Debian Security Advisory DSA 1415-1 (tk8.4) Network Vulnerability

Summary

The remote host is missing an update to tk8.4 announced via advisory DSA 1415-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201415-1

Insight

It was discovered that Tk, a cross-platform graphical toolkit for Tcl performs insufficient input validation in the code used to load GIF images, which may lead to the execution of arbitrary code. For the stable distribution (etch), this problem has been fixed in version 8.4.12-1etch1. For the old stable distribution (sarge), this problem has been fixed in version 8.4.9-1sarge1. We recommend that you upgrade your tk8.4 packages. Updated packages for

Severity

Classification

CVE CVE-2007-5378
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Debian Security Advisory DSA 1117-1 (libgd2)
Debian Security Advisory DSA 1099-1 (horde2)
Debian Security Advisory DSA 084-1 (gftp)
Debian Security Advisory DSA 1073-1 (mysql-dfsg-4.1)
Debian Security Advisory DSA 1096-1 (webcalendar)

Take action and discover your vulnerabilities