LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: October 27th, 2014
Linux Advisory Watch: October 24th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Ubuntu: Tk vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu It was discovered that Tk could be made to overrun a buffer when loading certain images. If a user were tricked into opening a specially crafted GIF image, remote attackers could cause a denial of service or execute arbitrary code with user privileges.
=========================================================== 
Ubuntu Security Notice USN-529-1           October 11, 2007
tk8.3, tk8.4 vulnerability
CVE-2007-5137
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  tk8.3                           8.3.5-4ubuntu1.1
  tk8.4                           8.4.12-0ubuntu1.1

Ubuntu 6.10:
  tk8.3                           8.3.5-6ubuntu1.1
  tk8.4                           8.4.12-1ubuntu0.1

Ubuntu 7.04:
  tk8.3                           8.3.5-6ubuntu2.1
  tk8.4                           8.4.14-0ubuntu2.1

In general, a standard system upgrade is sufficient to affect the
necessary changes.

Details follow:

It was discovered that Tk could be made to overrun a buffer when loading
certain images. If a user were tricked into opening a specially crafted
GIF image, remote attackers could cause a denial of service or execute
arbitrary code with user privileges.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5-4ubuntu1.1.diff.gz
      Size/MD5:    27182 18c232cfe73ac5ae715070dfebaf48dd
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5-4ubuntu1.1.dsc
      Size/MD5:      625 2bf4b0d96dc731beff2a178bdb2540e6
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5.orig.tar.gz
      Size/MD5:  2598030 363a55d31d94e05159e9212074c68004
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.12-0ubuntu1.1.diff.gz
      Size/MD5:    20932 a2f008e9541d7be33d7db50523c37b00
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.12-0ubuntu1.1.dsc
      Size/MD5:      681 504b049b89ce1246f115e799ea66b237
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.12.orig.tar.gz
      Size/MD5:  3245547 316491cb82d898b434842353aed1f0d6

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4-doc_8.4.12-0ubuntu1.1_all.deb
      Size/MD5:   788236 f7dd9433611523eb5d7fef0632dfe3b8
    http://security.ubuntu.com/ubuntu/pool/universe/t/tk8.3/tk8.3-doc_8.3.5-4ubuntu1.1_all.deb
      Size/MD5:   656814 dc65f7aad63f5c1b95d750d0b3b1a4ff

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3-dev_8.3.5-4ubuntu1.1_amd64.deb
      Size/MD5:   697378 ad59718575154976eac75cabdf586a1b
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5-4ubuntu1.1_amd64.deb
      Size/MD5:  2919466 fd69617e3af1eaf6ab4f1924023e7397
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4-dev_8.4.12-0ubuntu1.1_amd64.deb
      Size/MD5:   846730 43d571a2718de9eafe47d27277d560fb
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.12-0ubuntu1.1_amd64.deb
      Size/MD5:  1012152 835d3e558b69e82bac79cf49b3d00455

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3-dev_8.3.5-4ubuntu1.1_i386.deb
      Size/MD5:   647936 e0d48ac4951015b6936ce8d2d621a652
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5-4ubuntu1.1_i386.deb
      Size/MD5:  2732352 17a138d2f5749d76e97a8d7683c06da7
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4-dev_8.4.12-0ubuntu1.1_i386.deb
      Size/MD5:   792968 e724cd0fc9bbeac75658a14f8b27e4d5
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.12-0ubuntu1.1_i386.deb
      Size/MD5:   956558 41be9d0901d3a1ac67c7c23fd5e89720

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3-dev_8.3.5-4ubuntu1.1_powerpc.deb
      Size/MD5:   659876 b5848bcaac427affab78776a35721fdc
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5-4ubuntu1.1_powerpc.deb
      Size/MD5:  2931772 23c381d16d06bd5e31732abcc5aab20c
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4-dev_8.4.12-0ubuntu1.1_powerpc.deb
      Size/MD5:   806632 86aceab2be696d6b5d561ef9c82dcdf3
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.12-0ubuntu1.1_powerpc.deb
      Size/MD5:   999446 d37165f8011c609240d107351dce4764

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3-dev_8.3.5-4ubuntu1.1_sparc.deb
      Size/MD5:   680008 3c9c3ee96a4fee367ccfd65f3576854d
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5-4ubuntu1.1_sparc.deb
      Size/MD5:  2792092 080fdef4dd1b659d98467ae86d624c0c
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4-dev_8.4.12-0ubuntu1.1_sparc.deb
      Size/MD5:   826668 8977e2bb1dde135274dbd06b20694703
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.12-0ubuntu1.1_sparc.deb
      Size/MD5:   978958 5d7837807bb85880ee33ec869adeae1f

Updated packages for Ubuntu 6.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5-6ubuntu1.1.diff.gz
      Size/MD5:    27419 dc87abe90a6ebec0b47010f660032003
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5-6ubuntu1.1.dsc
      Size/MD5:      680 1fc9de2bde00e1dd3cc1306dc6d6da04
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5.orig.tar.gz
      Size/MD5:  2598030 363a55d31d94e05159e9212074c68004
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.12-1ubuntu0.1.diff.gz
      Size/MD5:    21250 f96722290a7b084194de6161d79b0062
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.12-1ubuntu0.1.dsc
      Size/MD5:      681 fb2d2c2c4466afc6177638527d8e8872
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.12.orig.tar.gz
      Size/MD5:  3245547 316491cb82d898b434842353aed1f0d6

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3-doc_8.3.5-6ubuntu1.1_all.deb
      Size/MD5:   656986 115134300fb7482b6a3f4779a9c4e765
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4-doc_8.4.12-1ubuntu0.1_all.deb
      Size/MD5:   788208 e2797c7c1afaea47e0ee06c70d568038

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3-dev_8.3.5-6ubuntu1.1_amd64.deb
      Size/MD5:   695078 d8bada6d71621e11e18899977c3edade
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5-6ubuntu1.1_amd64.deb
      Size/MD5:   831894 a6f35a385fa86e79db973e954938e0bb
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4-dev_8.4.12-1ubuntu0.1_amd64.deb
      Size/MD5:   843436 b9319791bd8b053418150ed07df23997
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.12-1ubuntu0.1_amd64.deb
      Size/MD5:  1009248 f66fa778d4a03f9d13a173015ed9224a

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3-dev_8.3.5-6ubuntu1.1_i386.deb
      Size/MD5:   671922 8b8d565f9757d34c2af451db2fa9bd63
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5-6ubuntu1.1_i386.deb
      Size/MD5:   804212 3f48315bc7ea7706803e940b37b25f23
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4-dev_8.4.12-1ubuntu0.1_i386.deb
      Size/MD5:   819580 d0c0643117eca62c153880c85bf92b03
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.12-1ubuntu0.1_i386.deb
      Size/MD5:   977614 f96da8c646399b6ad7e71029bb65d3b1

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3-dev_8.3.5-6ubuntu1.1_powerpc.deb
      Size/MD5:   663954 5c3f936a08ba71ec95c52d50b611fb5d
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5-6ubuntu1.1_powerpc.deb
      Size/MD5:   827066 cfb03dab444cb9d69e5c8344a0c8a160
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4-dev_8.4.12-1ubuntu0.1_powerpc.deb
      Size/MD5:   812316 245adbc51f62891540116c432c3ebcd4
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.12-1ubuntu0.1_powerpc.deb
      Size/MD5:  1001796 30e31e66f5d46e40dd16db0b618d5228

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3-dev_8.3.5-6ubuntu1.1_sparc.deb
      Size/MD5:   686014 cb564e3dcaf07812d49c89d421b7f518
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5-6ubuntu1.1_sparc.deb
      Size/MD5:   809634 db243a2c6a304147739826ddd6ee07a0
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4-dev_8.4.12-1ubuntu0.1_sparc.deb
      Size/MD5:   830600 f81e2e0935c3a745bffbe1e259e4383b
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.12-1ubuntu0.1_sparc.deb
      Size/MD5:   982466 fa93b720c74dd7fdb5b760dd8eee2259

Updated packages for Ubuntu 7.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5-6ubuntu2.1.diff.gz
      Size/MD5:    27536 2e1f8e3542db1221dadb528cb763515a
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5-6ubuntu2.1.dsc
      Size/MD5:      764 ccf27eb659386f992065562a7f4ccdcd
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5.orig.tar.gz
      Size/MD5:  2598030 363a55d31d94e05159e9212074c68004
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.14-0ubuntu2.1.diff.gz
      Size/MD5:    20404 979db86bd23cd5d1ba11ae13393cbbf6
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.14-0ubuntu2.1.dsc
      Size/MD5:      766 a007758d76c0de1ce27cfb9d190f0562
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.14.orig.tar.gz
      Size/MD5:  3268223 d12f591f5689f95c82bfb9c1015407bb

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3-doc_8.3.5-6ubuntu2.1_all.deb
      Size/MD5:   657038 41dcdb86d81385d0217b2ed01a9dadc5
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4-doc_8.4.14-0ubuntu2.1_all.deb
      Size/MD5:   798298 a19b4b74e3ff8b307ba1312b01eb0846

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3-dev_8.3.5-6ubuntu2.1_amd64.deb
      Size/MD5:   695462 ef341b05ceb4442d2fa787c4601442ad
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5-6ubuntu2.1_amd64.deb
      Size/MD5:   837440 e3f7627d608272b2968fed3097e56189
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4-dev_8.4.14-0ubuntu2.1_amd64.deb
      Size/MD5:   854790 cf06de203ba9f7e23533c3e988e6a092
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.14-0ubuntu2.1_amd64.deb
      Size/MD5:  1027922 e3965e81c3e0554c72ea50099ef1ae95

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3-dev_8.3.5-6ubuntu2.1_i386.deb
      Size/MD5:   671976 70a9f33b2419628923eeade00a91d6d7
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5-6ubuntu2.1_i386.deb
      Size/MD5:   809356 257d6422e86aea93933f498dcea48235
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4-dev_8.4.14-0ubuntu2.1_i386.deb
      Size/MD5:   830752 4e7e99a5071c0d3722282d93034105b9
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.14-0ubuntu2.1_i386.deb
      Size/MD5:   996014 46222052be37d2cb282a5e0a02209817

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3-dev_8.3.5-6ubuntu2.1_powerpc.deb
      Size/MD5:   670688 21f2a7b3665b6361b2444f7f98bc158d
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5-6ubuntu2.1_powerpc.deb
      Size/MD5:   831940 819e6426c03f52442b7f8c05f8bdc61f
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4-dev_8.4.14-0ubuntu2.1_powerpc.deb
      Size/MD5:   832062 a6343805717f88b2fbfb9bffefdd355a
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.14-0ubuntu2.1_powerpc.deb
      Size/MD5:  1034612 4f9be15a98a8db40f250f915a2f5658c

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3-dev_8.3.5-6ubuntu2.1_sparc.deb
      Size/MD5:   685690 55ae6b1c858fc6b126f17dc9655f3b11
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.3/tk8.3_8.3.5-6ubuntu2.1_sparc.deb
      Size/MD5:   813948 4f292972586dd313133a3e86a4cd60b3
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4-dev_8.4.14-0ubuntu2.1_sparc.deb
      Size/MD5:   841456 16158430f66eefabdfa7c5254add6b2a
    http://security.ubuntu.com/ubuntu/pool/main/t/tk8.4/tk8.4_8.4.14-0ubuntu2.1_sparc.deb
      Size/MD5:  1000590 f4123ed9ce40b12953aac59fda5013d9


 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Hackers Are Using Gmail Drafts to Update Their Malware and Steal Data
Hackers target unclassified White House network
BYOD: Why the biggest security worry is the fool within rather than the enemy without
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.