs4.i586.rpm
 3efda5e311c63186d677849a53f29588 
 corporate/4.0/i586/tcllib-8.4.11-1.2.20060mlcs4.i586.rpm
 c6caf3a8451c039d18233e7d0d75ba55 
 corporate/4.0/i586/tclx-8.4.11-1.2.20060mlcs4.i586.rpm
 8c81d484a98a63edd8aa61db49e328c4 
 corporate/4.0/i586/tix-8.4.11-1.2.20060mlcs4.i586.rpm
 0fbe1014bcc0e336c99df4ac6c15cede 
 corporate/4.0/i586/tk-8.4.11-1.2.20060mlcs4.i586.rpm 
 04aeb45e0af9e354bbeb50cf710e92c8 
 corporate/4.0/SRPMS/tcltk-8.4.11-1.2.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 a85bcacdbba4e5935d9d0fd362cfe26c 
 corporate/4.0/x86_64/expect-8.4.11-1.2.20060mlcs4.x86_64.rpm
 853c81ee4ed5ca0d9356b42debdb78a1 
 corporate/4.0/x86_64/itcl-8.4.11-1.2.20060mlcs4.x86_64.rpm
 4b4e2c34bf7238d2f7d13d558af39c90 
 corporate/4.0/x86_64/iwidgets-8.4.11-1.2.20060mlcs4.x86_64.rpm
 e7578950e94fb19ffcf498c0f94d8923 
 corporate/4.0/x86_64/lib64tcl8.4-8.4.11-1.2.20060mlcs4.x86_64.rpm
 15325efd404bf8360a68ff0a9f53d3b7 
 corporate/4.0/x86_64/lib64tk8.4-8.4.11-1.2.20060mlcs4.x86_64.rpm
 32db571f68c7dfd66ff1424a65ad2f8d 
 corporate/4.0/x86_64/tcl-8.4.11-1.2.20060mlcs4.x86_64.rpm
 7c93dc23da99af0ccc94ef1f87f2ab19 
 corporate/4.0/x86_64/tcllib-8.4.11-1.2.20060mlcs4.x86_64.rpm
 85c10ab5dc0e50081897e1798312bb09 
 corporate/4.0/x86_64/tclx-8.4.11-1.2.20060mlcs4.x86_64.rpm
 83aed2c99f3d77578ff2826dd1ce4926 
 corporate/4.0/x86_64/tix-8.4.11-1.2.20060mlcs4.x86_64.rpm
 91b1e013f3c8a927cafb96577cc786cc 
 corporate/4.0/x86_64/tk-8.4.11-1.2.20060mlcs4.x86_64.rpm 
 04aeb45e0af9e354bbeb50cf710e92c8 
 corporate/4.0/SRPMS/tcltk-8.4.11-1.2.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)

iD8DBQFHq5fwmqjQ0CJFipgRAly0AJ98YDdkbbD+7OBhPYgKhS5azqYUDQCgrrzp
UFhVL66nqTVSEHh+sdLg+54=
=LsSO
-----END PGP SIGNATURE-----


------------=_1202439398-4794-9833
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva? 
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1202439398-4794-9833--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung