Debian DSA-1416-1 : tk8.3 - buffer overflow
Medium Nessus Plugin ID 28339
SynopsisThe remote Debian host is missing a security-related update.
DescriptionIt was discovered that Tk, a cross-platform graphical toolkit for Tcl, performs insufficient input validation in the code used to load GIF images, which may lead to the execution of arbitrary code.
Due to the technical limitation in the Debian archive scripts the update for the old stable distribution (sarge) cannot be released in sync with the update for the stable distribution. It will be provided in the next days.
SolutionUpgrade the tk8.3 packages.
For the stable distribution (etch), this problem has been fixed in version 8.3.5-6etch1.