192539 2007-09-14 19:26 0000 dev-lang/tk < 8.4.15-r1 GIF ReadImage() Buffer overflow vulnerability (CVE-2007-5137) 2008-01-10 08:42:00 0000 1 1 1 Unclassified Gentoo Security Vulnerabilities unspecified All Linux RESOLVED FIXED https://bugzilla.redhat.com/show_bug.cgi?id=290991 B2 [glsa] P2 normal --- 1 rbu@gentoo.org security@gentoo.org mips@gentoo.org tcltk@gentoo.org rbu@gentoo.org 2007-09-14 19:26:26 0000 According to RedHat: Reinhard Max discovered a buffer overflow flaw in the way Tk's GIF processor handles an interlaced GIF with two frames. It is possible to overflow a buffer if the second frame is smaller than the first. The fix can be found here: http://tktoolkit.cvs.sourceforge.net/tktoolkit/tk/generic/tkImgGIF.c?r1=1.36&r2=1.37 rbu@gentoo.org 2007-09-14 19:33:32 0000 Whiteboard and cc'ing maintainers. tcltk, please provide updated ebuilds with the patch applied. matsuu@gentoo.org 2007-09-16 02:29:07 0000 dev-lang/tk-8.4.15-r1 dev-lang/tk-8.5_alpha6-r1 in cvs. =dev-lang/tk-8.5* is masked so please mark stable tk-8.4.15-r1 rbu@gentoo.org 2007-09-16 04:11:26 0000 Thanks, Matsuu. Arches, please go for dev-lang/tk-8.4.15-r1. Targets are: "alpha amd64 arm hppa ia64 mips ppc ppc64 sh sparc x86" jer@gentoo.org 2007-09-16 07:29:26 0000 Stable for HPPA. maekke@gentoo.org 2007-09-16 10:13:55 0000 x86 stable angelos@gentoo.org 2007-09-16 14:57:22 0000 amd64 stable armin76@gentoo.org 2007-09-17 10:07:01 0000 alpha/ia64 stable dertobi123@gentoo.org 2007-09-17 17:38:48 0000 ppc stable tcunha@gentoo.org 2007-09-19 04:11:08 0000 dev-lang/tk-8.4.15-r1 USE="-debug -threads" 1. Emerges on SPARC. 2. No collisions. 3. No test phase. 4. Works - tested with the rdeps app-text/tkinfo, app-text/tkman, dev-tcltk/tkdiff, dev-tcltk/tkTheme, net-im/tkabber, and with the files inside the test/ directory. Portage 2.1.3.9 (default-linux/sparc/sparc64/2007.0, gcc-4.1.2, glibc-2.5-r4, 2.6.22-gentoo-r5 sparc64) ================================================================= System uname: 2.6.22-gentoo-r5 sparc64 sun4u Timestamp of tree: Tue, 18 Sep 2007 20:50:01 +0000 ccache version 2.4 [enabled] app-shells/bash: 3.2_p17 dev-lang/python: 2.4.4-r4 dev-python/pycrypto: 2.0.1-r6 dev-util/ccache: 2.4-r7 sys-apps/baselayout: 1.12.9-r2 sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.61-r1 sys-devel/automake: 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10 sys-devel/binutils: 2.17 sys-devel/gcc-config: 1.3.16 sys-devel/libtool: 1.5.24 virtual/os-headers: 2.6.21 ACCEPT_KEYWORDS="sparc" CBUILD="sparc-unknown-linux-gnu" CFLAGS="-O2 -mcpu=ultrasparc -pipe" CHOST="sparc-unknown-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config" CONFIG_PROTECT_MASK="/etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/init.d /etc/pam.d /etc/revdep-rebuild /etc/terminfo /etc/udev/rules.d" CXXFLAGS="-O2 -mcpu=ultrasparc -pipe" DISTDIR="/usr/portage/distfiles" EMERGE_DEFAULT_OPTS="-k" FEATURES="ccache collision-protect distlocks metadata-transfer parallel-fetch sandbox sfperms strict test unmerge-orphans userfetch userpriv usersandbox" GENTOO_MIRRORS="ftp://mirrors1.netvisao.pt/gentoo http://darkstar.ist.utl.pt/pub/gentoo http://distfiles.gentoo.org http://www.ibiblio.org/pub/Linux/distributions/gentoo" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage" USE="X acl bash-completion bitmap-fonts branding bzip2 cli cracklib crypt dri fortran gdbm gif gnome gtk hal iconv ipv6 isdnlog jpeg midi mudflap ncurses nptl nptlonly offensive opengl openmp pam pcre perl png postgres ppds pppd python readline reflection session sparc spl ssl svg tcpd test tiff truetype truetype-fonts type1-fonts xml xorg xv zlib" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="keyboard mouse" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" USERLAND="GNU" VIDEO_CARDS="sunffb" Unset: CTARGET, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY ranger@gentoo.org 2007-09-20 21:04:39 0000 ppc64 stable fmccor@gentoo.org 2007-09-23 01:21:23 0000 Sparc stable. rbu@gentoo.org 2007-09-23 08:43:36 0000 Ready for glsa decision. py@gentoo.org 2007-09-25 09:50:21 0000 generally speaking, buffer overflow means possible code exec. In this case it's user-assisted. so this is B2, unless I missed something. glsa request filed. falco@gentoo.org 2007-10-07 22:20:19 0000 GLSA 200710-07, sorry for the late rbu@gentoo.org 2007-10-20 23:44:21 0000 CVE-2007-4851 was rejected as a duplicate of CVE-2007-5137.