lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-id: <E1JX1jC-00062Z-9V@artemis.annvix.ca>
Date: Wed, 05 Mar 2008 15:04:46 -0700
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDVSA-2008:059 ] - Updated tcl packages fix vulnerability


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDVSA-2008:059
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : tcl
 Date    : March 5, 2008
 Affected: 2007.0, 2007.1, 2008.0, Corporate 3.0, Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 A flaw in the Tcl regular expression handling engine was originally
 discovered by Will Drewry in the PostgreSQL database server's Tcl
 regular expression engine.  This flaw can result in an infinite loop
 when processing certain regular expressions.
 
 The updated packages have been patched to correct these issues.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4772
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 bde7e57d9dc7d568c0390ba3db4b5a3c  2007.0/i586/libtcl8.4-8.4.13-1.1mdv2007.0.i586.rpm
 d5a61fcda52e37a15c19e7d5c068656e  2007.0/i586/libtcl8.4-devel-8.4.13-1.1mdv2007.0.i586.rpm
 b243426d0d7f8d0a10ba70651feaef03  2007.0/i586/tcl-8.4.13-1.1mdv2007.0.i586.rpm 
 4f287e93256eaf7c84a0448ef2008020  2007.0/SRPMS/tcl-8.4.13-1.1mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 fa6beda37d3eaf2200e3b30af08751e9  2007.0/x86_64/lib64tcl8.4-8.4.13-1.1mdv2007.0.x86_64.rpm
 46aa8b711feb915543ae2191da82bd01  2007.0/x86_64/lib64tcl8.4-devel-8.4.13-1.1mdv2007.0.x86_64.rpm
 105fc5f39986cc6db6b4adb068baf425  2007.0/x86_64/tcl-8.4.13-1.1mdv2007.0.x86_64.rpm 
 4f287e93256eaf7c84a0448ef2008020  2007.0/SRPMS/tcl-8.4.13-1.1mdv2007.0.src.rpm

 Mandriva Linux 2007.1:
 5d5648b2bb457b157e1c30329f9891c7  2007.1/i586/libtcl8.4-8.4.14-1.1mdv2007.1.i586.rpm
 a98f64c60b59d32e54baf01275c85cbf  2007.1/i586/libtcl8.4-devel-8.4.14-1.1mdv2007.1.i586.rpm
 62b8899728974799108afe5a5c39b34a  2007.1/i586/tcl-8.4.14-1.1mdv2007.1.i586.rpm 
 569e9de9c684040893255a5800b49037  2007.1/SRPMS/tcl-8.4.14-1.1mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 817d49b898cc17e360141894c922e6cd  2007.1/x86_64/lib64tcl8.4-8.4.14-1.1mdv2007.1.x86_64.rpm
 4b277a29b3c41b37010e7c10f9644f7f  2007.1/x86_64/lib64tcl8.4-devel-8.4.14-1.1mdv2007.1.x86_64.rpm
 70bbb7e664ec0fd8636faf6734e205a3  2007.1/x86_64/tcl-8.4.14-1.1mdv2007.1.x86_64.rpm 
 569e9de9c684040893255a5800b49037  2007.1/SRPMS/tcl-8.4.14-1.1mdv2007.1.src.rpm

 Mandriva Linux 2008.0:
 b474df935ae9405261886dc3983876e7  2008.0/i586/libtcl-devel-8.5a6-4.1mdv2008.0.i586.rpm
 6e675eb728a9e61b139b1084fd451298  2008.0/i586/libtcl8.5-8.5a6-4.1mdv2008.0.i586.rpm
 50111e483a4d70a7522038532f583e7d  2008.0/i586/tcl-8.5a6-4.1mdv2008.0.i586.rpm 
 42741c6d8cd19fb3907ceb97d934a6f6  2008.0/SRPMS/tcl-8.5a6-4.1mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 72982af24a4ed7c44ec46f8f4b593dee  2008.0/x86_64/lib64tcl-devel-8.5a6-4.1mdv2008.0.x86_64.rpm
 3acb0a9ebc9aab51b6ff23d316721518  2008.0/x86_64/lib64tcl8.5-8.5a6-4.1mdv2008.0.x86_64.rpm
 35a0827df193416c3ea6400309b4ae30  2008.0/x86_64/tcl-8.5a6-4.1mdv2008.0.x86_64.rpm 
 42741c6d8cd19fb3907ceb97d934a6f6  2008.0/SRPMS/tcl-8.5a6-4.1mdv2008.0.src.rpm

 Corporate 3.0:
 45c8fbd95bebbad1b23f8bb2b15abe31  corporate/3.0/i586/expect-8.4.5-3.3.C30mdk.i586.rpm
 a45706ad62f18aa9a9ee532ece27349f  corporate/3.0/i586/itcl-8.4.5-3.3.C30mdk.i586.rpm
 f448c6df20f64d967bf51cfc89139c61  corporate/3.0/i586/tcl-8.4.5-3.3.C30mdk.i586.rpm
 508f120b23e7de9f91e68b6416360c57  corporate/3.0/i586/tcllib-8.4.5-3.3.C30mdk.i586.rpm
 78a9d355932b0584734f927bf0bd21cb  corporate/3.0/i586/tclx-8.4.5-3.3.C30mdk.i586.rpm
 dc15072dc76732f54e7effc67aa506e9  corporate/3.0/i586/tix-8.4.5-3.3.C30mdk.i586.rpm
 1ad401d437998a447f8767eac0ed3f64  corporate/3.0/i586/tk-8.4.5-3.3.C30mdk.i586.rpm 
 aca59d9916edfbf607b42a089c4e51f5  corporate/3.0/SRPMS/tcltk-8.4.5-3.3.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 ab9dcf95b516f63779a48fa5da217e2c  corporate/3.0/x86_64/expect-8.4.5-3.3.C30mdk.x86_64.rpm
 ccf0b17e73baed1a5597698501d4e16c  corporate/3.0/x86_64/itcl-8.4.5-3.3.C30mdk.x86_64.rpm
 7004fe82ceadb690a1c537dfffa8a602  corporate/3.0/x86_64/tcl-8.4.5-3.3.C30mdk.x86_64.rpm
 8082288dd36eefe4f59f288636d86f52  corporate/3.0/x86_64/tcllib-8.4.5-3.3.C30mdk.x86_64.rpm
 0d535ba37b8521ba2aed9ef62597b91f  corporate/3.0/x86_64/tclx-8.4.5-3.3.C30mdk.x86_64.rpm
 8eb5591457bdac01a6ebd5946bedbae2  corporate/3.0/x86_64/tix-8.4.5-3.3.C30mdk.x86_64.rpm
 73d05959408f8daba243008033d1214c  corporate/3.0/x86_64/tk-8.4.5-3.3.C30mdk.x86_64.rpm 
 aca59d9916edfbf607b42a089c4e51f5  corporate/3.0/SRPMS/tcltk-8.4.5-3.3.C30mdk.src.rpm

 Corporate 4.0:
 5a24c2fa2c3ef75bf5a6a9c8e8d9fde4  corporate/4.0/i586/expect-8.4.11-1.3.20060mlcs4.i586.rpm
 2f76f932af5019692972d3fe8cbe942b  corporate/4.0/i586/itcl-8.4.11-1.3.20060mlcs4.i586.rpm
 059e9d9563b405543ccec50b92fa49e3  corporate/4.0/i586/iwidgets-8.4.11-1.3.20060mlcs4.i586.rpm
 014aeb9e3dc0e3899fa4b5b5d8c7c704  corporate/4.0/i586/libtcl8.4-8.4.11-1.3.20060mlcs4.i586.rpm
 b35a6907bd77090e61fec7d65bbcf80a  corporate/4.0/i586/libtk8.4-8.4.11-1.3.20060mlcs4.i586.rpm
 01ca6961c52b0f1739a6aba00be421ea  corporate/4.0/i586/tcl-8.4.11-1.3.20060mlcs4.i586.rpm
 db164a6464887403276021736452643c  corporate/4.0/i586/tcllib-8.4.11-1.3.20060mlcs4.i586.rpm
 cf1c172d676d667dcd6c3b78e116fb2a  corporate/4.0/i586/tclx-8.4.11-1.3.20060mlcs4.i586.rpm
 80688ec696067190d438844dd1c1ebd4  corporate/4.0/i586/tix-8.4.11-1.3.20060mlcs4.i586.rpm
 03dd827528301f02038d3696c36f1f86  corporate/4.0/i586/tk-8.4.11-1.3.20060mlcs4.i586.rpm 
 07140ab293a0f8bbd2e85bd89b489fd5  corporate/4.0/SRPMS/tcltk-8.4.11-1.3.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 232612b1f9135e5234bff7df706ab1df  corporate/4.0/x86_64/expect-8.4.11-1.3.20060mlcs4.x86_64.rpm
 078c7030c223c97d6ab8541452b63753  corporate/4.0/x86_64/itcl-8.4.11-1.3.20060mlcs4.x86_64.rpm
 3ba3e8b7c99c760bc3a08a03132291e3  corporate/4.0/x86_64/iwidgets-8.4.11-1.3.20060mlcs4.x86_64.rpm
 bb86132cbefd68b96aa124ecb89f672c  corporate/4.0/x86_64/lib64tcl8.4-8.4.11-1.3.20060mlcs4.x86_64.rpm
 868ea1ba1a40899c20e7ccfb49683dfd  corporate/4.0/x86_64/lib64tk8.4-8.4.11-1.3.20060mlcs4.x86_64.rpm
 e508a95776eb6df6173a696f4db57871  corporate/4.0/x86_64/tcl-8.4.11-1.3.20060mlcs4.x86_64.rpm
 97a832f2d7ca0fe9a9784d2ed9800533  corporate/4.0/x86_64/tcllib-8.4.11-1.3.20060mlcs4.x86_64.rpm
 1829edd678990445ddf160f1ba7953d3  corporate/4.0/x86_64/tclx-8.4.11-1.3.20060mlcs4.x86_64.rpm
 16851058602125ff6b2a34ca0732ffb9  corporate/4.0/x86_64/tix-8.4.11-1.3.20060mlcs4.x86_64.rpm
 094fb75804cd0458f073c41561f3b0e7  corporate/4.0/x86_64/tk-8.4.11-1.3.20060mlcs4.x86_64.rpm 
 07140ab293a0f8bbd2e85bd89b489fd5  corporate/4.0/SRPMS/tcltk-8.4.11-1.3.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)

iD8DBQFHzu0hmqjQ0CJFipgRAu/NAJ9HlV2actdS3759zWv52I2E0WXfmACfZ2qG
ECG/JHPiF9WC6uUiU76BKpw=
=g0B/
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