Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DSA-1490-1:EB424
HistoryFeb 10, 2008 - 8:52 p.m.

[SECURITY] [DSA 1490-1] New tk8.3 packages fix arbitrary code execution

2008-02-1020:52:03
lists.debian.org
11
JSON

Debian Security Advisory DSA-1490-1 [email protected]
http://www.debian.org/security/ Moritz Muehlenhoff
February 10, 2008 http://www.debian.org/security/faq

Package : tk8.3
Vulnerability : buffer overflow
Problem type : local(remote)
Debian-specific: no
CVE Id(s) : CVE-2008-0553

It was discovered that a buffer overflow in the GIF image parsing code
of Tk, a cross-platform graphical toolkit, could lead to denial of
service and potentially the execution of arbitrary code.

For the stable distribution (etch), this problem has been fixed in
version 8.3.5-6etch2.

For the old stable distribution (sarge), this problem has been fixed in
version 8.3.5-4sarge1.

We recommend that you upgrade your tk8.3 packages.

Upgrade instructions

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian 3.1 (oldstable)

Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-4sarge1.dsc
Size/MD5 checksum: 619 72ec50a6f7fe598dfdfa5bb6dcce26b8
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-4sarge1.diff.gz
Size/MD5 checksum: 27487 e8e4be4e42aa8d8aa42737e51bd00efb

Architecture independent packages:

http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-doc_8.3.5-4sarge1_all.deb
Size/MD5 checksum: 656610 2fdeefaa7fda287e93f03835b81c6b97

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-4sarge1_alpha.deb
Size/MD5 checksum: 800050 9ffdf85836c8c363791fca0fd9695caa
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-4sarge1_alpha.deb
Size/MD5 checksum: 866706 dccdb481171dbda93f1e285ba80928c1

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-4sarge1_amd64.deb
Size/MD5 checksum: 5401662 027185eb7532fa4e9cdd0d50bdaf3d83
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-4sarge1_amd64.deb
Size/MD5 checksum: 678048 b5be308ba38fab05cae38e092d57a889

arm architecture (ARM)

http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-4sarge1_arm.deb
Size/MD5 checksum: 693912 5399334e960fdcc8bcffe9264f249088
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-4sarge1_arm.deb
Size/MD5 checksum: 5374592 80f52caef92bb04868944996407be7b4

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-4sarge1_hppa.deb
Size/MD5 checksum: 5523864 89387f3788ac2ecc8f1209573e51d462
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-4sarge1_hppa.deb
Size/MD5 checksum: 771440 50776eb1a27f0b64d5a293bc9a3b2578

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-4sarge1_i386.deb
Size/MD5 checksum: 5373152 1acda6edfe3ca9d906e309b7ec1c80df
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-4sarge1_i386.deb
Size/MD5 checksum: 663734 2455bba9b8ff48ff5cac5a95f4c186e6

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-4sarge1_ia64.deb
Size/MD5 checksum: 898866 940ba28f8b0db48406ee4809b9d77f86
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-4sarge1_ia64.deb
Size/MD5 checksum: 5621592 4fb33ae434375d246943d88dd3682c7a

m68k architecture (Motorola Mc680x0)

http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-4sarge1_m68k.deb
Size/MD5 checksum: 575068 6458f19e912a11ed076486ab61743214
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-4sarge1_m68k.deb
Size/MD5 checksum: 5379682 fc5794b7b0079628fa530298f9476bfb

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-4sarge1_mips.deb
Size/MD5 checksum: 704002 25fbbe38f11333a06bc05d23126df314
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-4sarge1_mips.deb
Size/MD5 checksum: 816286 b3d5de6c3d0825efae3c2589e092aa34

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-4sarge1_mipsel.deb
Size/MD5 checksum: 813022 1423ef69d3d9bd8b701793856cc795cf
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-4sarge1_mipsel.deb
Size/MD5 checksum: 701082 406ae2f59095a43400895e5b40e6ab3c

