Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 192539 - dev-lang/tk < 8.4.15-r1 GIF ReadImage() Buffer overflow vulnerability (CVE-2007-5137)
Summary: dev-lang/tk < 8.4.15-r1 GIF ReadImage() Buffer overflow vulnerability (CVE-20...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: https://bugzilla.redhat.com/show_bug....
Whiteboard: B2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2007-09-14 19:26 UTC by Robert Buchholz (RETIRED)
Modified: 2008-01-10 08:42 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Buchholz (RETIRED) gentoo-dev 2007-09-14 19:26:26 UTC
According to RedHat:
  Reinhard Max discovered a buffer overflow flaw in the way Tk's GIF
  processor handles an interlaced GIF with two frames.  It is possible
  to overflow a buffer if the second frame is smaller than the first.
  The fix can be found here:
http://tktoolkit.cvs.sourceforge.net/tktoolkit/tk/generic/tkImgGIF.c?r1=1.36&r2=1.37
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2007-09-14 19:33:32 UTC
Whiteboard and cc'ing maintainers.

tcltk, please provide updated ebuilds with the patch applied.
Comment 2 MATSUU Takuto (RETIRED) gentoo-dev 2007-09-16 02:29:07 UTC
dev-lang/tk-8.4.15-r1
dev-lang/tk-8.5_alpha6-r1
in cvs.
=dev-lang/tk-8.5* is masked so please mark stable tk-8.4.15-r1
Comment 3 Robert Buchholz (RETIRED) gentoo-dev 2007-09-16 04:11:26 UTC
Thanks, Matsuu. Arches, please go for dev-lang/tk-8.4.15-r1.
Targets are: "alpha amd64 arm hppa ia64 mips ppc ppc64 sh sparc x86"
Comment 4 Jeroen Roovers gentoo-dev 2007-09-16 07:29:26 UTC
Stable for HPPA.
Comment 5 Markus Meier gentoo-dev 2007-09-16 10:13:55 UTC
x86 stable
Comment 6 Christoph Mende (RETIRED) gentoo-dev 2007-09-16 14:57:22 UTC
amd64 stable
Comment 7 Raúl Porcel (RETIRED) gentoo-dev 2007-09-17 10:07:01 UTC
alpha/ia64 stable
Comment 8 Tobias Scherbaum (RETIRED) gentoo-dev 2007-09-17 17:38:48 UTC
ppc stable
Comment 9 Tiago Cunha (RETIRED) gentoo-dev 2007-09-19 04:11:08 UTC
dev-lang/tk-8.4.15-r1  USE="-debug -threads"

1. Emerges on SPARC.
2. No collisions.
3. No test phase.
4. Works - tested with the rdeps app-text/tkinfo, app-text/tkman, dev-tcltk/tkdiff, dev-tcltk/tkTheme, net-im/tkabber, and with the files inside the test/ directory.

Portage 2.1.3.9 (default-linux/sparc/sparc64/2007.0, gcc-4.1.2, glibc-2.5-r4, 2.6.22-gentoo-r5 sparc64)
=================================================================
System uname: 2.6.22-gentoo-r5 sparc64 sun4u
Timestamp of tree: Tue, 18 Sep 2007 20:50:01 +0000
ccache version 2.4 [enabled]
app-shells/bash:     3.2_p17
dev-lang/python:     2.4.4-r4
dev-python/pycrypto: 2.0.1-r6
dev-util/ccache:     2.4-r7
sys-apps/baselayout: 1.12.9-r2
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.61-r1
sys-devel/automake:  1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10
sys-devel/binutils:  2.17
sys-devel/gcc-config: 1.3.16
sys-devel/libtool:   1.5.24
virtual/os-headers:  2.6.21
ACCEPT_KEYWORDS="sparc"
CBUILD="sparc-unknown-linux-gnu"
CFLAGS="-O2 -mcpu=ultrasparc -pipe"
CHOST="sparc-unknown-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config"
CONFIG_PROTECT_MASK="/etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/init.d /etc/pam.d /etc/revdep-rebuild /etc/terminfo /etc/udev/rules.d"
CXXFLAGS="-O2 -mcpu=ultrasparc -pipe"
DISTDIR="/usr/portage/distfiles"
EMERGE_DEFAULT_OPTS="-k"
FEATURES="ccache collision-protect distlocks metadata-transfer parallel-fetch sandbox sfperms strict test unmerge-orphans userfetch userpriv usersandbox"
GENTOO_MIRRORS="ftp://mirrors1.netvisao.pt/gentoo http://darkstar.ist.utl.pt/pub/gentoo http://distfiles.gentoo.org http://www.ibiblio.org/pub/Linux/distributions/gentoo"
MAKEOPTS="-j3"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage"
USE="X acl bash-completion bitmap-fonts branding bzip2 cli cracklib crypt dri fortran gdbm gif gnome gtk hal iconv ipv6 isdnlog jpeg midi mudflap ncurses nptl nptlonly offensive opengl openmp pam pcre perl png postgres ppds pppd python readline reflection session sparc spl ssl svg tcpd test tiff truetype truetype-fonts type1-fonts xml xorg xv zlib" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="keyboard mouse" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" USERLAND="GNU" VIDEO_CARDS="sunffb"
Unset:  CTARGET, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY
Comment 10 Brent Baude (RETIRED) gentoo-dev 2007-09-20 21:04:39 UTC
ppc64 stable
Comment 11 Ferris McCormick (RETIRED) gentoo-dev 2007-09-23 01:21:23 UTC
Sparc stable.
Comment 12 Robert Buchholz (RETIRED) gentoo-dev 2007-09-23 08:43:36 UTC
Ready for glsa decision.
Comment 13 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-09-25 09:50:21 UTC
generally speaking, buffer overflow means possible code exec. In this case it's user-assisted. so this is B2, unless I missed something.
glsa request filed.
Comment 14 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2007-10-07 22:20:19 UTC
GLSA 200710-07, sorry for the late
Comment 15 Robert Buchholz (RETIRED) gentoo-dev 2007-10-20 23:44:21 UTC
CVE-2007-4851 was rejected as a duplicate of CVE-2007-5137.