Referenced CVEs:
CVE-2008-0553
Description:
===========================================================Ubuntu Security Notice USN-664-1 November 06, 2008tk8.0, tk8.3, tk8.4 vulnerabilityCVE-2008-0553===========================================================A security issue affects the following Ubuntu releases:Ubuntu 6.06 LTSUbuntu 7.10Ubuntu 8.04 LTSThis advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 6.06 LTS: tk8.0 8.0.5-11ubuntu0.1 tk8.3 8.3.5-4ubuntu1.2 tk8.4 8.4.12-0ubuntu1.2Ubuntu 7.10: tk8.3 8.3.5-6ubuntu3.1 tk8.4 8.4.15-1ubuntu1.1Ubuntu 8.04 LTS: tk8.4 8.4.16-2ubuntu1.1In general, a standard system upgrade is sufficient to effect thenecessary changes.Details follow:It was discovered that Tk could be made to overrun a buffer when loadingcertain images. If a user were tricked into opening a specially craftedGIF image, remote attackers could cause a denial of service or executearbitrary code with user privileges.