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-4sarge1_powerpc.deb
Size/MD5 checksum: 7878966 a265e04e508554a1d0bd314cb7d6a908
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-4sarge1_powerpc.deb
Size/MD5 checksum: 677236 6a4d7527fbf5a228c1acde4299ea1f84

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-4sarge1_s390.deb
Size/MD5 checksum: 5561774 e0f0a37236461ae94b933e4a5eb14817
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-4sarge1_s390.deb
Size/MD5 checksum: 674842 6c668ee1265ae78ad5b812e607f5f71d

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-4sarge1_sparc.deb
Size/MD5 checksum: 5426718 20594b4384ea7417cf7a5632f8638bbd
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-4sarge1_sparc.deb
Size/MD5 checksum: 678866 abc4b418f08a7605df0e9eb8cd4c657d

Debian 4.0 (stable)

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch2.dsc
Size/MD5 checksum: 672 4e486153b8faf53782476e22c3880001
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch2.diff.gz
Size/MD5 checksum: 28777 54d70c692b5c712098e7a3f3da8a169f
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5.orig.tar.gz
Size/MD5 checksum: 2598030 363a55d31d94e05159e9212074c68004

Architecture independent packages:

http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-doc_8.3.5-6etch2_all.deb
Size/MD5 checksum: 657298 cc62b269ba2ac2bd6eca61774adb75b8

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch2_alpha.deb
Size/MD5 checksum: 870312 ca7383e0d6ceac65fd9dc59625fb051d
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch2_alpha.deb
Size/MD5 checksum: 808390 23b7446294b1cb3cf48fc1ad51b4edfe

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch2_amd64.deb
Size/MD5 checksum: 830910 4769eafe35695248d9e5f86b55a71874
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch2_amd64.deb
Size/MD5 checksum: 691460 ab8c2af96d4573753de894f5d738d9df

arm architecture (ARM)

http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch2_arm.deb
Size/MD5 checksum: 802950 247e4ef8599dff92ce89ffc040a683e9
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch2_arm.deb
Size/MD5 checksum: 649908 ad723304134fdd974f87f03be98466c4

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch2_hppa.deb
Size/MD5 checksum: 889136 299f1a1f029ae989000f0618f3f627c2
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch2_hppa.deb
Size/MD5 checksum: 773516 1d0fa389e6d47a3735d9db10eea5030e

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch2_i386.deb
Size/MD5 checksum: 805102 94482087953e4efdbd27bd72ae7187af
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch2_i386.deb
Size/MD5 checksum: 672612 a89666282487cda0bae98a0873fb01d7

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch2_ia64.deb
Size/MD5 checksum: 1057942 c8a0053f14a1cf36f3dd20124b633e68
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch2_ia64.deb
Size/MD5 checksum: 959576 b3c0dd20cc601ef00c8f2958f33b57ab

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch2_mips.deb
Size/MD5 checksum: 728178 f8e3ef984f59b502767e39a16418b512
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch2_mips.deb
Size/MD5 checksum: 825678 46311b08a5851e68a355217f08068647

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch2_mipsel.deb
Size/MD5 checksum: 823114 1beec3521b5a071b5d61c7ac0ab400f4
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch2_mipsel.deb
Size/MD5 checksum: 725968 44abec2145cf4619ee9fdb519d8a817b

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch2_powerpc.deb
Size/MD5 checksum: 659960 6121101918009e9cfc3400bd00bd1176
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch2_powerpc.deb
Size/MD5 checksum: 824324 2b4d6681e5736f78fdfdfe0afc9c54cc

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch2_s390.deb
Size/MD5 checksum: 838398 4cf8eb32d6c4a0e51d42141c4be20f94
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch2_s390.deb
Size/MD5 checksum: 694042 68ab888f154ccd255b2e3487ee449076

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch2_sparc.deb
Size/MD5 checksum: 680556 ca6f34ad3f8052f0488fbb27c63f46b7
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch2_sparc.deb
Size/MD5 checksum: 805330 e9088a3f282d1d34fc60437bbc29579e

These files will probably be moved into the stable distribution on
its next update.

