FrSIRT - Mandriva Security Update Fixes Tk "ReadImage()" Buffer Overflow Issue / Exploit

French Security Incident Response Team

Français

English

Mandriva Security Update Fixes Tk "ReadImage()" Buffer Overflow Issue

Date de Publication : 2008-02-08 © FrSIRT.COM
Titre : Mandriva Security Update Fixes Tk "ReadImage()" Buffer Overflow Issue
Identifiant : FrSIRT/AVIS-2008-0458
CVE ID : CVE-2008-0553
Risque : Elevé (3/4) -

Exploitable à distance : Oui
Exploitable en local : Oui

En savoir plus

Description

Produits affectés

Solution

Références

Description Technique

Une vulnérabilité a été identifiée dans Mandriva, elle pourrait être exploitée par des attaquants afin de causer un déni de service ou compromettre un système vulnérable [...]

Solution

Installer les mises à jour :

Mandriva Linux 2007.0:
313a17f5bd97cfa3585e4c081980a277 2007.0/i586/libtk8.4-8.4.13-1.2mdv2007.0.i586.rpm
0f3e50eb6d0ad4171466a77563647f06 2007.0/i586/libtk8.4-devel-8.4.13-1.2mdv2007.0.i586.rpm
4343ad52dcaaa9c2b3a721203c55e55a 2007.0/i586/tk-8.4.13-1.2mdv2007.0.i586.rpm
00af2123b29298539e37a1b24d832774 2007.0/SRPMS/tk-8.4.13-1.2mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
9c7d84dbf13a2595d97ddd4f2909d739 2007.0/x86_64/lib64tk8.4-8.4.13-1.2mdv2007.0.x86_64.rpm
83703461ccd52243d299dd0a00611019 2007.0/x86_64/lib64tk8.4-devel-8.4.13-1.2mdv2007.0.x86_64.rpm
16be00250d31baa14b8daaef1050a849 2007.0/x86_64/tk-8.4.13-1.2mdv2007.0.x86_64.rpm
00af2123b29298539e37a1b24d832774 2007.0/SRPMS/tk-8.4.13-1.2mdv2007.0.src.rpm

Mandriva Linux 2007.1:
59fc6defd594590a401cd16796769921 2007.1/i586/libtk8.4-8.4.14-1.2mdv2007.1.i586.rpm
d0a31e7f5bb7f15b981c91ad8cea16ed 2007.1/i586/libtk8.4-devel-8.4.14-1.2mdv2007.1.i586.rpm
0fd5d28dc25ff74443b1a1aa9c9f0f51 2007.1/i586/tk-8.4.14-1.2mdv2007.1.i586.rpm
a84a7d5dec8ce5863e6a9b95f947522c 2007.1/SRPMS/tk-8.4.14-1.2mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
38bc8310c8500041edaa37c96947c2ad 2007.1/x86_64/lib64tk8.4-8.4.14-1.2mdv2007.1.x86_64.rpm
aa08bf6f098a79dc2c788f646891cc9c 2007.1/x86_64/lib64tk8.4-devel-8.4.14-1.2mdv2007.1.x86_64.rpm
110f8dfe0cabf73be25c5199c6a6573a 2007.1/x86_64/tk-8.4.14-1.2mdv2007.1.x86_64.rpm
a84a7d5dec8ce5863e6a9b95f947522c 2007.1/SRPMS/tk-8.4.14-1.2mdv2007.1.src.rpm

Mandriva Linux 2008.0:
e508b67d8677e460b82fef4ca62cad11 2008.0/i586/libtk-devel-8.5a6-8.2mdv2008.0.i586.rpm
35fce37958832c7edbf4e8f2d63c9a72 2008.0/i586/libtk8.5-8.5a6-8.2mdv2008.0.i586.rpm
c6a98c234a266e8f598261fd083efb66 2008.0/i586/tk-8.5a6-8.2mdv2008.0.i586.rpm
5bf712675013ea0217a40b88b250eec6 2008.0/SRPMS/tk-8.5a6-8.2mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
8600972bc80fe3d7dd4c38996fd3ebaf 2008.0/x86_64/lib64tk-devel-8.5a6-8.2mdv2008.0.x86_64.rpm
afc55de6e27641bb41ddeff756f5fd7e 2008.0/x86_64/lib64tk8.5-8.5a6-8.2mdv2008.0.x86_64.rpm
ea6772c14e7ff43edf66c8b11cdb9220 2008.0/x86_64/tk-8.5a6-8.2mdv2008.0.x86_64.rpm
5bf712675013ea0217a40b88b250eec6 2008.0/SRPMS/tk-8.5a6-8.2mdv2008.0.src.rpm

