Oval Definition:oval:com.redhat.rhsa:def:20080136
Revision Date:2008-02-21Version:634
Title:RHSA-2008:0136: tk security update (Moderate)
Description:Tk is a graphical toolkit for the Tcl scripting language.

  • An input validation flaw was discovered in Tk's GIF image handling. A code-size value read from a GIF image was not properly validated before being used, leading to a buffer overflow. A specially crafted GIF file could use this to cause a crash or, potentially, execute code with the privileges of the application using the Tk graphical toolkit. (CVE-2008-0553)

  • A buffer overflow flaw was discovered in Tk's animated GIF image handling. An animated GIF containing an initial image smaller than subsequent images could cause a crash or, potentially, execute code with the privileges of the application using the Tk library. (CVE-2007-5137)

    All users are advised to upgrade to these updated packages which contain a backported patches to resolve these issues.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2007-5137
    CVE-2008-0553
    RHSA-2008:0136
    RHSA-2008:0136-01
    RHSA-2008:0136-01
    Platform(s):Red Hat Enterprise Linux 5
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND
  • tk is earlier than 0:8.4.13-5.el5_1.1
  • AND tk is signed with Red Hat redhatrelease2 key
  • tk-devel is earlier than 0:8.4.13-5.el5_1.1
  • AND tk-devel is signed with Red Hat redhatrelease2 key
    • BACK