ID de Prueba:	1.3.6.1.4.1.25623.1.0.60706
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2008:0135
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2008:0135. Tk is a graphical toolkit for the Tcl scripting language. An input validation flaw was discovered in Tk's GIF image handling. A code-size value read from a GIF image was not properly validated before being used, leading to a buffer overflow. A specially crafted GIF file could use this to cause a crash or, potentially, execute code with the privileges of the application using the Tk graphical toolkit. (CVE-2008-0553) A buffer overflow flaw was discovered in Tk's animated GIF image handling. An animated GIF containing an initial image smaller than subsequent images could cause a crash or, potentially, execute code with the privileges of the application using the Tk library. (CVE-2007-5378) All users are advised to upgrade to these updated packages which contain a backported patches to resolve these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2008-0135.html http://www.redhat.com/security/updates/classification/#moderate Risk factor : High CVSS Score: 6.8
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-0553 BugTraq ID: 27655 http://www.securityfocus.com/bid/27655 Bugtraq: 20080212 rPSA-2008-0054-1 tk (Google Search) http://www.securityfocus.com/archive/1/488069/100/0/threaded Bugtraq: 20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues (Google Search) http://www.securityfocus.com/archive/1/493080/100/0/threaded Debian Security Information: DSA-1490 (Google Search) http://www.debian.org/security/2008/dsa-1490 Debian Security Information: DSA-1491 (Google Search) http://www.debian.org/security/2008/dsa-1491 Debian Security Information: DSA-1598 (Google Search) http://www.debian.org/security/2008/dsa-1598 https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00193.html https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00132.html https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00115.html https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00205.html https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00116.html http://www.mandriva.com/security/advisories?name=MDVSA-2008:041 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10098 http://www.redhat.com/support/errata/RHSA-2008-0134.html http://www.redhat.com/support/errata/RHSA-2008-0135.html http://www.redhat.com/support/errata/RHSA-2008-0136.html http://securitytracker.com/id?1019309 http://secunia.com/advisories/28784 http://secunia.com/advisories/28807 http://secunia.com/advisories/28848 http://secunia.com/advisories/28857 http://secunia.com/advisories/28867 http://secunia.com/advisories/28954 http://secunia.com/advisories/29069 http://secunia.com/advisories/29070 http://secunia.com/advisories/29622 http://secunia.com/advisories/30129 http://secunia.com/advisories/30188 http://secunia.com/advisories/30535 http://secunia.com/advisories/30717 http://secunia.com/advisories/30783 http://secunia.com/advisories/32608 http://sunsolve.sun.com/search/document.do?assetkey=1-26-237465-1 SuSE Security Announcement: SUSE-SR:2008:008 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html SuSE Security Announcement: SUSE-SR:2008:013 (Google Search) http://www.novell.com/linux/security/advisories/2008_13_sr.html http://ubuntu.com/usn/usn-664-1 http://www.vupen.com/english/advisories/2008/0430 http://www.vupen.com/english/advisories/2008/1456/references http://www.vupen.com/english/advisories/2008/1744 Common Vulnerability Exposure (CVE) ID: CVE-2007-5378 BugTraq ID: 26056 http://www.securityfocus.com/bid/26056 Debian Security Information: DSA-1415 (Google Search) http://www.debian.org/security/2007/dsa-1415 Debian Security Information: DSA-1416 (Google Search) http://www.debian.org/security/2007/dsa-1416 Debian Security Information: DSA-1743 (Google Search) http://www.debian.org/security/2009/dsa-1743 http://www.mandriva.com/security/advisories?name=MDKSA-2007:200 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9480 http://secunia.com/advisories/27207 http://secunia.com/advisories/27295 http://secunia.com/advisories/27801 http://secunia.com/advisories/27806 http://secunia.com/advisories/34297 http://www.ubuntu.com/usn/usn-529-1 http://www.attrition.org/pipermail/vim/2007-October/001826.html XForce ISS Database: tktoolkit-filereadgif-dos(37189) https://exchange.xforce.ibmcloud.com/vulnerabilities/37189
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.