Synopsis: Moderate: tk security update Issue date: 2008-02-21 CVE Names: CVE-2008-0553 CVE-2007-5137 CVE-2007-5378 An input validation flaw was discovered in Tk's GIF image handling. A code-size value read from a GIF image was not properly validated before being used, leading to a buffer overflow. A specially crafted GIF file could use this to cause a crash or, potentially, execute code with the privileges of the application using the Tk graphical toolkit. (CVE-2008-0553) A buffer overflow flaw was discovered in Tk's animated GIF image handling. An animated GIF containing an initial image smaller than subsequent images could cause a crash or, potentially, execute code with the privileges of the application using the Tk library. (CVE-2007-5137) A buffer overflow flaw was discovered in Tk's animated GIF image handling. An animated GIF containing an initial image smaller than subsequent images could cause a crash or, potentially, execute code with the privileges of the application using the Tk library. (CVE-2007-5378) SL 4.x SRPMS: tk-8.4.7-3.el4_6.1.src.rpm i386: tk-8.4.7-3.el4_6.1.i386.rpm tk-devel-8.4.7-3.el4_6.1.i386.rpm x86_64: tk-8.4.7-3.el4_6.1.i386.rpm tk-8.4.7-3.el4_6.1.x86_64.rpm tk-devel-8.4.7-3.el4_6.1.x86_64.rpm SL 5.x SRPMS: tk-8.4.13-5.el5_1.1.src.rpm i386: tk-8.4.13-5.el5_1.1.i386.rpm tk-devel-8.4.13-5.el5_1.1.i386.rpm x86_64: tk-8.4.13-5.el5_1.1.i386.rpm tk-8.4.13-5.el5_1.1.x86_64.rpm tk-devel-8.4.13-5.el5_1.1.i386.rpm tk-devel-8.4.13-5.el5_1.1.x86_64.rpm -Connie Sieh -Troy Dawson