Corporate 3.0:
3b1d115b2af8da6031f9516258ff6189 corporate/3.0/i586/expect-8.4.5-3.2.C30mdk.i586.rpm
e7f0b7e434eeb9c0e610b9243a7a77f2 corporate/3.0/i586/itcl-8.4.5-3.2.C30mdk.i586.rpm
8994456be1907adba99f888605eeb9b0 corporate/3.0/i586/tcl-8.4.5-3.2.C30mdk.i586.rpm
559e5c236040dd10c97d68029471a2db corporate/3.0/i586/tcllib-8.4.5-3.2.C30mdk.i586.rpm
806fee7439ca70c4c3a07b452e235b6e corporate/3.0/i586/tclx-8.4.5-3.2.C30mdk.i586.rpm
b43dfda12ad3b87ba08d2fe251f9b789 corporate/3.0/i586/tix-8.4.5-3.2.C30mdk.i586.rpm
c0def25f6136448cec4b5f76c9ef7768 corporate/3.0/i586/tk-8.4.5-3.2.C30mdk.i586.rpm
77bfafd2bc669a44229c98235d9d7ddf corporate/3.0/SRPMS/tcltk-8.4.5-3.2.C30mdk.src.rpm

Corporate 3.0/X86_64:
087fb2465422f9a986058ea7ef94805f corporate/3.0/x86_64/expect-8.4.5-3.2.C30mdk.x86_64.rpm
da7a9ad6f31bf88c450d1a420622eecb corporate/3.0/x86_64/itcl-8.4.5-3.2.C30mdk.x86_64.rpm
86e4f3730cb0df460e4046e145e6f23d corporate/3.0/x86_64/tcl-8.4.5-3.2.C30mdk.x86_64.rpm
a11c191d79f26ee41f0b3409e7ff9f45 corporate/3.0/x86_64/tcllib-8.4.5-3.2.C30mdk.x86_64.rpm
c7aacd94b3ffcf5d08b0f849ff11c2fd corporate/3.0/x86_64/tclx-8.4.5-3.2.C30mdk.x86_64.rpm
b8d04ce8ef73561878c872ecf648cccc corporate/3.0/x86_64/tix-8.4.5-3.2.C30mdk.x86_64.rpm
422837916e450af91a6138cc1b9d293a corporate/3.0/x86_64/tk-8.4.5-3.2.C30mdk.x86_64.rpm
77bfafd2bc669a44229c98235d9d7ddf corporate/3.0/SRPMS/tcltk-8.4.5-3.2.C30mdk.src.rpm

