Skip to navigation

Security Advisory Moderate: tcl security and bug fix update

Advisory: RHSA-2013:0122-1
Type: Security Advisory
Severity: Moderate
Issued on: 2013-01-08
Last updated on: 2013-01-08
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
CVEs (cve.mitre.org): CVE-2007-4772
CVE-2007-6067

Details

Updated tcl packages that fix two security issues and one bug are now
available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

Tcl (Tool Command Language) provides a powerful platform for creating
integration applications that tie together diverse applications, protocols,
devices, and frameworks. When paired with the Tk toolkit, Tcl provides a
fast and powerful way to create cross-platform GUI applications.

Two denial of service flaws were found in the Tcl regular expression
handling engine. If Tcl or an application using Tcl processed a
specially-crafted regular expression, it would lead to excessive CPU and
memory consumption. (CVE-2007-4772, CVE-2007-6067)

This update also fixes the following bug:

* Due to a suboptimal implementation of threading in the current version of
the Tcl language interpreter, an attempt to use threads in combination with
fork in a Tcl script could cause the script to stop responding. At the
moment, it is not possible to rewrite the source code or drop support for
threading entirely. Consequent to this, this update provides a version of
Tcl without threading support in addition to the standard version with this
support. Users who need to use fork in their Tcl scripts and do not require
threading can now switch to the version without threading support by using
the alternatives command. (BZ#478961)

All users of Tcl are advised to upgrade to these updated packages, which
contain backported patches to correct these issues.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Updated packages

RHEL Desktop Workstation (v. 5 client)

SRPMS:
tcl-8.4.13-6.el5.src.rpm     MD5: ceeeaad31e5a7d3218e61dbde0fbcea8
SHA-256: 2c86b3e9c10c0fa8c47507cf1a94676ee0585c7360ea82ccb2852582a02716dc
 
IA-32:
tcl-debuginfo-8.4.13-6.el5.i386.rpm     MD5: 5a8b1c3879bc8283aa70a5c5988fd675
SHA-256: 47297032028e4464e356d2a83dad35e8718c15f0b59950b4ee849b9abe9948a1
tcl-devel-8.4.13-6.el5.i386.rpm     MD5: 6af75521df08294ae332984b8b664dd0
SHA-256: 037b3c7c56c6effaf11be195ccb4bd27928b8af05c1c6690972107bb3972a106
 
x86_64:
tcl-debuginfo-8.4.13-6.el5.i386.rpm     MD5: 5a8b1c3879bc8283aa70a5c5988fd675
SHA-256: 47297032028e4464e356d2a83dad35e8718c15f0b59950b4ee849b9abe9948a1
tcl-debuginfo-8.4.13-6.el5.x86_64.rpm     MD5: a585ddc7cb385c80d19ce80ea89447b2
SHA-256: 667b6a4688d764cea6c31b9e255ec884810df3fbf329dbdaf1afbefbc6459639
tcl-devel-8.4.13-6.el5.i386.rpm     MD5: 6af75521df08294ae332984b8b664dd0
SHA-256: 037b3c7c56c6effaf11be195ccb4bd27928b8af05c1c6690972107bb3972a106
tcl-devel-8.4.13-6.el5.x86_64.rpm     MD5: 0c378066eeb4c377fa31cbee2f4cce20
SHA-256: 820f173560ac9de3c54baa30b520db853b830fafed1d01bee93414c200797304
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
tcl-8.4.13-6.el5.src.rpm     MD5: ceeeaad31e5a7d3218e61dbde0fbcea8
SHA-256: 2c86b3e9c10c0fa8c47507cf1a94676ee0585c7360ea82ccb2852582a02716dc
 
IA-32:
tcl-8.4.13-6.el5.i386.rpm     MD5: 974e18f03832f552de171776b091ca18
SHA-256: e8bbe5441d7ba3103050533f4eceaac9752b25c210bb0a98c9ed44736e9fa9fb
tcl-debuginfo-8.4.13-6.el5.i386.rpm     MD5: 5a8b1c3879bc8283aa70a5c5988fd675
SHA-256: 47297032028e4464e356d2a83dad35e8718c15f0b59950b4ee849b9abe9948a1
tcl-devel-8.4.13-6.el5.i386.rpm     MD5: 6af75521df08294ae332984b8b664dd0
SHA-256: 037b3c7c56c6effaf11be195ccb4bd27928b8af05c1c6690972107bb3972a106
tcl-html-8.4.13-6.el5.i386.rpm     MD5: cae10fc18d9a3437844de7b97df02ccb
SHA-256: 6debc3686a9c5238a381953a88bc8acddb3d715b3a0d8a55f3b852d4c8ad371c
 
IA-64:
tcl-8.4.13-6.el5.ia64.rpm     MD5: 479b00e7857bc7b0749a8d830a3b1486
SHA-256: cd472e08679a4e0139fdafb57f04b1c3b34a5266824dfd2db361ca95ed696369
tcl-debuginfo-8.4.13-6.el5.ia64.rpm     MD5: 45a8ad76413f1ebcbd3adbd98cc6a376
SHA-256: c45fa6a3384d59bd760684f5af5bc3ff95d8abb4b6a6b70399c7a4f90105e89d
tcl-devel-8.4.13-6.el5.ia64.rpm     MD5: dc7136af134ec85d5b29eb5d0409a2e9
SHA-256: 1708a082146853cd3c9b2b88bfce2bbd9752523048e497db15987c94375813f6
tcl-html-8.4.13-6.el5.ia64.rpm     MD5: ab4b462b4159c336baff9f2e79d15966
SHA-256: 58b8b0f9ee7ad05d56ac387a0e3624022dbf9cb04c40a2dff6064e466668cbbf
 
PPC:
tcl-8.4.13-6.el5.ppc.rpm     MD5: d4b2260071fedebccb5fce152138c444
SHA-256: 9c8980e3fa3387511faaa90ccd6c11e2f483ecf0ed9722d79c157ccd8f1f8298
tcl-8.4.13-6.el5.ppc64.rpm     MD5: 5fc41a84a6d666a84ab1b03d45f8da9d
SHA-256: 88e7bd6dfd32c80b0ac281af8368a8bedefe6c60122b32348d4e6a5b5be7aeeb
tcl-debuginfo-8.4.13-6.el5.ppc.rpm     MD5: 84d4faee2c660150204b4352b632e669
SHA-256: c419f9e133e819f28b9cc1d942a4d9640943d62c1495ffd28e63e74c11bf3874
tcl-debuginfo-8.4.13-6.el5.ppc64.rpm     MD5: b6b70bd32df9109c8a3a611806623922
SHA-256: b66ec9d620bfd4c57afd32a13cdacf001853ccbb3453289e34e45d03f3b84e98
tcl-devel-8.4.13-6.el5.ppc.rpm     MD5: ace9a958551248809169ba9f69f55b4a
SHA-256: 615f4c4c4a49bde85cc1bfd8666cc923f0cca38d7fdd8995d6bfabd1dac0663e
tcl-devel-8.4.13-6.el5.ppc64.rpm     MD5: c7175df70a1cb29d17bfd04640395b8d
SHA-256: d3dcfd19a79a8ad6841b4dcb053b5c3f242d6c8136b10e0ac6176998405e5822
tcl-html-8.4.13-6.el5.ppc.rpm     MD5: 562641fb05e4ddc118d1cb4c9124c27e
SHA-256: 227ae8727fd09f6413c8e79c082c5f39b97c632b35671427cb8b003dc5574120
 
s390x:
tcl-8.4.13-6.el5.s390.rpm     MD5: f343d6663f5a2108da71e55044d4c16b
SHA-256: 5cc3f209463a1ff0e82f209baf3664e1c8b02c1c4a08b8bd50bc867d00c937a2
tcl-8.4.13-6.el5.s390x.rpm     MD5: 1e9b834db120d990f6e6f27dcaf5b3fb
SHA-256: 1946de5b292662f390d471df131110a00c4a7400be3d911233c203412c5de9d6
tcl-debuginfo-8.4.13-6.el5.s390.rpm     MD5: 32bbf8f669695e30cdf5ce9a9bd35bab
SHA-256: b2c9dff65d4624176e1ef1cd85c971663d74823f34c31209870b96fa79ba32b9
tcl-debuginfo-8.4.13-6.el5.s390x.rpm     MD5: ac45de28d7bf54c4768e90fbc5910b92
SHA-256: b058556d58fd7bc85e29c9db24199b21fcc49cb45ab39e50d0bb4745294d82bb
tcl-devel-8.4.13-6.el5.s390.rpm     MD5: 01c614beab66a9d35b349c7967b481fe
SHA-256: 22c5c8f714c7113d445a36721bb709a9819a044b5fc0c770c89c4215bb2476b2
tcl-devel-8.4.13-6.el5.s390x.rpm     MD5: ab8d93a3a87cca16b303151ac0fe2d9b
SHA-256: 0f92765924d7226de4d14f436249a63824518fe793db2fff21ac6e5581ae9030
tcl-html-8.4.13-6.el5.s390x.rpm     MD5: bfff5468388cc2f3073aef99dd54a86a
SHA-256: 48d3b10daff8c0a2b53986769134a1d86acac9c06a7fe423ca0a84447a7a5106
 
