FrSIRT - Fedora Security Update Fixes Tk GIF Image Buffer Overflow Vulnerability / Exploit (Security Advisories)

French Security Incident Response Team

French

English

Fedora Security Update Fixes Tk GIF Image Buffer Overflow Vulnerability

Title : Fedora Security Update Fixes Tk GIF Image Buffer Overflow Vulnerability
Advisory ID : FrSIRT/ADV-2007-3557
CVE ID : CVE-2007-5378
Rated as : Moderate Risk

Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-10-22

Advisory Details

Description

Affected Products

Solution

References

Technical Description

A vulnerability has been identified in Fedora, which could be exploited by attackers to cause a denial of service or execute arbitrary code [...]

Solution

Upgrade the affected packages :

2f9dbe2132bf4fc78f8421e5ef6b9066d908c961 tk-8.4.13-6.fc7.ppc64.rpm
dfd62ad97a40e452f90f1d303332decbd274524d tk-debuginfo-8.4.13-6.fc7.ppc64.rpm
caf8b249afc9309cde1cc24b4946652045487912 tk-devel-8.4.13-6.fc7.ppc64.rpm
283a46b8af5b941e56f190b2f480d5447c86e84b tk-8.4.13-6.fc7.i386.rpm
55c6896d1c31cd6c6e053275e6ebe218e02b17fa tk-debuginfo-8.4.13-6.fc7.i386.rpm
9ae4f4e6258199851a8ad0b57feb448952f48956 tk-devel-8.4.13-6.fc7.i386.rpm
37d7a2427add562debe4db70c17c26d9d25556c7 tk-debuginfo-8.4.13-6.fc7.x86_64.rpm
15470e5810da218ab82bcc5b4cf609609b5c2d07 tk-8.4.13-6.fc7.x86_64.rpm
b119aeb80fbdc14e5bcedbcfbc7a265da6a3ac96 tk-devel-8.4.13-6.fc7.x86_64.rpm
d15bf067c74b67c516a8d3d482f00ba767de1a04 tk-8.4.13-6.fc7.ppc.rpm
e117e10b20001966a93fd96eba81a6541d7cd701 tk-debuginfo-8.4.13-6.fc7.ppc.rpm
2855c76d43b4dcbc5e84bfcef6632ba16fb584cd tk-devel-8.4.13-6.fc7.ppc.rpm
7781a6f38cca6f9c65027d00e85fd92cb4ad0935 tk-8.4.13-6.fc7.src.rpm

ChangeLog

2007-10-22 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.

Mailinglist

	Oracle Products Multiple Code Execution and Security Bypass Issues
	Oracle Products Command Execution and SQL Injection Vulnerabilities
	Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities
	Oracle Database "PITRIG_DROPMETADATA" Buffer Overflow Vulnerability
	Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities
	Oracle JInitiator ActiveX Control Multiple Remote Buffer Overflow Vulnerabilities
	Oracle Products Multiple Remote Command Execution and SQL Injection Vulnerabilities

	Sun Solaris System Management Agent Buffer Overflow Vulnerability
	Sun Update Fixes Mozilla Thunderbird Multiple Vulnerabilities
	Sun Java JDK and JRE Code Execution and Security Bypass Issues
	Sun Solaris DNS Protocol Remote Cache Poisoning Vulnerability
	Sun Solaris Tomcat JSP/Servlet Container Multiple Vulnerabilities
	Sun Java System Access Manager XSLT Code Execution Vulnerability
	Sun Solaris 10 Adobe Reader Multiple Code Execution Vulnerabilities

	Mozilla Firefox for Mac OS X GIF Rendering Code Execution Vulnerability
	Mozilla Products Remote Code Execution and Security Bypass Issues
	Mozilla Products Code Execution and Injection Vulnerabilities
	Mozilla JavaScript Garbage Collector Code Execution Vulnerability
	Mozilla Thunderbird Code Execution and Cross Site Scripting Issues
	Mozilla Firefox and SeaMonkey Multiple Remote Code Execution Issues
	Mozilla Thunderbird Multiple Security Bypass and Code Execution Issues