[<prev] [next>] [day] [month] [year] [list]
Message-id: <E1JX1jC-00062Z-9V@artemis.annvix.ca>
Date: Wed, 05 Mar 2008 15:04:46 -0700
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDVSA-2008:059 ] - Updated tcl packages fix vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2008:059
http://www.mandriva.com/security/
_______________________________________________________________________
Package : tcl
Date : March 5, 2008
Affected: 2007.0, 2007.1, 2008.0, Corporate 3.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
A flaw in the Tcl regular expression handling engine was originally
discovered by Will Drewry in the PostgreSQL database server's Tcl
regular expression engine. This flaw can result in an infinite loop
when processing certain regular expressions.
The updated packages have been patched to correct these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4772
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.0:
bde7e57d9dc7d568c0390ba3db4b5a3c 2007.0/i586/libtcl8.4-8.4.13-1.1mdv2007.0.i586.rpm
d5a61fcda52e37a15c19e7d5c068656e 2007.0/i586/libtcl8.4-devel-8.4.13-1.1mdv2007.0.i586.rpm
b243426d0d7f8d0a10ba70651feaef03 2007.0/i586/tcl-8.4.13-1.1mdv2007.0.i586.rpm
4f287e93256eaf7c84a0448ef2008020 2007.0/SRPMS/tcl-8.4.13-1.1mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
fa6beda37d3eaf2200e3b30af08751e9 2007.0/x86_64/lib64tcl8.4-8.4.13-1.1mdv2007.0.x86_64.rpm
46aa8b711feb915543ae2191da82bd01 2007.0/x86_64/lib64tcl8.4-devel-8.4.13-1.1mdv2007.0.x86_64.rpm
105fc5f39986cc6db6b4adb068baf425 2007.0/x86_64/tcl-8.4.13-1.1mdv2007.0.x86_64.rpm
4f287e93256eaf7c84a0448ef2008020 2007.0/SRPMS/tcl-8.4.13-1.1mdv2007.0.src.rpm
Mandriva Linux 2007.1:
5d5648b2bb457b157e1c30329f9891c7 2007.1/i586/libtcl8.4-8.4.14-1.1mdv2007.1.i586.rpm
a98f64c60b59d32e54baf01275c85cbf 2007.1/i586/libtcl8.4-devel-8.4.14-1.1mdv2007.1.i586.rpm
62b8899728974799108afe5a5c39b34a 2007.1/i586/tcl-8.4.14-1.1mdv2007.1.i586.rpm
569e9de9c684040893255a5800b49037 2007.1/SRPMS/tcl-8.4.14-1.1mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64:
817d49b898cc17e360141894c922e6cd 2007.1/x86_64/lib64tcl8.4-8.4.14-1.1mdv2007.1.x86_64.rpm
4b277a29b3c41b37010e7c10f9644f7f 2007.1/x86_64/lib64tcl8.4-devel-8.4.14-1.1mdv2007.1.x86_64.rpm
70bbb7e664ec0fd8636faf6734e205a3 2007.1/x86_64/tcl-8.4.14-1.1mdv2007.1.x86_64.rpm
569e9de9c684040893255a5800b49037 2007.1/SRPMS/tcl-8.4.14-1.1mdv2007.1.src.rpm
Mandriva Linux 2008.0:
b474df935ae9405261886dc3983876e7 2008.0/i586/libtcl-devel-8.5a6-4.1mdv2008.0.i586.rpm
6e675eb728a9e61b139b1084fd451298 2008.0/i586/libtcl8.5-8.5a6-4.1mdv2008.0.i586.rpm
50111e483a4d70a7522038532f583e7d 2008.0/i586/tcl-8.5a6-4.1mdv2008.0.i586.rpm
42741c6d8cd19fb3907ceb97d934a6f6 2008.0/SRPMS/tcl-8.5a6-4.1mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
72982af24a4ed7c44ec46f8f4b593dee 2008.0/x86_64/lib64tcl-devel-8.5a6-4.1mdv2008.0.x86_64.rpm
3acb0a9ebc9aab51b6ff23d316721518 2008.0/x86_64/lib64tcl8.5-8.5a6-4.1mdv2008.0.x86_64.rpm
35a0827df193416c3ea6400309b4ae30 2008.0/x86_64/tcl-8.5a6-4.1mdv2008.0.x86_64.rpm
42741c6d8cd19fb3907ceb97d934a6f6 2008.0/SRPMS/tcl-8.5a6-4.1mdv2008.0.src.rpm
Corporate 3.0:
45c8fbd95bebbad1b23f8bb2b15abe31 corporate/3.0/i586/expect-8.4.5-3.3.C30mdk.i586.rpm
a45706ad62f18aa9a9ee532ece27349f corporate/3.0/i586/itcl-8.4.5-3.3.C30mdk.i586.rpm
f448c6df20f64d967bf51cfc89139c61 corporate/3.0/i586/tcl-8.4.5-3.3.C30mdk.i586.rpm
