RHSA-2008:0135: Moderate: tk security update
First published: Thu Feb 21 2008(Updated: )
Tk is a graphical toolkit for the Tcl scripting language.<br>An input validation flaw was discovered in Tk's GIF image handling. A<br>code-size value read from a GIF image was not properly validated before<br>being used, leading to a buffer overflow. A specially crafted GIF file<br>could use this to cause a crash or, potentially, execute code with the<br>privileges of the application using the Tk graphical toolkit.<br>(CVE-2008-0553)<br>A buffer overflow flaw was discovered in Tk's animated GIF image handling.<br>An animated GIF containing an initial image smaller than subsequent images<br>could cause a crash or, potentially, execute code with the privileges of<br>the application using the Tk library. (CVE-2007-5378)<br>All users are advised to upgrade to these updated packages which contain a<br>backported patches to resolve these issues.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/tk | <8.4.7-3.el4_6.1 | 8.4.7-3.el4_6.1 |
| redhat/tk | <8.4.7-3.el4_6.1 | 8.4.7-3.el4_6.1 |
| redhat/tk-devel | <8.4.7-3.el4_6.1 | 8.4.7-3.el4_6.1 |
| redhat/tk-devel | <8.4.7-3.el4_6.1 | 8.4.7-3.el4_6.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- agent/weakness
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2008:0135
- agent/software-canonical-lookup
- package-manager/redhat