Test ID:	1.3.6.1.4.1.25623.1.0.60326
Category:	Fedora Local Security Checks
Title:	Fedora Core 8 FEDORA-2008-1323 (perl-Tk)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to perl-Tk announced via advisory FEDORA-2008-1323. This a re-port of a perl interface to Tk8.4. C code is derived from Tcl/Tk8.4.5. It also includes all the C code parts of Tix8.1.4 from SourceForge. The perl code corresponding to Tix's Tcl code is not fully implemented. Perl API is essentially the same as Tk800 series Tk800.025 but has not been verified as compliant. There ARE differences see pod/804delta.pod. ChangeLog: * Tue Feb 5 2008 Andreas Bierfert - 804.028-3 - fix #431529 gif overflow in tk (see also #431518) References: [ 1 ] Bug #431518 - CVE-2008-0553 tk: GIF handling buffer overflow https://bugzilla.redhat.com/show_bug.cgi?id=431518 Solution: Apply the appropriate updates. This update can be installed with the yum update program. Use su -c 'yum update perl-Tk' at the command line. For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/. http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2008-1323 Risk factor : High CVSS Score: 6.8
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-0553 BugTraq ID: 27655 http://www.securityfocus.com/bid/27655 Bugtraq: 20080212 rPSA-2008-0054-1 tk (Google Search) http://www.securityfocus.com/archive/1/488069/100/0/threaded Bugtraq: 20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues (Google Search) http://www.securityfocus.com/archive/1/493080/100/0/threaded Debian Security Information: DSA-1490 (Google Search) http://www.debian.org/security/2008/dsa-1490 Debian Security Information: DSA-1491 (Google Search) http://www.debian.org/security/2008/dsa-1491 Debian Security Information: DSA-1598 (Google Search) http://www.debian.org/security/2008/dsa-1598 https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00193.html https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00132.html https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00115.html https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00205.html https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00116.html http://www.mandriva.com/security/advisories?name=MDVSA-2008:041 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10098 http://www.redhat.com/support/errata/RHSA-2008-0134.html http://www.redhat.com/support/errata/RHSA-2008-0135.html http://www.redhat.com/support/errata/RHSA-2008-0136.html http://securitytracker.com/id?1019309 http://secunia.com/advisories/28784 http://secunia.com/advisories/28807 http://secunia.com/advisories/28848 http://secunia.com/advisories/28857 http://secunia.com/advisories/28867 http://secunia.com/advisories/28954 http://secunia.com/advisories/29069 http://secunia.com/advisories/29070 http://secunia.com/advisories/29622 http://secunia.com/advisories/30129 http://secunia.com/advisories/30188 http://secunia.com/advisories/30535 http://secunia.com/advisories/30717 http://secunia.com/advisories/30783 http://secunia.com/advisories/32608 http://sunsolve.sun.com/search/document.do?assetkey=1-26-237465-1 SuSE Security Announcement: SUSE-SR:2008:008 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html SuSE Security Announcement: SUSE-SR:2008:013 (Google Search) http://www.novell.com/linux/security/advisories/2008_13_sr.html http://ubuntu.com/usn/usn-664-1 http://www.vupen.com/english/advisories/2008/0430 http://www.vupen.com/english/advisories/2008/1456/references http://www.vupen.com/english/advisories/2008/1744
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.