[ MDVSA-2008:059 ] - Updated tcl packages fix vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2008:059
http://www.mandriva.com/security/
_______________________________________________________________________
Package : tcl
Date : March 5, 2008
Affected: 2007.0, 2007.1, 2008.0, Corporate 3.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
A flaw in the Tcl regular expression handling engine was originally
discovered by Will Drewry in the PostgreSQL database server's Tcl
regular expression engine. This flaw can result in an infinite loop
when processing certain regular expressions.
The updated packages have been patched to correct these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4772
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.0:
bde7e57d9dc7d568c0390ba3db4b5a3c
2007.0/i586/libtcl8.4-8.4.13-1.1mdv2007.0.i586.rpm
d5a61fcda52e37a15c19e7d5c068656e
2007.0/i586/libtcl8.4-devel-8.4.13-1.1mdv2007.0.i586.rpm
b243426d0d7f8d0a10ba70651feaef03 2007.0/i586/tcl-8.4.13-1.1mdv2007.0.i586.rpm
4f287e93256eaf7c84a0448ef2008020 2007.0/SRPMS/tcl-8.4.13-1.1mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
fa6beda37d3eaf2200e3b30af08751e9
2007.0/x86_64/lib64tcl8.4-8.4.13-1.1mdv2007.0.x86_64.rpm
46aa8b711feb915543ae2191da82bd01
2007.0/x86_64/lib64tcl8.4-devel-8.4.13-1.1mdv2007.0.x86_64.rpm
105fc5f39986cc6db6b4adb068baf425
2007.0/x86_64/tcl-8.4.13-1.1mdv2007.0.x86_64.rpm
4f287e93256eaf7c84a0448ef2008020 2007.0/SRPMS/tcl-8.4.13-1.1mdv2007.0.src.rpm
Mandriva Linux 2007.1:
5d5648b2bb457b157e1c30329f9891c7
2007.1/i586/libtcl8.4-8.4.14-1.1mdv2007.1.i586.rpm
a98f64c60b59d32e54baf01275c85cbf
2007.1/i586/libtcl8.4-devel-8.4.14-1.1mdv2007.1.i586.rpm
62b8899728974799108afe5a5c39b34a 2007.1/i586/tcl-8.4.14-1.1mdv2007.1.i586.rpm
569e9de9c684040893255a5800b49037 2007.1/SRPMS/tcl-8.4.14-1.1mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64:
817d49b898cc17e360141894c922e6cd
2007.1/x86_64/lib64tcl8.4-8.4.14-1.1mdv2007.1.x86_64.rpm
4b277a29b3c41b37010e7c10f9644f7f
2007.1/x86_64/lib64tcl8.4-devel-8.4.14-1.1mdv2007.1.x86_64.rpm
70bbb7e664ec0fd8636faf6734e205a3
2007.1/x86_64/tcl-8.4.14-1.1mdv2007.1.x86_64.rpm
569e9de9c684040893255a5800b49037 2007.1/SRPMS/tcl-8.4.14-1.1mdv2007.1.src.rpm
Mandriva Linux 2008.0:
b474df935ae9405261886dc3983876e7
2008.0/i586/libtcl-devel-8.5a6-4.1mdv2008.0.i586.rpm
6e675eb728a9e61b139b1084fd451298
2008.0/i586/libtcl8.5-8.5a6-4.1mdv2008.0.i586.rpm
50111e483a4d70a7522038532f583e7d 2008.0/i586/tcl-8.5a6-4.1mdv2008.0.i586.rpm
42741c6d8cd19fb3907ceb97d934a6f6 2008.0/SRPMS/tcl-8.5a6-4.1mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
72982af24a4ed7c44ec46f8f4b593dee
2008.0/x86_64/lib64tcl-devel-8.5a6-4.1mdv2008.0.x86_64.rpm
3acb0a9ebc9aab51b6ff23d316721518
2008.0/x86_64/lib64tcl8.5-8.5a6-4.1mdv2008.0.x86_64.rpm
35a0827df193416c3ea6400309b4ae30
2008.0/x86_64/tcl-8.5a6-4.1mdv2008.0.x86_64.rpm
42741c6d8cd19fb3907ceb97d934a6f6 2008.0/SRPMS/tcl-8.5a6-4.1mdv2008.0.src.rpm
Corporate 3.0:
45c8fbd95bebbad1b23f8bb2b15abe31
corporate/3.0/i586/expect-8.4.5-3.3.C30mdk.i586.rpm
a45706ad62f18aa9a9ee532ece27349f
corporate/3.0/i586/itcl-8.4.5-3.3.C30mdk.i586.rpm
f448c6df20f64d967bf51cfc89139c61
corporate/3.0/i586/tcl-8.4.5-3.3.C30mdk.i586.rpm
508f120b23e7de9f91e68b6416360c57
corporate/3.0/i586/tcllib-8.4.5-3.3.C30mdk.i586.rpm