Corporate 4.0:
0a8ab7cee460cd844fc36ffae18f22cf corporate/4.0/i586/expect-8.4.11-1.2.20060mlcs4.i586.rpm
d8e97408f980801d3033771bddd3654c corporate/4.0/i586/itcl-8.4.11-1.2.20060mlcs4.i586.rpm
b1a73ccba0f46a7368752f61037d55d4 corporate/4.0/i586/iwidgets-8.4.11-1.2.20060mlcs4.i586.rpm
dbe4336575a216ab49ba2896707d1a42 corporate/4.0/i586/libtcl8.4-8.4.11-1.2.20060mlcs4.i586.rpm
8eca04215b8688949d00428075bb7e6c corporate/4.0/i586/libtk8.4-8.4.11-1.2.20060mlcs4.i586.rpm
a1eaa7f756cdc305b4289eb048f4c27d corporate/4.0/i586/tcl-8.4.11-1.2.20060mlcs4.i586.rpm
3efda5e311c63186d677849a53f29588 corporate/4.0/i586/tcllib-8.4.11-1.2.20060mlcs4.i586.rpm
c6caf3a8451c039d18233e7d0d75ba55 corporate/4.0/i586/tclx-8.4.11-1.2.20060mlcs4.i586.rpm
8c81d484a98a63edd8aa61db49e328c4 corporate/4.0/i586/tix-8.4.11-1.2.20060mlcs4.i586.rpm
0fbe1014bcc0e336c99df4ac6c15cede corporate/4.0/i586/tk-8.4.11-1.2.20060mlcs4.i586.rpm
04aeb45e0af9e354bbeb50cf710e92c8 corporate/4.0/SRPMS/tcltk-8.4.11-1.2.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
a85bcacdbba4e5935d9d0fd362cfe26c corporate/4.0/x86_64/expect-8.4.11-1.2.20060mlcs4.x86_64.rpm
853c81ee4ed5ca0d9356b42debdb78a1 corporate/4.0/x86_64/itcl-8.4.11-1.2.20060mlcs4.x86_64.rpm
4b4e2c34bf7238d2f7d13d558af39c90 corporate/4.0/x86_64/iwidgets-8.4.11-1.2.20060mlcs4.x86_64.rpm
e7578950e94fb19ffcf498c0f94d8923 corporate/4.0/x86_64/lib64tcl8.4-8.4.11-1.2.20060mlcs4.x86_64.rpm
15325efd404bf8360a68ff0a9f53d3b7 corporate/4.0/x86_64/lib64tk8.4-8.4.11-1.2.20060mlcs4.x86_64.rpm
32db571f68c7dfd66ff1424a65ad2f8d corporate/4.0/x86_64/tcl-8.4.11-1.2.20060mlcs4.x86_64.rpm
7c93dc23da99af0ccc94ef1f87f2ab19 corporate/4.0/x86_64/tcllib-8.4.11-1.2.20060mlcs4.x86_64.rpm
85c10ab5dc0e50081897e1798312bb09 corporate/4.0/x86_64/tclx-8.4.11-1.2.20060mlcs4.x86_64.rpm
83aed2c99f3d77578ff2826dd1ce4926 corporate/4.0/x86_64/tix-8.4.11-1.2.20060mlcs4.x86_64.rpm
91b1e013f3c8a927cafb96577cc786cc corporate/4.0/x86_64/tk-8.4.11-1.2.20060mlcs4.x86_64.rpm
04aeb45e0af9e354bbeb50cf710e92c8 corporate/4.0/SRPMS/tcltk-8.4.11-1.2.20060mlcs4.src.rpm

Historique

2008-02-08 : Version Initiale

Recevez les bulletins FrSIRT

Le service FrSIRT VNS permet aux professionnels de la sécurité (RSSI, DSI, administrateurs et consultants) de recevoir en temps-réel, par email, SMS et flux RSS/XML, des bulletins de vulnérabilités complets, détaillés et personnalisés.

Recherche

Newsletter

	Apple Mac OS X Command Execution Vulnerabilities
	Apple Safari for Mac OS X Remote Code Execution Vulnerability
	Apple Mac OS X ARDAgent Local Privilege Escalation Vulnerability
	Apple Safari Code Execution and Information Disclosure Vulnerabilities
	Apple QuickTime Multiple File Handling Code Execution Vulnerabilities
	Apple Safari for Windows Remote Code Execution Vulnerability
	Apple Mac OS X Command Execution Vulnerabilities

	Sun Solaris Tomcat JSP/Servlet Container Multiple Vulnerabilities
	Sun Java System Access Manager XSLT Code Execution Vulnerability
	Sun Solaris 10 Adobe Reader Multiple Code Execution Vulnerabilities
	Sun Solaris "snmpXdmid" Packet Handling Denial of Service Vulnerability
	Sun Solaris FreeType2 Library Multiple Memory Corruption Vulnerabilities
	Sun Java System Calendar Server Denial of Service Vulnerability
	Sun Solaris SMA SNMPv3 Authentication Bypass Vulnerability

	IBM Tivoli Directory Server Entry Handling Double-Free Vulnerability
	IBM AFP Viewer Plug-In "SRC" Property Buffer Overflow Vulnerability
	IBM Hardware Management Console Cross Site Scripting Vulnerabilities
	IBM OS/400 BrSmRcvAndCheck Local Buffer Overflow Vulnerability
	IBM DB2 Multiple Buffer Overflow Vulnerabilities
	IBM WebSphere Application Server Security Exposure Vulnerability
	IBM AIX Multiple Command Local Privilege Escalation Vulnerabilities