x86_64:
tcl-8.4.13-6.el5.i386.rpm     MD5: 974e18f03832f552de171776b091ca18
SHA-256: e8bbe5441d7ba3103050533f4eceaac9752b25c210bb0a98c9ed44736e9fa9fb
tcl-8.4.13-6.el5.x86_64.rpm     MD5: 2d9ed9af780ea7fc185f29664cbff0ea
SHA-256: 1f1d1cc4d799acbd218aa5c2ebf2fae122cdf6ebc5153fbd340ed6272a13d4ed
tcl-debuginfo-8.4.13-6.el5.i386.rpm     MD5: 5a8b1c3879bc8283aa70a5c5988fd675
SHA-256: 47297032028e4464e356d2a83dad35e8718c15f0b59950b4ee849b9abe9948a1
tcl-debuginfo-8.4.13-6.el5.x86_64.rpm     MD5: a585ddc7cb385c80d19ce80ea89447b2
SHA-256: 667b6a4688d764cea6c31b9e255ec884810df3fbf329dbdaf1afbefbc6459639
tcl-devel-8.4.13-6.el5.i386.rpm     MD5: 6af75521df08294ae332984b8b664dd0
SHA-256: 037b3c7c56c6effaf11be195ccb4bd27928b8af05c1c6690972107bb3972a106
tcl-devel-8.4.13-6.el5.x86_64.rpm     MD5: 0c378066eeb4c377fa31cbee2f4cce20
SHA-256: 820f173560ac9de3c54baa30b520db853b830fafed1d01bee93414c200797304
tcl-html-8.4.13-6.el5.x86_64.rpm     MD5: 918b03473d764f7b55e525e448b68b04
SHA-256: 7aa9fff13b8fe30982284379a780626e3002b8527c17a1ad2987a87ecb11781b
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
tcl-8.4.13-6.el5.src.rpm     MD5: ceeeaad31e5a7d3218e61dbde0fbcea8
SHA-256: 2c86b3e9c10c0fa8c47507cf1a94676ee0585c7360ea82ccb2852582a02716dc
 
IA-32:
tcl-8.4.13-6.el5.i386.rpm     MD5: 974e18f03832f552de171776b091ca18
SHA-256: e8bbe5441d7ba3103050533f4eceaac9752b25c210bb0a98c9ed44736e9fa9fb
tcl-debuginfo-8.4.13-6.el5.i386.rpm     MD5: 5a8b1c3879bc8283aa70a5c5988fd675
SHA-256: 47297032028e4464e356d2a83dad35e8718c15f0b59950b4ee849b9abe9948a1
tcl-html-8.4.13-6.el5.i386.rpm     MD5: cae10fc18d9a3437844de7b97df02ccb
SHA-256: 6debc3686a9c5238a381953a88bc8acddb3d715b3a0d8a55f3b852d4c8ad371c
 
x86_64:
tcl-8.4.13-6.el5.i386.rpm     MD5: 974e18f03832f552de171776b091ca18
SHA-256: e8bbe5441d7ba3103050533f4eceaac9752b25c210bb0a98c9ed44736e9fa9fb
tcl-8.4.13-6.el5.x86_64.rpm     MD5: 2d9ed9af780ea7fc185f29664cbff0ea
SHA-256: 1f1d1cc4d799acbd218aa5c2ebf2fae122cdf6ebc5153fbd340ed6272a13d4ed
tcl-debuginfo-8.4.13-6.el5.i386.rpm     MD5: 5a8b1c3879bc8283aa70a5c5988fd675
SHA-256: 47297032028e4464e356d2a83dad35e8718c15f0b59950b4ee849b9abe9948a1
tcl-debuginfo-8.4.13-6.el5.x86_64.rpm     MD5: a585ddc7cb385c80d19ce80ea89447b2
SHA-256: 667b6a4688d764cea6c31b9e255ec884810df3fbf329dbdaf1afbefbc6459639
tcl-html-8.4.13-6.el5.x86_64.rpm     MD5: 918b03473d764f7b55e525e448b68b04
SHA-256: 7aa9fff13b8fe30982284379a780626e3002b8527c17a1ad2987a87ecb11781b
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

316511 - CVE-2007-4772 postgresql DoS via infinite loop in regex NFA optimization code
400931 - CVE-2007-6067 postgresql: tempory DoS caused by slow regex NFA cleanup
478961 - [RHEL5] tcl threads support implementation can cause scripts to hang


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/