508f120b23e7de9f91e68b6416360c57 corporate/3.0/i586/tcllib-8.4.5-3.3.C30mdk.i586.rpm
78a9d355932b0584734f927bf0bd21cb corporate/3.0/i586/tclx-8.4.5-3.3.C30mdk.i586.rpm
dc15072dc76732f54e7effc67aa506e9 corporate/3.0/i586/tix-8.4.5-3.3.C30mdk.i586.rpm
1ad401d437998a447f8767eac0ed3f64 corporate/3.0/i586/tk-8.4.5-3.3.C30mdk.i586.rpm
aca59d9916edfbf607b42a089c4e51f5 corporate/3.0/SRPMS/tcltk-8.4.5-3.3.C30mdk.src.rpm
Corporate 3.0/X86_64:
ab9dcf95b516f63779a48fa5da217e2c corporate/3.0/x86_64/expect-8.4.5-3.3.C30mdk.x86_64.rpm
ccf0b17e73baed1a5597698501d4e16c corporate/3.0/x86_64/itcl-8.4.5-3.3.C30mdk.x86_64.rpm
7004fe82ceadb690a1c537dfffa8a602 corporate/3.0/x86_64/tcl-8.4.5-3.3.C30mdk.x86_64.rpm
8082288dd36eefe4f59f288636d86f52 corporate/3.0/x86_64/tcllib-8.4.5-3.3.C30mdk.x86_64.rpm
0d535ba37b8521ba2aed9ef62597b91f corporate/3.0/x86_64/tclx-8.4.5-3.3.C30mdk.x86_64.rpm
8eb5591457bdac01a6ebd5946bedbae2 corporate/3.0/x86_64/tix-8.4.5-3.3.C30mdk.x86_64.rpm
73d05959408f8daba243008033d1214c corporate/3.0/x86_64/tk-8.4.5-3.3.C30mdk.x86_64.rpm
aca59d9916edfbf607b42a089c4e51f5 corporate/3.0/SRPMS/tcltk-8.4.5-3.3.C30mdk.src.rpm
Corporate 4.0:
5a24c2fa2c3ef75bf5a6a9c8e8d9fde4 corporate/4.0/i586/expect-8.4.11-1.3.20060mlcs4.i586.rpm
2f76f932af5019692972d3fe8cbe942b corporate/4.0/i586/itcl-8.4.11-1.3.20060mlcs4.i586.rpm
059e9d9563b405543ccec50b92fa49e3 corporate/4.0/i586/iwidgets-8.4.11-1.3.20060mlcs4.i586.rpm
014aeb9e3dc0e3899fa4b5b5d8c7c704 corporate/4.0/i586/libtcl8.4-8.4.11-1.3.20060mlcs4.i586.rpm
b35a6907bd77090e61fec7d65bbcf80a corporate/4.0/i586/libtk8.4-8.4.11-1.3.20060mlcs4.i586.rpm
01ca6961c52b0f1739a6aba00be421ea corporate/4.0/i586/tcl-8.4.11-1.3.20060mlcs4.i586.rpm
db164a6464887403276021736452643c corporate/4.0/i586/tcllib-8.4.11-1.3.20060mlcs4.i586.rpm
cf1c172d676d667dcd6c3b78e116fb2a corporate/4.0/i586/tclx-8.4.11-1.3.20060mlcs4.i586.rpm
80688ec696067190d438844dd1c1ebd4 corporate/4.0/i586/tix-8.4.11-1.3.20060mlcs4.i586.rpm
03dd827528301f02038d3696c36f1f86 corporate/4.0/i586/tk-8.4.11-1.3.20060mlcs4.i586.rpm
07140ab293a0f8bbd2e85bd89b489fd5 corporate/4.0/SRPMS/tcltk-8.4.11-1.3.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
232612b1f9135e5234bff7df706ab1df corporate/4.0/x86_64/expect-8.4.11-1.3.20060mlcs4.x86_64.rpm
078c7030c223c97d6ab8541452b63753 corporate/4.0/x86_64/itcl-8.4.11-1.3.20060mlcs4.x86_64.rpm
3ba3e8b7c99c760bc3a08a03132291e3 corporate/4.0/x86_64/iwidgets-8.4.11-1.3.20060mlcs4.x86_64.rpm
bb86132cbefd68b96aa124ecb89f672c corporate/4.0/x86_64/lib64tcl8.4-8.4.11-1.3.20060mlcs4.x86_64.rpm
868ea1ba1a40899c20e7ccfb49683dfd corporate/4.0/x86_64/lib64tk8.4-8.4.11-1.3.20060mlcs4.x86_64.rpm
e508a95776eb6df6173a696f4db57871 corporate/4.0/x86_64/tcl-8.4.11-1.3.20060mlcs4.x86_64.rpm
97a832f2d7ca0fe9a9784d2ed9800533 corporate/4.0/x86_64/tcllib-8.4.11-1.3.20060mlcs4.x86_64.rpm
1829edd678990445ddf160f1ba7953d3 corporate/4.0/x86_64/tclx-8.4.11-1.3.20060mlcs4.x86_64.rpm
16851058602125ff6b2a34ca0732ffb9 corporate/4.0/x86_64/tix-8.4.11-1.3.20060mlcs4.x86_64.rpm
094fb75804cd0458f073c41561f3b0e7 corporate/4.0/x86_64/tk-8.4.11-1.3.20060mlcs4.x86_64.rpm
07140ab293a0f8bbd2e85bd89b489fd5 corporate/4.0/SRPMS/tcltk-8.4.11-1.3.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
iD8DBQFHzu0hmqjQ0CJFipgRAu/NAJ9HlV2actdS3759zWv52I2E0WXfmACfZ2qG
ECG/JHPiF9WC6uUiU76BKpw=
=g0B/
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists