Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Patches » RHSA-2013:0122-01

Overview

Id RHSA-2013:0122-01
Name Red Hat 2013:0122-01 RHSA Moderate: tcl security and bug fix update for RHEL 5 x86
Vendor Name red_hat
Product None
Content Type Critical Critical
Language(s)
Operating System(s) Linux 
Released On 08 Jan 2013 12:00:00

RHSA-2013:0122-01

Red Hat 2013:0122-01 RHSA Moderate: tcl security and bug fix update for RHEL 5 x86

Vendor Name

red_hat

Product

None

Released On

08 Jan 2013 12:00:00

Url

https://rhn.redhat.com/errata/RHSA-2013-0122.html

Description

LSAC(v2)
Tcl (Tool Command Language) provides a powerful platform for creating integration applications that tie together diverse applications, protocols, devices, and frameworks. When paired with the Tk toolkit, Tcl provides a fast and powerful way to create cross-platform GUI applications. Two denial of service flaws were found in the Tcl regular expression handling engine. If Tcl or an application using Tcl processed a specially-crafted regular expression, it would lead to excessive CPU and memory consumption. (CVE-2007-4772, CVE-2007-6067) This update also fixes the following bug: * Due to a suboptimal implementation of threading in the current version of the Tcl language interpreter, an attempt to use threads in combination with fork in a Tcl script could cause the script to stop responding. At the moment, it is not possible to rewrite the source code or drop support for threading entirely. Consequent to this, this update provides a version of Tcl without threading support in addition to the standard version with this support. Users who need to use fork in their Tcl scripts and do not require threading can now switch to the version without threading support by using the alternatives command. (BZ#478961) All users of Tcl are advised to upgrade to these updated packages, which contain backported patches to correct these issues.

Related Resources

Related Vulnerabilities

CVE-2007-4772   CVE-2007-6067  

Related Patches

None

Superseded Patches

None


Last Updated: 27 May 2016 11:16:11