lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-id: <E1IidS0-0000sg-IL@artemis.annvix.ca>
Date: Thu, 18 Oct 2007 16:02:44 -0600
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDKSA-2007:200 ] - Updated tk packages fix vulnerabilities


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2007:200
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : tk
 Date    : October 18, 2007
 Affected: 2007.0, 2007.1, 2008.0, Corporate 3.0, Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 A vulnerablity in Tk was found that could be used to overrun a buffer
 when loading certain GIF images.  If a user were tricked into opening
 a specially crafted GIF file, it could lead to a denial of service
 condition or possibly the execution of arbitrary code with the user's
 privileges.
 
 Updated packages have been patched to prevent this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5137
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5378
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 60f740fa8977a3d6ab49a40b750a3d1b  2007.0/i586/libtk8.4-8.4.13-1.1mdv2007.0.i586.rpm
 05990645a727a885dd8fe6608f5dc8b8  2007.0/i586/libtk8.4-devel-8.4.13-1.1mdv2007.0.i586.rpm
 6a5bcabc72b1395745a3d43c3b915465  2007.0/i586/tk-8.4.13-1.1mdv2007.0.i586.rpm 
 db9748c866c5e06eff04bc21dd6bf459  2007.0/SRPMS/tk-8.4.13-1.1mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 2df6cd7b62339579d5ae094cb8599b06  2007.0/x86_64/lib64tk8.4-8.4.13-1.1mdv2007.0.x86_64.rpm
 fab4f39016d8ee9222547cc720c5769e  2007.0/x86_64/lib64tk8.4-devel-8.4.13-1.1mdv2007.0.x86_64.rpm
 7b0c87404cffe6cb73fd731c312e9369  2007.0/x86_64/tk-8.4.13-1.1mdv2007.0.x86_64.rpm 
 db9748c866c5e06eff04bc21dd6bf459  2007.0/SRPMS/tk-8.4.13-1.1mdv2007.0.src.rpm

 Mandriva Linux 2007.1:
 e33895b367c8d1982f3269a5c73dc801  2007.1/i586/libtk8.4-8.4.14-1.1mdv2007.1.i586.rpm
 7dc650450f7d3d307411935bea210cf8  2007.1/i586/libtk8.4-devel-8.4.14-1.1mdv2007.1.i586.rpm
 7b97b6cf3fd8032fd3ee3ce4ad7c255f  2007.1/i586/tk-8.4.14-1.1mdv2007.1.i586.rpm 
 c4e8e865f6c1d3e36bb201e2ee2f9ab1  2007.1/SRPMS/tk-8.4.14-1.1mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 11e5c61b9e2703782c8ce440270a3eaf  2007.1/x86_64/lib64tk8.4-8.4.14-1.1mdv2007.1.x86_64.rpm
 27430c69edd74459d4b8be1edb2f4613  2007.1/x86_64/lib64tk8.4-devel-8.4.14-1.1mdv2007.1.x86_64.rpm
 118d089330e5a08125f5a2b15a7c2f8a  2007.1/x86_64/tk-8.4.14-1.1mdv2007.1.x86_64.rpm 
 c4e8e865f6c1d3e36bb201e2ee2f9ab1  2007.1/SRPMS/tk-8.4.14-1.1mdv2007.1.src.rpm

 Mandriva Linux 2008.0:
 46626982fee7008f9c33437c36de3ce3  2008.0/i586/libtk-devel-8.5a6-8.1mdv2008.0.i586.rpm
 f9ee0b9ae377c06319de116ef3b5cd34  2008.0/i586/libtk8.5-8.5a6-8.1mdv2008.0.i586.rpm
 c52bd1e8b18c214715e5a83a05d5ce77  2008.0/i586/tk-8.5a6-8.1mdv2008.0.i586.rpm 
 988dbc066b5e5ced3b97edcefd171a8a  2008.0/SRPMS/tk-8.5a6-8.1mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 02c6ef1b37706392f4fabf98a570c50f  2008.0/x86_64/lib64tk-devel-8.5a6-8.1mdv2008.0.x86_64.rpm
 f47bbdadd81cc964898046fde9e3d9f4  2008.0/x86_64/lib64tk8.5-8.5a6-8.1mdv2008.0.x86_64.rpm
 d247ad4d59c410442db053159220e16b  2008.0/x86_64/tk-8.5a6-8.1mdv2008.0.x86_64.rpm 
 988dbc066b5e5ced3b97edcefd171a8a  2008.0/SRPMS/tk-8.5a6-8.1mdv2008.0.src.rpm

