[<prev] [next>] [day] [month] [year] [list]
Message-Id: <1225997126.9467.6.camel@mdlinux>
Date: Thu, 06 Nov 2008 13:45:26 -0500
From: Marc Deslauriers <marc.deslauriers@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-664-1] Tk vulnerability
===========================================================
Ubuntu Security Notice USN-664-1 November 06, 2008
tk8.0, tk8.3, tk8.4 vulnerability
CVE-2008-0553
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 7.10
Ubuntu 8.04 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
tk8.0 8.0.5-11ubuntu0.1
tk8.3 8.3.5-4ubuntu1.2
tk8.4 8.4.12-0ubuntu1.2
Ubuntu 7.10:
tk8.3 8.3.5-6ubuntu3.1
tk8.4 8.4.15-1ubuntu1.1
Ubuntu 8.04 LTS:
tk8.4 8.4.16-2ubuntu1.1
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
It was discovered that Tk could be made to overrun a buffer when loading
certain images. If a user were tricked into opening a specially crafted
GIF image, remote attackers could cause a denial of service or execute
arbitrary code with user privileges.
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.0/tk8.0_8.0.5-11ubuntu0.1.diff.gz
Size/MD5: 455767 624a4aaeda503706d929f7d8f203a3e3
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.0/tk8.0_8.0.5-11ubuntu0.1.dsc
Size/MD5: 1019 9f9fde8c98171c13cf504bb2c2bdde17
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.0/tk8.0_8.0.5.orig.tar.gz
Size/MD5: 2033223 3ae92b86c01ec99a1872697294839e64
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5-4ubuntu1.2.diff.gz
Size/MD5: 28060 51b033f7ac63ec0dc35fb3ebcb50f418
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5-4ubuntu1.2.dsc
Size/MD5: 1023 49db61772bb838f83df230b214161907
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5.orig.tar.gz
Size/MD5: 2598030 363a55d31d94e05159e9212074c68004
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.12-0ubuntu1.2.diff.gz
Size/MD5: 21534 2e49f47d0df578cddbfb9775469d168b
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.12-0ubuntu1.2.dsc
Size/MD5: 1083 a3ad94f647e37b3da2d3ea2274bb6f08
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.12.orig.tar.gz
Size/MD5: 3245547 316491cb82d898b434842353aed1f0d6
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4-doc_8.4.12-0ubuntu1.2_all.deb
Size/MD5: 788200 01dc19de0b3d36acea0541622129a442
http://security.ubuntu.com/ubuntu/pool/universe/t/tk8.0/tk8.0-doc_8.0.5-11ubuntu0.1_all.deb
Size/MD5: 555110 8da51243a21a0d0e03c4bb5c33389e42
http://security.ubuntu.com/ubuntu/pool/universe/t/tk8.3/tk8.3-doc_8.3.5-4ubuntu1.2_all.deb
Size/MD5: 656938 24d91aed7f2612ac56b56bbf16a6b3a8
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.0/tk8.0_8.0.5-11ubuntu0.1_amd64.deb
Size/MD5: 1242594 9c6cb511fc3ec39fc4f338f616597307
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3-dev_8.3.5-4ubuntu1.2_amd64.deb
Size/MD5: 697568 d47ef6fa6c4269899d84273a3c502318
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5-4ubuntu1.2_amd64.deb
Size/MD5: 2919866 9851c5e98c5820edee0cb73134e4465f
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4-dev_8.4.12-0ubuntu1.2_amd64.deb
Size/MD5: 846932 7203e3548032f5e126c3e04adddcd9bb
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.12-0ubuntu1.2_amd64.deb
Size/MD5: 1012164 e8d1cc364274f2c92fff254bf0cf31ff
http://security.ubuntu.com/ubuntu/pool/universe/t/tk8.0/tk8.0-dev_8.0.5-11ubuntu0.1_amd64.deb
Size/MD5: 564798 d6aaa3faa675ae34f5517b9a800ec4e7
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.0/tk8.0_8.0.5-11ubuntu0.1_i386.deb
Size/MD5: 1112956 b27a3e79df915bff0aa557bdae8eac0d
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3-dev_8.3.5-4ubuntu1.2_i386.deb
Size/MD5: 648134 6747530f3380f84cbdc637e2c4ed3429
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5-4ubuntu1.2_i386.deb
Size/MD5: 2732568 5f1bc057480c20a0e66414b58a34ff58
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4-dev_8.4.12-0ubuntu1.2_i386.deb
