DSA 1490-1: New tk8.3 packages fix arbitrary code execution
Posted on: 02/10/2008 10:30 PM

The Debian Security Team published a new security update for Debian GNU/Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1490-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
February 10, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : tk8.3
Vulnerability : buffer overflow
Problem type : local(remote)
Debian-specific: no
CVE Id(s) : CVE-2008-0553

It was discovered that a buffer overflow in the GIF image parsing code
of Tk, a cross-platform graphical toolkit, could lead to denial of
service and potentially the execution of arbitrary code.

For the stable distribution (etch), this problem has been fixed in
version 8.3.5-6etch2.

For the old stable distribution (sarge), this problem has been fixed in
version 8.3.5-4sarge1.

We recommend that you upgrade your tk8.3 packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian 3.1 (oldstable)
- ----------------------

Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-4sarge1.dsc
Size/MD5 checksum: 619 72ec50a6f7fe598dfdfa5bb6dcce26b8
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-4sarge1.diff.gz
Size/MD5 checksum: 27487 e8e4be4e42aa8d8aa42737e51bd00efb

Architecture independent packages:

http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-doc_8.3.5-4sarge1_all.deb
Size/MD5 checksum: 656610 2fdeefaa7fda287e93f03835b81c6b97

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-4sarge1_alpha.deb
Size/MD5 checksum: 800050 9ffdf85836c8c363791fca0fd9695caa
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-4sarge1_alpha.deb
Size/MD5 checksum: 866706 dccdb481171dbda93f1e285ba80928c1

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-4sarge1_amd64.deb
Size/MD5 checksum: 5401662 027185eb7532fa4e9cdd0d50bdaf3d83
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-4sarge1_amd64.deb
Size/MD5 checksum: 678048 b5be308ba38fab05cae38e092d57a889

arm architecture (ARM)

http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-4sarge1_arm.deb
Size/MD5 checksum: 693912 5399334e960fdcc8bcffe9264f249088
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-4sarge1_arm.deb
Size/MD5 checksum: 5374592 80f52caef92bb04868944996407be7b4

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-4sarge1_hppa.deb
Size/MD5 checksum: 5523864 89387f3788ac2ecc8f1209573e51d462
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-4sarge1_hppa.deb
Size/MD5 checksum: 771440 50776eb1a27f0b64d5a293bc9a3b2578

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-4sarge1_i386.deb
Size/MD5 checksum: 5373152 1acda6edfe3ca9d906e309b7ec1c80df
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-4sarge1_i386.deb
Size/MD5 checksum: 663734 2455bba9b8ff48ff5cac5a95f4c186e6

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-4sarge1_ia64.deb
Size/MD5 checksum: 898866 940ba28f8b0db48406ee4809b9d77f86
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-4sarge1_ia64.deb
Size/MD5 checksum: 5621592 4fb33ae434375d246943d88dd3682c7a

m68k architecture (Motorola Mc680x0)

http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-4sarge1_m68k.deb
Size/MD5 checksum: 575068 6458f19e912a11ed076486ab61743214
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-4sarge1_m68k.deb
Size/MD5 checksum: 5379682 fc5794b7b0079628fa530298f9476bfb

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-4sarge1_mips.deb
Size/MD5 checksum: 704002 25fbbe38f11333a06bc05d23126df314
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-4sarge1_mips.deb
Size/MD5 checksum: 816286 b3d5de6c3d0825efae3c2589e092aa34

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-4sarge1_mipsel.deb
Size/MD5 checksum: 813022 1423ef69d3d9bd8b701793856cc795cf
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-4sarge1_mipsel.deb
Size/MD5 checksum: 701082 406ae2f59095a43400895e5b40e6ab3c

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-4sarge1_powerpc.deb
Size/MD5 checksum: 7878966 a265e04e508554a1d0bd314cb7d6a908
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-4sarge1_powerpc.deb
Size/MD5 checksum: 677236 6a4d7527fbf5a228c1acde4299ea1f84

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-4sarge1_s390.deb
Size/MD5 checksum: 5561774 e0f0a37236461ae94b933e4a5eb14817
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-4sarge1_s390.deb
Size/MD5 checksum: 674842 6c668ee1265ae78ad5b812e607f5f71d

