This script is Copyright (C) 2008-2015 Tenable Network Security, Inc.
The remote Red Hat host is missing one or more security updates.
Updated tk packages that fix a security issue are now available for
Red Hat Enterprise Linux 5.
This update has been rated as having moderate security impact by the
Red Hat Security Response Team.
Tk is a graphical toolkit for the Tcl scripting language.
An input validation flaw was discovered in Tk's GIF image handling. A
code-size value read from a GIF image was not properly validated
before being used, leading to a buffer overflow. A specially crafted
GIF file could use this to cause a crash or, potentially, execute code
with the privileges of the application using the Tk graphical toolkit.
A buffer overflow flaw was discovered in Tk's animated GIF image
handling. An animated GIF containing an initial image smaller than
subsequent images could cause a crash or, potentially, execute code
with the privileges of the application using the Tk library.
All users are advised to upgrade to these updated packages which
contain a backported patches to resolve these issues.
See also :
Update the affected tk and / or tk-devel packages.
Risk factor :
Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 5.9
Public Exploit Available : false