For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: [email protected]
Package info: `apt-cache show <pkg>' and http://packages.debian.org/&lt;pkg&gt;

Related

openvas 56
fedora 6
nessus 33
osv 2
ubuntu 1
debian 2
securityvulns 3
seebug 1
prion 1
centos 4
redhat 3
oraclelinux 3
cve 1
ubuntucve 1
debiancve 1
vmware 2
gentoo 1
openvas
openvas
Fedora Update for tkimg FEDORA-2008-3621
2009-02-17 00:00:00
Fedora Update for perl-Tk FEDORA-2008-1384
2009-02-16 00:00:00
Debian: Security Advisory (DSA-1598-1)
2008-06-27 00:00:00
fedora
fedora
[SECURITY] Fedora 7 Update: tkimg-1.3-0.8.20080505svn.fc7
2008-05-10 13:58:56
[SECURITY] Fedora 7 Update: perl-Tk-804.028-3.fc7
2008-02-07 21:00:06
[SECURITY] Fedora 9 Update: tkimg-1.3-0.10.20080505svn.fc9
2008-05-13 15:27:27
nessus
nessus
SuSE9 Security Update : Tk (YOU Patch Number 12071)
2009-09-24 00:00:00
openSUSE 10 Security Update : tk (tk-4973)
2008-04-11 00:00:00
Debian DSA-1491-1 : tk8.4 - buffer overflow
2008-02-11 00:00:00
osv
osv
tk8.4 - arbitrary code execution
2008-02-10 00:00:00
tk8.3 - arbitrary code execution
2008-02-10 00:00:00
ubuntu
ubuntu
Tk vulnerability
2008-11-06 00:00:00
debian
debian
[SECURITY] [DSA 1598-1] New libtk-img packages fix arbitrary code execution
2008-06-19 21:12:53
[SECURITY] [DSA 1491-1] New tk8.4 packages fix arbitrary code execution
2008-02-10 20:56:24
securityvulns
securityvulns
Tk library buffer overflow
2008-02-10 00:00:00
[ MDVSA-2008:041 ] - Updated tk packages fix buffer overflow vulnerability
2008-02-10 00:00:00
VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues
2008-06-05 00:00:00
seebug
seebug
TCL/TK Tk工具包ReadImage()函数GIF文件解析栈溢出漏洞
2008-06-25 00:00:00
prion
prion
Stack overflow
2008-02-07 21:00:00
centos
centos
tk security update
2008-02-23 11:54:01
tk security update
2008-02-22 15:57:50
expect, expectk, itcl, tcl, tcllib, tclx, tix, tk security update
2008-02-22 15:25:04
redhat
redhat
(RHSA-2008:0136) Moderate: tk security update
2008-02-21 00:00:00
(RHSA-2008:0135) Moderate: tk security update
2008-02-21 00:00:00
(RHSA-2008:0134) Moderate: tcltk security update
2008-02-21 00:00:00
oraclelinux
oraclelinux
Moderate: tk security update
2008-02-22 00:00:00
Moderate: tk security update
2008-02-21 00:00:00
Moderate: tcltk security update
2008-02-22 00:00:00
cve
cve
CVE-2008-0553
2008-02-07 21:00:00
ubuntucve
ubuntucve
CVE-2008-0553
2008-02-07 00:00:00
debiancve
debiancve
CVE-2008-0553
2008-02-07 21:00:00
vmware
vmware
Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues
2008-06-04 00:00:00
Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues
2008-06-04 00:00:00
gentoo
gentoo
Multiple packages, Multiple vulnerabilities fixed in 2010
2014-12-11 00:00:00
JSON
Related for DEBIAN:DSA-1490-1:EB424
openvas56fedora6nessus33osv2ubuntu1debian2securityvulns3seebug1prion1centos4redhat3oraclelinux3cve1ubuntucve1debiancve1vmware2gentoo1