Ubuntu
tk8.3 package

[tk8.3] [tk8.4] [CVE-2008-0553] buffer overflow in the GIF image parsing code

Bug #191204 reported by disabled.user
258
Affects Status Importance Assigned to Milestone
tk8.3 (Ubuntu)
Fix Released
Undecided
Unassigned
tk8.4 (Ubuntu)
Fix Released
Undecided
paolodelbene
tk8.5 (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

Binary package hint: tk8.3

References:
DSA-1490-1 (http://www.debian.org/security/2008/dsa-1490)
DSA-1491-1 (http://www.debian.org/security/2008/dsa-1491)

Quoting:
"It was discovered that a buffer overflow in the GIF image parsing code
of Tk, a cross-platform graphical toolkit, could lead to denial of
service and potentially the execution of arbitrary code."

Revision history for this message
William Grant (wgrant) wrote :

tk8.5 fixed in 8.5.0-3 (in Hardy).

Changed in tk8.5:
status: New → Fix Released
Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

Updates fixing this issue have been published:

http://www.ubuntu.com/usn/usn-664-1

Changed in tk8.3:
status: New → Fix Released
Changed in tk8.4:
status: New → Fix Released
Revision history for this message
paolodelbene (ninuxpdb) wrote :

* SECURITY UPDATE: buffer overflow and potential arbitrary code execution
    via crafted GIF image (LP: #191204)
    - debian/patches/cve-2008-0553.diff fix from upstream for
      generic/tkImgGIF.c to validate initialCodeSize
    - http://tktoolkit.cvs.sourceforge.net/tktoolkit/tk/generic/tkImgGIF.c?r1=1.40&r2=1.41
    - CVE-2008-0553

why i must to update when tk8.4 needed of patch ? first patch it and then send as update

Changed in tk8.4:
assignee: nobody → ninuxpdb
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.