78a9d355932b0584734f927bf0bd21cb
corporate/3.0/i586/tclx-8.4.5-3.3.C30mdk.i586.rpm
dc15072dc76732f54e7effc67aa506e9
corporate/3.0/i586/tix-8.4.5-3.3.C30mdk.i586.rpm
1ad401d437998a447f8767eac0ed3f64
corporate/3.0/i586/tk-8.4.5-3.3.C30mdk.i586.rpm
aca59d9916edfbf607b42a089c4e51f5
corporate/3.0/SRPMS/tcltk-8.4.5-3.3.C30mdk.src.rpm
Corporate 3.0/X86_64:
ab9dcf95b516f63779a48fa5da217e2c
corporate/3.0/x86_64/expect-8.4.5-3.3.C30mdk.x86_64.rpm
ccf0b17e73baed1a5597698501d4e16c
corporate/3.0/x86_64/itcl-8.4.5-3.3.C30mdk.x86_64.rpm
7004fe82ceadb690a1c537dfffa8a602
corporate/3.0/x86_64/tcl-8.4.5-3.3.C30mdk.x86_64.rpm
8082288dd36eefe4f59f288636d86f52
corporate/3.0/x86_64/tcllib-8.4.5-3.3.C30mdk.x86_64.rpm
0d535ba37b8521ba2aed9ef62597b91f
corporate/3.0/x86_64/tclx-8.4.5-3.3.C30mdk.x86_64.rpm
8eb5591457bdac01a6ebd5946bedbae2
corporate/3.0/x86_64/tix-8.4.5-3.3.C30mdk.x86_64.rpm
73d05959408f8daba243008033d1214c
corporate/3.0/x86_64/tk-8.4.5-3.3.C30mdk.x86_64.rpm
aca59d9916edfbf607b42a089c4e51f5
corporate/3.0/SRPMS/tcltk-8.4.5-3.3.C30mdk.src.rpm
Corporate 4.0:
5a24c2fa2c3ef75bf5a6a9c8e8d9fde4
corporate/4.0/i586/expect-8.4.11-1.3.20060mlcs4.i586.rpm
2f76f932af5019692972d3fe8cbe942b
corporate/4.0/i586/itcl-8.4.11-1.3.20060mlcs4.i586.rpm
059e9d9563b405543ccec50b92fa49e3
corporate/4.0/i586/iwidgets-8.4.11-1.3.20060mlcs4.i586.rpm
014aeb9e3dc0e3899fa4b5b5d8c7c704
corporate/4.0/i586/libtcl8.4-8.4.11-1.3.20060mlcs4.i586.rpm
b35a6907bd77090e61fec7d65bbcf80a
corporate/4.0/i586/libtk8.4-8.4.11-1.3.20060mlcs4.i586.rpm
01ca6961c52b0f1739a6aba00be421ea
corporate/4.0/i586/tcl-8.4.11-1.3.20060mlcs4.i586.rpm
db164a6464887403276021736452643c
corporate/4.0/i586/tcllib-8.4.11-1.3.20060mlcs4.i586.rpm
cf1c172d676d667dcd6c3b78e116fb2a
corporate/4.0/i586/tclx-8.4.11-1.3.20060mlcs4.i586.rpm
80688ec696067190d438844dd1c1ebd4
corporate/4.0/i586/tix-8.4.11-1.3.20060mlcs4.i586.rpm
03dd827528301f02038d3696c36f1f86
corporate/4.0/i586/tk-8.4.11-1.3.20060mlcs4.i586.rpm
07140ab293a0f8bbd2e85bd89b489fd5
corporate/4.0/SRPMS/tcltk-8.4.11-1.3.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
232612b1f9135e5234bff7df706ab1df
corporate/4.0/x86_64/expect-8.4.11-1.3.20060mlcs4.x86_64.rpm
078c7030c223c97d6ab8541452b63753
corporate/4.0/x86_64/itcl-8.4.11-1.3.20060mlcs4.x86_64.rpm
3ba3e8b7c99c760bc3a08a03132291e3
corporate/4.0/x86_64/iwidgets-8.4.11-1.3.20060mlcs4.x86_64.rpm
bb86132cbefd68b96aa124ecb89f672c
corporate/4.0/x86_64/lib64tcl8.4-8.4.11-1.3.20060mlcs4.x86_64.rpm
868ea1ba1a40899c20e7ccfb49683dfd
corporate/4.0/x86_64/lib64tk8.4-8.4.11-1.3.20060mlcs4.x86_64.rpm
e508a95776eb6df6173a696f4db57871
corporate/4.0/x86_64/tcl-8.4.11-1.3.20060mlcs4.x86_64.rpm
97a832f2d7ca0fe9a9784d2ed9800533
corporate/4.0/x86_64/tcllib-8.4.11-1.3.20060mlcs4.x86_64.rpm
1829edd678990445ddf160f1ba7953d3
corporate/4.0/x86_64/tclx-8.4.11-1.3.20060mlcs4.x86_64.rpm
16851058602125ff6b2a34ca0732ffb9
corporate/4.0/x86_64/tix-8.4.11-1.3.20060mlcs4.x86_64.rpm
094fb75804cd0458f073c41561f3b0e7
corporate/4.0/x86_64/tk-8.4.11-1.3.20060mlcs4.x86_64.rpm
07140ab293a0f8bbd2e85bd89b489fd5
corporate/4.0/SRPMS/tcltk-8.4.11-1.3.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
iD8DBQFHzu0hmqjQ0CJFipgRAu/NAJ9HlV2actdS3759zWv52I2E0WXfmACfZ2qG
ECG/JHPiF9WC6uUiU76BKpw=
=g0B/
-----END PGP SIGNATURE-----