Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.60705
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2008:0134
Summary:NOSUMMARY
Description:Description:

The remote host is missing updates announced in
advisory RHSA-2008:0134.

Tcl is a scripting language designed for embedding into other applications
and for use with Tk, a widget set.

An input validation flaw was discovered in Tk's GIF image handling. A
code-size value read from a GIF image was not properly validated before
being used, leading to a buffer overflow. A specially crafted GIF file
could use this to cause a crash or, potentially, execute code with the
privileges of the application using the Tk graphical toolkit.
(CVE-2008-0553)

A buffer overflow flaw was discovered in Tk's animated GIF image handling.
An animated GIF containing an initial image smaller than subsequent images
could cause a crash or, potentially, execute code with the privileges of
the application using the Tk library. (CVE-2007-5378)

A flaw in the Tcl regular expression handling engine was discovered by Will
Drewry. This flaw, first discovered in the Tcl regular expression engine
used in the PostgreSQL database server, resulted in an infinite loop when
processing certain regular expressions. (CVE-2007-4772)

All users are advised to upgrade to these updated packages which contain
backported patches which resolve these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2008-0134.html
http://www.redhat.com/security/updates/classification/#moderate

Risk factor : High

CVSS Score:
6.8

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2008-0553
BugTraq ID: 27655
http://www.securityfocus.com/bid/27655
Bugtraq: 20080212 rPSA-2008-0054-1 tk (Google Search)
http://www.securityfocus.com/archive/1/488069/100/0/threaded
Bugtraq: 20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues (Google Search)
http://www.securityfocus.com/archive/1/493080/100/0/threaded
Debian Security Information: DSA-1490 (Google Search)
http://www.debian.org/security/2008/dsa-1490
Debian Security Information: DSA-1491 (Google Search)
http://www.debian.org/security/2008/dsa-1491
Debian Security Information: DSA-1598 (Google Search)
http://www.debian.org/security/2008/dsa-1598
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00193.html
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00132.html
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00115.html
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00205.html
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00116.html
http://www.mandriva.com/security/advisories?name=MDVSA-2008:041
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10098
http://www.redhat.com/support/errata/RHSA-2008-0134.html
http://www.redhat.com/support/errata/RHSA-2008-0135.html
http://www.redhat.com/support/errata/RHSA-2008-0136.html
http://securitytracker.com/id?1019309
http://secunia.com/advisories/28784
http://secunia.com/advisories/28807
http://secunia.com/advisories/28848
http://secunia.com/advisories/28857
http://secunia.com/advisories/28867
http://secunia.com/advisories/28954
http://secunia.com/advisories/29069
http://secunia.com/advisories/29070
http://secunia.com/advisories/29622
http://secunia.com/advisories/30129
http://secunia.com/advisories/30188
http://secunia.com/advisories/30535
http://secunia.com/advisories/30717
http://secunia.com/advisories/30783
http://secunia.com/advisories/32608
http://sunsolve.sun.com/search/document.do?assetkey=1-26-237465-1
SuSE Security Announcement: SUSE-SR:2008:008 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html
SuSE Security Announcement: SUSE-SR:2008:013 (Google Search)
http://www.novell.com/linux/security/advisories/2008_13_sr.html
http://ubuntu.com/usn/usn-664-1
http://www.vupen.com/english/advisories/2008/0430
http://www.vupen.com/english/advisories/2008/1456/references
http://www.vupen.com/english/advisories/2008/1744
Common Vulnerability Exposure (CVE) ID: CVE-2007-5378
BugTraq ID: 26056
http://www.securityfocus.com/bid/26056
Debian Security Information: DSA-1415 (Google Search)
http://www.debian.org/security/2007/dsa-1415
Debian Security Information: DSA-1416 (Google Search)
http://www.debian.org/security/2007/dsa-1416
Debian Security Information: DSA-1743 (Google Search)
http://www.debian.org/security/2009/dsa-1743
http://www.mandriva.com/security/advisories?name=MDKSA-2007:200
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9480
http://secunia.com/advisories/27207
http://secunia.com/advisories/27295
http://secunia.com/advisories/27801
http://secunia.com/advisories/27806
http://secunia.com/advisories/34297
http://www.ubuntu.com/usn/usn-529-1
http://www.attrition.org/pipermail/vim/2007-October/001826.html
XForce ISS Database: tktoolkit-filereadgif-dos(37189)
https://exchange.xforce.ibmcloud.com/vulnerabilities/37189
Common Vulnerability Exposure (CVE) ID: CVE-2007-4772
BugTraq ID: 27163
http://www.securityfocus.com/bid/27163
Bugtraq: 20080107 PostgreSQL 2007-01-07 Cumulative Security Release (Google Search)
http://www.securityfocus.com/archive/1/485864/100/0/threaded
Bugtraq: 20080115 rPSA-2008-0016-1 postgresql postgresql-server (Google Search)
http://www.securityfocus.com/archive/1/486407/100/0/threaded
Debian Security Information: DSA-1460 (Google Search)
http://www.debian.org/security/2008/dsa-1460
Debian Security Information: DSA-1463 (Google Search)
http://www.debian.org/security/2008/dsa-1463
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html
http://security.gentoo.org/glsa/glsa-200801-15.xml
HPdes Security Advisory: HPSBTU02325
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154
HPdes Security Advisory: SSRT080006
http://www.mandriva.com/security/advisories?name=MDVSA-2008:004
http://www.mandriva.com/security/advisories?name=MDVSA-2008:059
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11569
http://www.redhat.com/support/errata/RHSA-2008-0038.html
http://www.redhat.com/support/errata/RHSA-2008-0040.html
RedHat Security Advisories: RHSA-2013:0122
http://rhn.redhat.com/errata/RHSA-2013-0122.html
http://securitytracker.com/id?1019157
http://secunia.com/advisories/28359
http://secunia.com/advisories/28376
http://secunia.com/advisories/28437
http://secunia.com/advisories/28438
http://secunia.com/advisories/28454
http://secunia.com/advisories/28455
http://secunia.com/advisories/28464
http://secunia.com/advisories/28477
http://secunia.com/advisories/28479
http://secunia.com/advisories/28679
http://secunia.com/advisories/28698
http://secunia.com/advisories/29248
http://secunia.com/advisories/29638
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1
SuSE Security Announcement: SUSE-SA:2008:005 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html
SuSE Security Announcement: SUSE-SU-2016:0539 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00052.html
SuSE Security Announcement: SUSE-SU-2016:0555 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00054.html
SuSE Security Announcement: SUSE-SU-2016:0677 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00016.html
SuSE Security Announcement: openSUSE-SU-2016:0531 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00049.html
SuSE Security Announcement: openSUSE-SU-2016:0578 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00056.html
https://usn.ubuntu.com/568-1/
http://www.vupen.com/english/advisories/2008/0061
http://www.vupen.com/english/advisories/2008/0109
http://www.vupen.com/english/advisories/2008/1071/references
XForce ISS Database: postgresql-regular-expression-dos(39497)
https://exchange.xforce.ibmcloud.com/vulnerabilities/39497
CopyrightCopyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.