Size/MD5: 793148 229b89170088c480db48a32f92ff28ba
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.12-0ubuntu1.2_i386.deb
Size/MD5: 956516 0f531a37707a2e5db21c050fbaf752bd
http://security.ubuntu.com/ubuntu/pool/universe/t/tk8.0/tk8.0-dev_8.0.5-11ubuntu0.1_i386.deb
Size/MD5: 521652 6c10e6945c334c1506dacc9970367d03
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.0/tk8.0_8.0.5-11ubuntu0.1_powerpc.deb
Size/MD5: 1230088 02a5a6f0bc73b94fd4c16d31bc633109
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3-dev_8.3.5-4ubuntu1.2_powerpc.deb
Size/MD5: 660074 c89495d38a922de0f188199d47971dbc
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5-4ubuntu1.2_powerpc.deb
Size/MD5: 2932018 5e9388afbb35c561aff87c1ae83a322e
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4-dev_8.4.12-0ubuntu1.2_powerpc.deb
Size/MD5: 806852 8d6a9dcacbf8725abf1f0beead19de65
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.12-0ubuntu1.2_powerpc.deb
Size/MD5: 999658 c483c85e3736eccf66f597f2e3deea13
http://security.ubuntu.com/ubuntu/pool/universe/t/tk8.0/tk8.0-dev_8.0.5-11ubuntu0.1_powerpc.deb
Size/MD5: 533942 2b539c0f193b96518588ea1ba35d0cf6
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.0/tk8.0_8.0.5-11ubuntu0.1_sparc.deb
Size/MD5: 1128404 dd01474892069952e4d23b7e46db81c8
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3-dev_8.3.5-4ubuntu1.2_sparc.deb
Size/MD5: 680266 2500c749b23b90a590d193f6687f4835
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5-4ubuntu1.2_sparc.deb
Size/MD5: 2792458 c8c5259f432014f64d0a3f91de2d1125
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4-dev_8.4.12-0ubuntu1.2_sparc.deb
Size/MD5: 826916 ba6ab8fd313bd283accfc849e56b7d30
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.12-0ubuntu1.2_sparc.deb
Size/MD5: 979172 0dc20a66a68b6b09227fa607ad9e9864
http://security.ubuntu.com/ubuntu/pool/universe/t/tk8.0/tk8.0-dev_8.0.5-11ubuntu0.1_sparc.deb
Size/MD5: 538652 3d27539675cdf3fbf2a05546321ad736
Updated packages for Ubuntu 7.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5-6ubuntu3.1.diff.gz
Size/MD5: 28401 56ae8da9e13ba5c50b5383a87e518452
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5-6ubuntu3.1.dsc
Size/MD5: 1162 9377043998c247fea3cb21cb2e93a49c
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5.orig.tar.gz
Size/MD5: 2598030 363a55d31d94e05159e9212074c68004
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.15-1ubuntu1.1.diff.gz
Size/MD5: 11022 fabe1a67b27e694f25b384746589bbb8
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.15-1ubuntu1.1.dsc
Size/MD5: 1277 09200463daf224b1f7ab29b95bb50a3a
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.15.orig.tar.gz
Size/MD5: 3340313 68777568d818e1980dda4b6b02b92f1a
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3-doc_8.3.5-6ubuntu3.1_all.deb
Size/MD5: 657166 4713b2254c2467e6975c7a2fd2be4346
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4-doc_8.4.15-1ubuntu1.1_all.deb
Size/MD5: 806328 4e47f9174acbf2dd54a90b52991ec806
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3-dev_8.3.5-6ubuntu3.1_amd64.deb
Size/MD5: 697782 8d9f3c14931017633eef838c86b866e8
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5-6ubuntu3.1_amd64.deb
Size/MD5: 838492 2def3ba9f59eddd2c7a6dd4a4ed504b4
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4-dev_8.4.15-1ubuntu1.1_amd64.deb
Size/MD5: 865754 539d4df4c8f30b21d8d3be213b9e2613
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.15-1ubuntu1.1_amd64.deb
Size/MD5: 1036114 b7f8a3d7f278382d4208f69f22c292a1
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3-dev_8.3.5-6ubuntu3.1_i386.deb
Size/MD5: 672294 253fbc3e57601da574d4902318104e27
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5-6ubuntu3.1_i386.deb
Size/MD5: 809568 d14ddfa099c9e1d86e51c33ca4297a6b
