Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Security Week: March 30th, 2015
Linux Advisory Watch: March 27th, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Ubuntu: Tk vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu It was discovered that Tk could be made to overrun a buffer when loading certain images. If a user were tricked into opening a specially crafted GIF image, remote attackers could cause a denial of service or execute arbitrary code with user privileges.
Ubuntu Security Notice USN-664-1          November 06, 2008
tk8.0, tk8.3, tk8.4 vulnerability

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 7.10
Ubuntu 8.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  tk8.0                           8.0.5-11ubuntu0.1
  tk8.3                           8.3.5-4ubuntu1.2
  tk8.4                           8.4.12-0ubuntu1.2

Ubuntu 7.10:
  tk8.3                           8.3.5-6ubuntu3.1
  tk8.4                           8.4.15-1ubuntu1.1

Ubuntu 8.04 LTS:
  tk8.4                           8.4.16-2ubuntu1.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

It was discovered that Tk could be made to overrun a buffer when loading
certain images. If a user were tricked into opening a specially crafted
GIF image, remote attackers could cause a denial of service or execute
arbitrary code with user privileges.

Updated packages for Ubuntu 6.06 LTS:

  Source archives:
      Size/MD5:   455767 624a4aaeda503706d929f7d8f203a3e3
      Size/MD5:     1019 9f9fde8c98171c13cf504bb2c2bdde17
      Size/MD5:  2033223 3ae92b86c01ec99a1872697294839e64
      Size/MD5:    28060 51b033f7ac63ec0dc35fb3ebcb50f418
      Size/MD5:     1023 49db61772bb838f83df230b214161907
      Size/MD5:  2598030 363a55d31d94e05159e9212074c68004
      Size/MD5:    21534 2e49f47d0df578cddbfb9775469d168b
      Size/MD5:     1083 a3ad94f647e37b3da2d3ea2274bb6f08
      Size/MD5:  3245547 316491cb82d898b434842353aed1f0d6

  Architecture independent packages:
      Size/MD5:   788200 01dc19de0b3d36acea0541622129a442
      Size/MD5:   555110 8da51243a21a0d0e03c4bb5c33389e42
      Size/MD5:   656938 24d91aed7f2612ac56b56bbf16a6b3a8

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:  1242594 9c6cb511fc3ec39fc4f338f616597307
      Size/MD5:   697568 d47ef6fa6c4269899d84273a3c502318
      Size/MD5:  2919866 9851c5e98c5820edee0cb73134e4465f
      Size/MD5:   846932 7203e3548032f5e126c3e04adddcd9bb
      Size/MD5:  1012164 e8d1cc364274f2c92fff254bf0cf31ff
      Size/MD5:   564798 d6aaa3faa675ae34f5517b9a800ec4e7

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:  1112956 b27a3e79df915bff0aa557bdae8eac0d
      Size/MD5:   648134 6747530f3380f84cbdc637e2c4ed3429
      Size/MD5:  2732568 5f1bc057480c20a0e66414b58a34ff58
      Size/MD5:   793148 229b89170088c480db48a32f92ff28ba
      Size/MD5:   956516 0f531a37707a2e5db21c050fbaf752bd
      Size/MD5:   521652 6c10e6945c334c1506dacc9970367d03

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:  1230088 02a5a6f0bc73b94fd4c16d31bc633109
      Size/MD5:   660074 c89495d38a922de0f188199d47971dbc
      Size/MD5:  2932018 5e9388afbb35c561aff87c1ae83a322e
      Size/MD5:   806852 8d6a9dcacbf8725abf1f0beead19de65
      Size/MD5:   999658 c483c85e3736eccf66f597f2e3deea13
      Size/MD5:   533942 2b539c0f193b96518588ea1ba35d0cf6

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:  1128404 dd01474892069952e4d23b7e46db81c8
      Size/MD5:   680266 2500c749b23b90a590d193f6687f4835
      Size/MD5:  2792458 c8c5259f432014f64d0a3f91de2d1125
      Size/MD5:   826916 ba6ab8fd313bd283accfc849e56b7d30
      Size/MD5:   979172 0dc20a66a68b6b09227fa607ad9e9864
      Size/MD5:   538652 3d27539675cdf3fbf2a05546321ad736

