Summary
The remote host is missing an update to tk8.4
announced via advisory DSA 1415-1.
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201415-1
Insight
It was discovered that Tk, a cross-platform graphical toolkit for Tcl performs insufficient input validation in the code used to load GIF images, which may lead to the execution of arbitrary code.
For the stable distribution (etch), this problem has been fixed in version 8.4.12-1etch1.
For the old stable distribution (sarge), this problem has been fixed in version 8.4.9-1sarge1.
We recommend that you upgrade your tk8.4 packages. Updated packages for
Severity
Classification
-
CVE CVE-2007-5378 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P
Related Vulnerabilities