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4-dev_8.4.15-1ubuntu1.1_i386.deb
Size/MD5: 840150 45ae7d4de5e8307b43da6fed285e0f0f
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.15-1ubuntu1.1_i386.deb
Size/MD5: 1002570 0feb06f1239d4dc3a09cecebb818df80
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/t/tk8.3/tk8.3-dev_8.3.5-6ubuntu3.1_lpia.deb
Size/MD5: 664762 6b2c167a411b5bc6b51e897dbfc72d44
http://ports.ubuntu.com/pool/main/t/tk8.3/tk8.3_8.3.5-6ubuntu3.1_lpia.deb
Size/MD5: 809050 11fc7f117ba6f757a9cc3d4dabde6a61
http://ports.ubuntu.com/pool/main/t/tk8.4/tk8.4-dev_8.4.15-1ubuntu1.1_lpia.deb
Size/MD5: 832466 5aadc7ef038e680eeb50ff329578c7e7
http://ports.ubuntu.com/pool/main/t/tk8.4/tk8.4_8.4.15-1ubuntu1.1_lpia.deb
Size/MD5: 1002542 93e6840019c82592f4acdce31e7d8832
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3-dev_8.3.5-6ubuntu3.1_powerpc.deb
Size/MD5: 671038 7a7cc41b5cafa1a63d0e7c0c97a2e3e1
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5-6ubuntu3.1_powerpc.deb
Size/MD5: 844566 0fb95d839a8b8ed6244818c6217738fb
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4-dev_8.4.15-1ubuntu1.1_powerpc.deb
Size/MD5: 841154 8405745783c484b3391101a6d238f2c4
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.15-1ubuntu1.1_powerpc.deb
Size/MD5: 1042582 27069ff173a63b8c6e5b7755666ca238
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3-dev_8.3.5-6ubuntu3.1_sparc.deb
Size/MD5: 686192 4b6bbb17d26c6f730457f847b6b086ca
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5-6ubuntu3.1_sparc.deb
Size/MD5: 814140 c662b08e362151a5b6168383c2558e6f
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4-dev_8.4.15-1ubuntu1.1_sparc.deb
Size/MD5: 850358 6ef19660783562ad79980d834d22af7e
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.15-1ubuntu1.1_sparc.deb
Size/MD5: 1009164 9cf16927296e3566146cab438e5bcf0c
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.16-2ubuntu1.1.diff.gz
Size/MD5: 11255 fddfeb381414ae5ad3f1b666f0a3bbb3
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.16-2ubuntu1.1.dsc
Size/MD5: 1343 2239977514a8b8b5a55a152264f8567b
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.16.orig.tar.gz
Size/MD5: 3344618 24d18fbebe3bb8853e418431be01bf2c
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4-doc_8.4.16-2ubuntu1.1_all.deb
Size/MD5: 810520 ef5e83ada9997a86ea6c81d53dcc069a
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4-dev_8.4.16-2ubuntu1.1_amd64.deb
Size/MD5: 875806 d01319038e80337d979c4f0c1a425cb8
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.16-2ubuntu1.1_amd64.deb
Size/MD5: 1041820 2c9caebfc0d4d920b34502f056aa928a
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4-dev_8.4.16-2ubuntu1.1_i386.deb
Size/MD5: 843216 d6efa05e7cb077b59c8e4b37dadedde9
http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.16-2ubuntu1.1_i386.deb
Size/MD5: 1001132 c7d3727a22902bc4573fd7f685e1f381
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/t/tk8.4/tk8.4-dev_8.4.16-2ubuntu1.1_lpia.deb
Size/MD5: 836000 f91f94686955b0b76362206336a96929
http://ports.ubuntu.com/pool/main/t/tk8.4/tk8.4_8.4.16-2ubuntu1.1_lpia.deb
Size/MD5: 999502 fdd407d2c354c3b61baffb84550af475
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/t/tk8.4/tk8.4-dev_8.4.16-2ubuntu1.1_powerpc.deb
Size/MD5: 852414 119d5a95f72b3e21d7a49b5411be4cfa
http://ports.ubuntu.com/pool/main/t/tk8.4/tk8.4_8.4.16-2ubuntu1.1_powerpc.deb
Size/MD5: 1043522 d7c78251011f26489c28eb54bfabb699
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/t/tk8.4/tk8.4-dev_8.4.16-2ubuntu1.1_sparc.deb
Size/MD5: 841910 d7123dbc22b32711a226e49c95db23dc
http://ports.ubuntu.com/pool/main/t/tk8.4/tk8.4_8.4.16-2ubuntu1.1_sparc.deb
Size/MD5: 1001600 fe343da05ac4e8e03e81ceb805e04dc2
Download attachment "signature.asc" of type "application/pgp-signature" (198 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists