LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: April 7th, 2014
Linux Advisory Watch: April 4th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Debian: New tk8.3 packages fix arbitrary code execution Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Debian It was discovered that a buffer overflow in the GIF image parsing code of Tk, a cross-platform graphical toolkit, could lead to denial of service and potentially the execution of arbitrary code.
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1490-1                  security@debian.org
http://www.debian.org/security/                       Moritz Muehlenhoff
February 10, 2008                     http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : tk8.3
Vulnerability  : buffer overflow
Problem type   : local(remote)
Debian-specific: no
CVE Id(s)      : CVE-2008-0553

It was discovered that a buffer overflow in the GIF image parsing code
of Tk, a cross-platform graphical toolkit, could lead to denial of
service and potentially the execution of arbitrary code.

For the stable distribution (etch), this problem has been fixed in
version 8.3.5-6etch2.

For the old stable distribution (sarge), this problem has been fixed in
version 8.3.5-4sarge1.

We recommend that you upgrade your tk8.3 packages.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian 3.1 (oldstable)
- ----------------------

Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-4sarge1.dsc
    Size/MD5 checksum:      619 72ec50a6f7fe598dfdfa5bb6dcce26b8
  http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-4sarge1.diff.gz
    Size/MD5 checksum:    27487 e8e4be4e42aa8d8aa42737e51bd00efb

Architecture independent packages:

  http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-doc_8.3.5-4sarge1_all.deb
    Size/MD5 checksum:   656610 2fdeefaa7fda287e93f03835b81c6b97

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-4sarge1_alpha.deb
    Size/MD5 checksum:   800050 9ffdf85836c8c363791fca0fd9695caa
  http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-4sarge1_alpha.deb
    Size/MD5 checksum:   866706 dccdb481171dbda93f1e285ba80928c1

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-4sarge1_amd64.deb
    Size/MD5 checksum:  5401662 027185eb7532fa4e9cdd0d50bdaf3d83
  http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-4sarge1_amd64.deb
    Size/MD5 checksum:   678048 b5be308ba38fab05cae38e092d57a889

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-4sarge1_arm.deb
    Size/MD5 checksum:   693912 5399334e960fdcc8bcffe9264f249088
  http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-4sarge1_arm.deb
    Size/MD5 checksum:  5374592 80f52caef92bb04868944996407be7b4

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-4sarge1_hppa.deb
    Size/MD5 checksum:  5523864 89387f3788ac2ecc8f1209573e51d462
  http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-4sarge1_hppa.deb
    Size/MD5 checksum:   771440 50776eb1a27f0b64d5a293bc9a3b2578

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-4sarge1_i386.deb
    Size/MD5 checksum:  5373152 1acda6edfe3ca9d906e309b7ec1c80df
  http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-4sarge1_i386.deb
    Size/MD5 checksum:   663734 2455bba9b8ff48ff5cac5a95f4c186e6

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-4sarge1_ia64.deb
    Size/MD5 checksum:   898866 940ba28f8b0db48406ee4809b9d77f86
  http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-4sarge1_ia64.deb
    Size/MD5 checksum:  5621592 4fb33ae434375d246943d88dd3682c7a

m68k architecture (Motorola Mc680x0)

  http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-4sarge1_m68k.deb
    Size/MD5 checksum:   575068 6458f19e912a11ed076486ab61743214
  http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-4sarge1_m68k.deb
    Size/MD5 checksum:  5379682 fc5794b7b0079628fa530298f9476bfb

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-4sarge1_mips.deb
    Size/MD5 checksum:   704002 25fbbe38f11333a06bc05d23126df314
  http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-4sarge1_mips.deb
    Size/MD5 checksum:   816286 b3d5de6c3d0825efae3c2589e092aa34

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-4sarge1_mipsel.deb
    Size/MD5 checksum:   813022 1423ef69d3d9bd8b701793856cc795cf
  http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-4sarge1_mipsel.deb
    Size/MD5 checksum:   701082 406ae2f59095a43400895e5b40e6ab3c

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-4sarge1_powerpc.deb
    Size/MD5 checksum:  7878966 a265e04e508554a1d0bd314cb7d6a908
  http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-4sarge1_powerpc.deb
    Size/MD5 checksum:   677236 6a4d7527fbf5a228c1acde4299ea1f84

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-4sarge1_s390.deb
    Size/MD5 checksum:  5561774 e0f0a37236461ae94b933e4a5eb14817
  http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-4sarge1_s390.deb
    Size/MD5 checksum:   674842 6c668ee1265ae78ad5b812e607f5f71d

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-4sarge1_sparc.deb
    Size/MD5 checksum:  5426718 20594b4384ea7417cf7a5632f8638bbd
  http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-4sarge1_sparc.deb
    Size/MD5 checksum:   678866 abc4b418f08a7605df0e9eb8cd4c657d

Debian 4.0 (stable)
- -------------------

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch2.dsc
    Size/MD5 checksum:      672 4e486153b8faf53782476e22c3880001
  http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch2.diff.gz
    Size/MD5 checksum:    28777 54d70c692b5c712098e7a3f3da8a169f
  http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5.orig.tar.gz
    Size/MD5 checksum:  2598030 363a55d31d94e05159e9212074c68004

Architecture independent packages:

  http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-doc_8.3.5-6etch2_all.deb
    Size/MD5 checksum:   657298 cc62b269ba2ac2bd6eca61774adb75b8

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch2_alpha.deb
    Size/MD5 checksum:   870312 ca7383e0d6ceac65fd9dc59625fb051d
  http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch2_alpha.deb
    Size/MD5 checksum:   808390 23b7446294b1cb3cf48fc1ad51b4edfe

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch2_amd64.deb
    Size/MD5 checksum:   830910 4769eafe35695248d9e5f86b55a71874
  http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch2_amd64.deb
    Size/MD5 checksum:   691460 ab8c2af96d4573753de894f5d738d9df

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch2_arm.deb
    Size/MD5 checksum:   802950 247e4ef8599dff92ce89ffc040a683e9
  http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch2_arm.deb
    Size/MD5 checksum:   649908 ad723304134fdd974f87f03be98466c4

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch2_hppa.deb
    Size/MD5 checksum:   889136 299f1a1f029ae989000f0618f3f627c2
  http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch2_hppa.deb
    Size/MD5 checksum:   773516 1d0fa389e6d47a3735d9db10eea5030e

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch2_i386.deb
    Size/MD5 checksum:   805102 94482087953e4efdbd27bd72ae7187af
  http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch2_i386.deb
    Size/MD5 checksum:   672612 a89666282487cda0bae98a0873fb01d7

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch2_ia64.deb
    Size/MD5 checksum:  1057942 c8a0053f14a1cf36f3dd20124b633e68
  http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch2_ia64.deb
    Size/MD5 checksum:   959576 b3c0dd20cc601ef00c8f2958f33b57ab

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch2_mips.deb
    Size/MD5 checksum:   728178 f8e3ef984f59b502767e39a16418b512
  http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch2_mips.deb
    Size/MD5 checksum:   825678 46311b08a5851e68a355217f08068647

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch2_mipsel.deb
    Size/MD5 checksum:   823114 1beec3521b5a071b5d61c7ac0ab400f4
  http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch2_mipsel.deb
    Size/MD5 checksum:   725968 44abec2145cf4619ee9fdb519d8a817b

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch2_powerpc.deb
    Size/MD5 checksum:   659960 6121101918009e9cfc3400bd00bd1176
  http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch2_powerpc.deb
    Size/MD5 checksum:   824324 2b4d6681e5736f78fdfdfe0afc9c54cc

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch2_s390.deb
    Size/MD5 checksum:   838398 4cf8eb32d6c4a0e51d42141c4be20f94
  http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch2_s390.deb
    Size/MD5 checksum:   694042 68ab888f154ccd255b2e3487ee449076

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch2_sparc.deb
    Size/MD5 checksum:   680556 ca6f34ad3f8052f0488fbb27c63f46b7
  http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch2_sparc.deb
    Size/MD5 checksum:   805330 e9088a3f282d1d34fc60437bbc29579e


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Hackers From China Waste Little Time in Exploiting Heartbleed
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Why a hacker got paid for finding the Heartbleed bug
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.