Debian DSA-1415-1 : tk8.4 - buffer overflow
Medium Nessus Plugin ID 28338
SynopsisThe remote Debian host is missing a security-related update.
DescriptionIt was discovered that Tk, a cross-platform graphical toolkit for Tcl, performs insufficient input validation in the code used to load GIF images, which may lead to the execution of arbitrary code.
SolutionUpgrade the tk8.4 packages. Updated packages for sparc will be provided later.
For the old stable distribution (sarge), this problem has been fixed in version 8.4.9-1sarge1.
For the stable distribution (etch), this problem has been fixed in version 8.4.12-1etch1.