exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2007.200

Mandriva Linux Security Advisory 2007.200
Posted Oct 18, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A vulnerablity in Tk was found that could be used to overrun a buffer when loading certain GIF images. If a user were tricked into opening a specially crafted GIF file, it could lead to a denial of service condition or possibly the execution of arbitrary code with the user's privileges.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2007-5137, CVE-2007-5378
SHA-256 | fdee7478c7e7ee753aa4ed1d1053cb7018c3e5bd69240cd8459309b0d7473b47
Download | Favorite | View

Mandriva Linux Security Advisory 2007.200

Change Mirror Download

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2007:200
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : tk
 Date    : October 18, 2007
 Affected: 2007.0, 2007.1, 2008.0, Corporate 3.0, Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 A vulnerablity in Tk was found that could be used to overrun a buffer
 when loading certain GIF images.  If a user were tricked into opening
 a specially crafted GIF file, it could lead to a denial of service
 condition or possibly the execution of arbitrary code with the user's
 privileges.
 
 Updated packages have been patched to prevent this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5137
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5378
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 60f740fa8977a3d6ab49a40b750a3d1b  2007.0/i586/libtk8.4-8.4.13-1.1mdv2007.0.i586.rpm
 05990645a727a885dd8fe6608f5dc8b8  2007.0/i586/libtk8.4-devel-8.4.13-1.1mdv2007.0.i586.rpm
 6a5bcabc72b1395745a3d43c3b915465  2007.0/i586/tk-8.4.13-1.1mdv2007.0.i586.rpm 
 db9748c866c5e06eff04bc21dd6bf459  2007.0/SRPMS/tk-8.4.13-1.1mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 2df6cd7b62339579d5ae094cb8599b06  2007.0/x86_64/lib64tk8.4-8.4.13-1.1mdv2007.0.x86_64.rpm
 fab4f39016d8ee9222547cc720c5769e  2007.0/x86_64/lib64tk8.4-devel-8.4.13-1.1mdv2007.0.x86_64.rpm
 7b0c87404cffe6cb73fd731c312e9369  2007.0/x86_64/tk-8.4.13-1.1mdv2007.0.x86_64.rpm 
 db9748c866c5e06eff04bc21dd6bf459  2007.0/SRPMS/tk-8.4.13-1.1mdv2007.0.src.rpm

 Mandriva Linux 2007.1:
 e33895b367c8d1982f3269a5c73dc801  2007.1/i586/libtk8.4-8.4.14-1.1mdv2007.1.i586.rpm
 7dc650450f7d3d307411935bea210cf8  2007.1/i586/libtk8.4-devel-8.4.14-1.1mdv2007.1.i586.rpm
 7b97b6cf3fd8032fd3ee3ce4ad7c255f  2007.1/i586/tk-8.4.14-1.1mdv2007.1.i586.rpm 
 c4e8e865f6c1d3e36bb201e2ee2f9ab1  2007.1/SRPMS/tk-8.4.14-1.1mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 11e5c61b9e2703782c8ce440270a3eaf  2007.1/x86_64/lib64tk8.4-8.4.14-1.1mdv2007.1.x86_64.rpm
 27430c69edd74459d4b8be1edb2f4613  2007.1/x86_64/lib64tk8.4-devel-8.4.14-1.1mdv2007.1.x86_64.rpm
 118d089330e5a08125f5a2b15a7c2f8a  2007.1/x86_64/tk-8.4.14-1.1mdv2007.1.x86_64.rpm 
 c4e8e865f6c1d3e36bb201e2ee2f9ab1  2007.1/SRPMS/tk-8.4.14-1.1mdv2007.1.src.rpm

 Mandriva Linux 2008.0:
 46626982fee7008f9c33437c36de3ce3  2008.0/i586/libtk-devel-8.5a6-8.1mdv2008.0.i586.rpm
 f9ee0b9ae377c06319de116ef3b5cd34  2008.0/i586/libtk8.5-8.5a6-8.1mdv2008.0.i586.rpm
 c52bd1e8b18c214715e5a83a05d5ce77  2008.0/i586/tk-8.5a6-8.1mdv2008.0.i586.rpm 
 988dbc066b5e5ced3b97edcefd171a8a  2008.0/SRPMS/tk-8.5a6-8.1mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 02c6ef1b37706392f4fabf98a570c50f  2008.0/x86_64/lib64tk-devel-8.5a6-8.1mdv2008.0.x86_64.rpm
 f47bbdadd81cc964898046fde9e3d9f4  2008.0/x86_64/lib64tk8.5-8.5a6-8.1mdv2008.0.x86_64.rpm
 d247ad4d59c410442db053159220e16b  2008.0/x86_64/tk-8.5a6-8.1mdv2008.0.x86_64.rpm 
 988dbc066b5e5ced3b97edcefd171a8a  2008.0/SRPMS/tk-8.5a6-8.1mdv2008.0.src.rpm