Updated packages for Ubuntu 7.10:

  Source archives:
      Size/MD5:    28401 56ae8da9e13ba5c50b5383a87e518452
      Size/MD5:     1162 9377043998c247fea3cb21cb2e93a49c
      Size/MD5:  2598030 363a55d31d94e05159e9212074c68004
      Size/MD5:    11022 fabe1a67b27e694f25b384746589bbb8
      Size/MD5:     1277 09200463daf224b1f7ab29b95bb50a3a
      Size/MD5:  3340313 68777568d818e1980dda4b6b02b92f1a

  Architecture independent packages:
      Size/MD5:   657166 4713b2254c2467e6975c7a2fd2be4346
      Size/MD5:   806328 4e47f9174acbf2dd54a90b52991ec806

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:   697782 8d9f3c14931017633eef838c86b866e8
      Size/MD5:   838492 2def3ba9f59eddd2c7a6dd4a4ed504b4
      Size/MD5:   865754 539d4df4c8f30b21d8d3be213b9e2613
      Size/MD5:  1036114 b7f8a3d7f278382d4208f69f22c292a1

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:   672294 253fbc3e57601da574d4902318104e27
      Size/MD5:   809568 d14ddfa099c9e1d86e51c33ca4297a6b
      Size/MD5:   840150 45ae7d4de5e8307b43da6fed285e0f0f
      Size/MD5:  1002570 0feb06f1239d4dc3a09cecebb818df80

  lpia architecture (Low Power Intel Architecture):
      Size/MD5:   664762 6b2c167a411b5bc6b51e897dbfc72d44
      Size/MD5:   809050 11fc7f117ba6f757a9cc3d4dabde6a61
      Size/MD5:   832466 5aadc7ef038e680eeb50ff329578c7e7
      Size/MD5:  1002542 93e6840019c82592f4acdce31e7d8832

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:   671038 7a7cc41b5cafa1a63d0e7c0c97a2e3e1
      Size/MD5:   844566 0fb95d839a8b8ed6244818c6217738fb
      Size/MD5:   841154 8405745783c484b3391101a6d238f2c4
      Size/MD5:  1042582 27069ff173a63b8c6e5b7755666ca238

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:   686192 4b6bbb17d26c6f730457f847b6b086ca
      Size/MD5:   814140 c662b08e362151a5b6168383c2558e6f
      Size/MD5:   850358 6ef19660783562ad79980d834d22af7e
      Size/MD5:  1009164 9cf16927296e3566146cab438e5bcf0c

Updated packages for Ubuntu 8.04 LTS:

  Source archives:
      Size/MD5:    11255 fddfeb381414ae5ad3f1b666f0a3bbb3
      Size/MD5:     1343 2239977514a8b8b5a55a152264f8567b
      Size/MD5:  3344618 24d18fbebe3bb8853e418431be01bf2c

  Architecture independent packages:
      Size/MD5:   810520 ef5e83ada9997a86ea6c81d53dcc069a

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:   875806 d01319038e80337d979c4f0c1a425cb8
      Size/MD5:  1041820 2c9caebfc0d4d920b34502f056aa928a

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:   843216 d6efa05e7cb077b59c8e4b37dadedde9
      Size/MD5:  1001132 c7d3727a22902bc4573fd7f685e1f381

  lpia architecture (Low Power Intel Architecture):
      Size/MD5:   836000 f91f94686955b0b76362206336a96929
      Size/MD5:   999502 fdd407d2c354c3b61baffb84550af475

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:   852414 119d5a95f72b3e21d7a49b5411be4cfa
      Size/MD5:  1043522 d7c78251011f26489c28eb54bfabb699

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:   841910 d7123dbc22b32711a226e49c95db23dc
      Size/MD5:  1001600 fe343da05ac4e8e03e81ceb805e04dc2

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
MongoDB Patches Remote Denial-of-Service Vulnerability
DDoS Attack Against GitHub Continues After More Than Four Days
5 keys to hiring security talent
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.