RHSA-2008:0134: Moderate: tcltk security update
First published: Thu Feb 21 2008(Updated: )
Tcl is a scripting language designed for embedding into other applications<br>and for use with Tk, a widget set.<br>An input validation flaw was discovered in Tk's GIF image handling. A<br>code-size value read from a GIF image was not properly validated before<br>being used, leading to a buffer overflow. A specially crafted GIF file<br>could use this to cause a crash or, potentially, execute code with the<br>privileges of the application using the Tk graphical toolkit.<br>(CVE-2008-0553)<br>A buffer overflow flaw was discovered in Tk's animated GIF image handling.<br>An animated GIF containing an initial image smaller than subsequent images<br>could cause a crash or, potentially, execute code with the privileges of<br>the application using the Tk library. (CVE-2007-5378)<br>A flaw in the Tcl regular expression handling engine was discovered by Will<br>Drewry. This flaw, first discovered in the Tcl regular expression engine<br>used in the PostgreSQL database server, resulted in an infinite loop when<br>processing certain regular expressions. (CVE-2007-4772)<br>All users are advised to upgrade to these updated packages which contain<br>backported patches which resolve these issues.
| Affected Software | Affected Version | How to fix |
|---|
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/weakness
- agent/title
- agent/references
- agent/severity
- agent/description
- agent/type
- agent/event
- agent/remedy
- agent/softwarecombine
- agent/last-modified-date
- agent/first-publish-date
- agent/tags
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2008:0134