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-4sarge1_sparc.deb
Size/MD5 checksum: 5426718 20594b4384ea7417cf7a5632f8638bbd
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-4sarge1_sparc.deb
Size/MD5 checksum: 678866 abc4b418f08a7605df0e9eb8cd4c657d

Debian 4.0 (stable)
- -------------------

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch2.dsc
Size/MD5 checksum: 672 4e486153b8faf53782476e22c3880001
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch2.diff.gz
Size/MD5 checksum: 28777 54d70c692b5c712098e7a3f3da8a169f
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5.orig.tar.gz
Size/MD5 checksum: 2598030 363a55d31d94e05159e9212074c68004

Architecture independent packages:

http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-doc_8.3.5-6etch2_all.deb
Size/MD5 checksum: 657298 cc62b269ba2ac2bd6eca61774adb75b8

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch2_alpha.deb
Size/MD5 checksum: 870312 ca7383e0d6ceac65fd9dc59625fb051d
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch2_alpha.deb
Size/MD5 checksum: 808390 23b7446294b1cb3cf48fc1ad51b4edfe

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch2_amd64.deb
Size/MD5 checksum: 830910 4769eafe35695248d9e5f86b55a71874
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch2_amd64.deb
Size/MD5 checksum: 691460 ab8c2af96d4573753de894f5d738d9df

arm architecture (ARM)

http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch2_arm.deb
Size/MD5 checksum: 802950 247e4ef8599dff92ce89ffc040a683e9
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch2_arm.deb
Size/MD5 checksum: 649908 ad723304134fdd974f87f03be98466c4

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch2_hppa.deb
Size/MD5 checksum: 889136 299f1a1f029ae989000f0618f3f627c2
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch2_hppa.deb
Size/MD5 checksum: 773516 1d0fa389e6d47a3735d9db10eea5030e

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch2_i386.deb
Size/MD5 checksum: 805102 94482087953e4efdbd27bd72ae7187af
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch2_i386.deb
Size/MD5 checksum: 672612 a89666282487cda0bae98a0873fb01d7

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch2_ia64.deb
Size/MD5 checksum: 1057942 c8a0053f14a1cf36f3dd20124b633e68
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch2_ia64.deb
Size/MD5 checksum: 959576 b3c0dd20cc601ef00c8f2958f33b57ab

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch2_mips.deb
Size/MD5 checksum: 728178 f8e3ef984f59b502767e39a16418b512
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch2_mips.deb
Size/MD5 checksum: 825678 46311b08a5851e68a355217f08068647

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch2_mipsel.deb
Size/MD5 checksum: 823114 1beec3521b5a071b5d61c7ac0ab400f4
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch2_mipsel.deb
Size/MD5 checksum: 725968 44abec2145cf4619ee9fdb519d8a817b

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch2_powerpc.deb
Size/MD5 checksum: 659960 6121101918009e9cfc3400bd00bd1176
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch2_powerpc.deb
Size/MD5 checksum: 824324 2b4d6681e5736f78fdfdfe0afc9c54cc

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch2_s390.deb
Size/MD5 checksum: 838398 4cf8eb32d6c4a0e51d42141c4be20f94
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch2_s390.deb
Size/MD5 checksum: 694042 68ab888f154ccd255b2e3487ee449076

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch2_sparc.deb
Size/MD5 checksum: 680556 ca6f34ad3f8052f0488fbb27c63f46b7
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch2_sparc.deb
Size/MD5 checksum: 805330 e9088a3f282d1d34fc60437bbc29579e


These files will probably be moved into the stable distribution on
its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show lt;pkggt;' and http://packages.debian.org/lt;pkggt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHr2OxXm3vHE4uyloRAkafAKCuKXtyAKy6xImKbrHZ2tzB4MSeqACfSgx9
GcCq7YG3B7cptt6lnE9RZsM=
=Eqft
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/dsa_1490_1_new_tk83_packages_fix_arbitrary_code_execution.html)