 Corporate 3.0:
 66a845d440a9e2349213fae27271c780  corporate/3.0/i586/expect-8.4.5-3.1.C30mdk.i586.rpm
 27bedea45e60fc2da882019c8b31d3a7  corporate/3.0/i586/itcl-8.4.5-3.1.C30mdk.i586.rpm
 de54d041b4c3e2543cc3da2f0c657a81  corporate/3.0/i586/tcl-8.4.5-3.1.C30mdk.i586.rpm
 36be5f9bac328bf45baeac3cdbdd47ff  corporate/3.0/i586/tcllib-8.4.5-3.1.C30mdk.i586.rpm
 406b9d9ddaaf92b60c7baf154ffcf410  corporate/3.0/i586/tclx-8.4.5-3.1.C30mdk.i586.rpm
 477a109cb62b37fd8bf41ca1df368aa1  corporate/3.0/i586/tix-8.4.5-3.1.C30mdk.i586.rpm
 d893211a561731ad81935ac16210fd73  corporate/3.0/i586/tk-8.4.5-3.1.C30mdk.i586.rpm 
 b60191000be9b0abd1c8c9a199aff8c4  corporate/3.0/SRPMS/tcltk-8.4.5-3.1.C30mdk.src.rpm

 Corporate 4.0:
 d501589065ada8f8443f118b3e50a86b  corporate/4.0/i586/expect-8.4.11-1.1.20060mlcs4.i586.rpm
 3b3dd07ea762151dea7a858ffb40a950  corporate/4.0/i586/itcl-8.4.11-1.1.20060mlcs4.i586.rpm
 ce8a6ba003a58318d88d9cf85701d108  corporate/4.0/i586/iwidgets-8.4.11-1.1.20060mlcs4.i586.rpm
 fc38d955a50378b5e60a13e56fb72d92  corporate/4.0/i586/libtcl8.4-8.4.11-1.1.20060mlcs4.i586.rpm
 5f811fc02c05775092056dcbcce5cdfa  corporate/4.0/i586/libtk8.4-8.4.11-1.1.20060mlcs4.i586.rpm
 d556c96e07f5874434cb6de855ad3397  corporate/4.0/i586/tcl-8.4.11-1.1.20060mlcs4.i586.rpm
 ec615811cd2d9a30d70e19efcbc3e5d1  corporate/4.0/i586/tcllib-8.4.11-1.1.20060mlcs4.i586.rpm
 5fa89f9eedf7bf7c9bfa6b4532c3f745  corporate/4.0/i586/tclx-8.4.11-1.1.20060mlcs4.i586.rpm
 50c4cf284aae086ee97c5c88264e380b  corporate/4.0/i586/tix-8.4.11-1.1.20060mlcs4.i586.rpm
 9c10c63d3114b15276006bc13ac22135  corporate/4.0/i586/tk-8.4.11-1.1.20060mlcs4.i586.rpm 
 01f4fd97200cab45c5e438bc2de16ef3  corporate/4.0/SRPMS/tcltk-8.4.11-1.1.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 e0046f480e791d86126b47b1e60e070d  corporate/4.0/x86_64/expect-8.4.11-1.1.20060mlcs4.x86_64.rpm
 b3e645973c2aa36643fa991a36250c79  corporate/4.0/x86_64/itcl-8.4.11-1.1.20060mlcs4.x86_64.rpm
 735a36431c6154be8b02a39adc9b2116  corporate/4.0/x86_64/iwidgets-8.4.11-1.1.20060mlcs4.x86_64.rpm
 bd7b3b9a4da0ae6c8f44289ca8287a77  corporate/4.0/x86_64/lib64tcl8.4-8.4.11-1.1.20060mlcs4.x86_64.rpm
 79738e06527efc5988f42fa0dcb47c4b  corporate/4.0/x86_64/lib64tk8.4-8.4.11-1.1.20060mlcs4.x86_64.rpm
 43e3fa88ab61c2de84627d0fdc73ded0  corporate/4.0/x86_64/tcl-8.4.11-1.1.20060mlcs4.x86_64.rpm
 91f8eb2f70ceb0a18dfcea1cb5cba0b9  corporate/4.0/x86_64/tcllib-8.4.11-1.1.20060mlcs4.x86_64.rpm
 a229460593913f7057e23e0556a85b77  corporate/4.0/x86_64/tclx-8.4.11-1.1.20060mlcs4.x86_64.rpm
 c7247488fcd4de1f54a9427157b8fbeb  corporate/4.0/x86_64/tix-8.4.11-1.1.20060mlcs4.x86_64.rpm
 3b30e0802b236a1a60a55c67f9f36746  corporate/4.0/x86_64/tk-8.4.11-1.1.20060mlcs4.x86_64.rpm 
 01f4fd97200cab45c5e438bc2de16ef3  corporate/4.0/SRPMS/tcltk-8.4.11-1.1.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFHF6xFmqjQ0CJFipgRAu8bAJ9GtA0FLzMG/dUWCy5dfWWQIfySBwCgy8cj
rAKbfS9luXheK00ZdJGpFNE=
=Dzys
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close