 Corporate 3.0:
 66a845d440a9e2349213fae27271c780  corporate/3.0/i586/expect-8.4.5-3.1.C30mdk.i586.rpm
 27bedea45e60fc2da882019c8b31d3a7  corporate/3.0/i586/itcl-8.4.5-3.1.C30mdk.i586.rpm
 de54d041b4c3e2543cc3da2f0c657a81  corporate/3.0/i586/tcl-8.4.5-3.1.C30mdk.i586.rpm
 36be5f9bac328bf45baeac3cdbdd47ff  corporate/3.0/i586/tcllib-8.4.5-3.1.C30mdk.i586.rpm
 406b9d9ddaaf92b60c7baf154ffcf410  corporate/3.0/i586/tclx-8.4.5-3.1.C30mdk.i586.rpm
 477a109cb62b37fd8bf41ca1df368aa1  corporate/3.0/i586/tix-8.4.5-3.1.C30mdk.i586.rpm
 d893211a561731ad81935ac16210fd73  corporate/3.0/i586/tk-8.4.5-3.1.C30mdk.i586.rpm 
 b60191000be9b0abd1c8c9a199aff8c4  corporate/3.0/SRPMS/tcltk-8.4.5-3.1.C30mdk.src.rpm

 Corporate 4.0:
 d501589065ada8f8443f118b3e50a86b  corporate/4.0/i586/expect-8.4.11-1.1.20060mlcs4.i586.rpm
 3b3dd07ea762151dea7a858ffb40a950  corporate/4.0/i586/itcl-8.4.11-1.1.20060mlcs4.i586.rpm
 ce8a6ba003a58318d88d9cf85701d108  corporate/4.0/i586/iwidgets-8.4.11-1.1.20060mlcs4.i586.rpm
 fc38d955a50378b5e60a13e56fb72d92  corporate/4.0/i586/libtcl8.4-8.4.11-1.1.20060mlcs4.i586.rpm
 5f811fc02c05775092056dcbcce5cdfa  corporate/4.0/i586/libtk8.4-8.4.11-1.1.20060mlcs4.i586.rpm
 d556c96e07f5874434cb6de855ad3397  corporate/4.0/i586/tcl-8.4.11-1.1.20060mlcs4.i586.rpm
 ec615811cd2d9a30d70e19efcbc3e5d1  corporate/4.0/i586/tcllib-8.4.11-1.1.20060mlcs4.i586.rpm
 5fa89f9eedf7bf7c9bfa6b4532c3f745  corporate/4.0/i586/tclx-8.4.11-1.1.20060mlcs4.i586.rpm
 50c4cf284aae086ee97c5c88264e380b  corporate/4.0/i586/tix-8.4.11-1.1.20060mlcs4.i586.rpm
 9c10c63d3114b15276006bc13ac22135  corporate/4.0/i586/tk-8.4.11-1.1.20060mlcs4.i586.rpm 
 01f4fd97200cab45c5e438bc2de16ef3  corporate/4.0/SRPMS/tcltk-8.4.11-1.1.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 e0046f480e791d86126b47b1e60e070d  corporate/4.0/x86_64/expect-8.4.11-1.1.20060mlcs4.x86_64.rpm
 b3e645973c2aa36643fa991a36250c79  corporate/4.0/x86_64/itcl-8.4.11-1.1.20060mlcs4.x86_64.rpm
 735a36431c6154be8b02a39adc9b2116  corporate/4.0/x86_64/iwidgets-8.4.11-1.1.20060mlcs4.x86_64.rpm
 bd7b3b9a4da0ae6c8f44289ca8287a77  corporate/4.0/x86_64/lib64tcl8.4-8.4.11-1.1.20060mlcs4.x86_64.rpm
 79738e06527efc5988f42fa0dcb47c4b  corporate/4.0/x86_64/lib64tk8.4-8.4.11-1.1.20060mlcs4.x86_64.rpm
 43e3fa88ab61c2de84627d0fdc73ded0  corporate/4.0/x86_64/tcl-8.4.11-1.1.20060mlcs4.x86_64.rpm
 91f8eb2f70ceb0a18dfcea1cb5cba0b9  corporate/4.0/x86_64/tcllib-8.4.11-1.1.20060mlcs4.x86_64.rpm
 a229460593913f7057e23e0556a85b77  corporate/4.0/x86_64/tclx-8.4.11-1.1.20060mlcs4.x86_64.rpm
 c7247488fcd4de1f54a9427157b8fbeb  corporate/4.0/x86_64/tix-8.4.11-1.1.20060mlcs4.x86_64.rpm
 3b30e0802b236a1a60a55c67f9f36746  corporate/4.0/x86_64/tk-8.4.11-1.1.20060mlcs4.x86_64.rpm 
 01f4fd97200cab45c5e438bc2de16ef3  corporate/4.0/SRPMS/tcltk-8.4.11-1.1.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFHF6xFmqjQ0CJFipgRAu8bAJ9GtA0FLzMG/dUWCy5dfWWQIfySBwCgy8cj
rAKbfS9luXheK00ZdJGpFNE=
=Dzys
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