-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2008:059 http://www.mandriva.com/security/ _______________________________________________________________________ Package : tcl Date : March 5, 2008 Affected: 2007.0, 2007.1, 2008.0, Corporate 3.0, Corporate 4.0 _______________________________________________________________________ Problem Description: A flaw in the Tcl regular expression handling engine was originally discovered by Will Drewry in the PostgreSQL database server's Tcl regular expression engine. This flaw can result in an infinite loop when processing certain regular expressions. The updated packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4772 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.0: bde7e57d9dc7d568c0390ba3db4b5a3c 2007.0/i586/libtcl8.4-8.4.13-1.1mdv2007.0.i586.rpm d5a61fcda52e37a15c19e7d5c068656e 2007.0/i586/libtcl8.4-devel-8.4.13-1.1mdv2007.0.i586.rpm b243426d0d7f8d0a10ba70651feaef03 2007.0/i586/tcl-8.4.13-1.1mdv2007.0.i586.rpm 4f287e93256eaf7c84a0448ef2008020 2007.0/SRPMS/tcl-8.4.13-1.1mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: fa6beda37d3eaf2200e3b30af08751e9 2007.0/x86_64/lib64tcl8.4-8.4.13-1.1mdv2007.0.x86_64.rpm 46aa8b711feb915543ae2191da82bd01 2007.0/x86_64/lib64tcl8.4-devel-8.4.13-1.1mdv2007.0.x86_64.rpm 105fc5f39986cc6db6b4adb068baf425 2007.0/x86_64/tcl-8.4.13-1.1mdv2007.0.x86_64.rpm 4f287e93256eaf7c84a0448ef2008020 2007.0/SRPMS/tcl-8.4.13-1.1mdv2007.0.src.rpm Mandriva Linux 2007.1: 5d5648b2bb457b157e1c30329f9891c7 2007.1/i586/libtcl8.4-8.4.14-1.1mdv2007.1.i586.rpm a98f64c60b59d32e54baf01275c85cbf 2007.1/i586/libtcl8.4-devel-8.4.14-1.1mdv2007.1.i586.rpm 62b8899728974799108afe5a5c39b34a 2007.1/i586/tcl-8.4.14-1.1mdv2007.1.i586.rpm 569e9de9c684040893255a5800b49037 2007.1/SRPMS/tcl-8.4.14-1.1mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: 817d49b898cc17e360141894c922e6cd 2007.1/x86_64/lib64tcl8.4-8.4.14-1.1mdv2007.1.x86_64.rpm 4b277a29b3c41b37010e7c10f9644f7f 2007.1/x86_64/lib64tcl8.4-devel-8.4.14-1.1mdv2007.1.x86_64.rpm 70bbb7e664ec0fd8636faf6734e205a3 2007.1/x86_64/tcl-8.4.14-1.1mdv2007.1.x86_64.rpm 569e9de9c684040893255a5800b49037 2007.1/SRPMS/tcl-8.4.14-1.1mdv2007.1.src.rpm Mandriva Linux 2008.0: b474df935ae9405261886dc3983876e7 2008.0/i586/libtcl-devel-8.5a6-4.1mdv2008.0.i586.rpm 6e675eb728a9e61b139b1084fd451298 2008.0/i586/libtcl8.5-8.5a6-4.1mdv2008.0.i586.rpm 50111e483a4d70a7522038532f583e7d 2008.0/i586/tcl-8.5a6-4.1mdv2008.0.i586.rpm 42741c6d8cd19fb3907ceb97d934a6f6 2008.0/SRPMS/tcl-8.5a6-4.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 72982af24a4ed7c44ec46f8f4b593dee 2008.0/x86_64/lib64tcl-devel-8.5a6-4.1mdv2008.0.x86_64.rpm 3acb0a9ebc9aab51b6ff23d316721518 2008.0/x86_64/lib64tcl8.5-8.5a6-4.1mdv2008.0.x86_64.rpm 35a0827df193416c3ea6400309b4ae30 2008.0/x86_64/tcl-8.5a6-4.1mdv2008.0.x86_64.rpm 42741c6d8cd19fb3907ceb97d934a6f6 2008.0/SRPMS/tcl-8.5a6-4.1mdv2008.0.src.rpm Corporate 3.0: 45c8fbd95bebbad1b23f8bb2b15abe31 corporate/3.0/i586/expect-8.4.5-3.3.C30mdk.i586.rpm a45706ad62f18aa9a9ee532ece27349f corporate/3.0/i586/itcl-8.4.5-3.3.C30mdk.i586.rpm f448c6df20f64d967bf51cfc89139c61 corporate/3.0/i586/tcl-8.4.5-3.3.C30mdk.i586.rpm 508f120b23e7de9f91e68b6416360c57 corporate/3.0/i586/tcllib-8.4.5-3.3.C30mdk.i586.rpm 78a9d355932b0584734f927bf0bd21cb corporate/3.0/i586/tclx-8.4.5-3.3.C30mdk.i586.rpm dc15072dc76732f54e7effc67aa506e9 corporate/3.0/i586/tix-8.4.5-3.3.C30mdk.i586.rpm 1ad401d437998a447f8767eac0ed3f64 corporate/3.0/i586/tk-8.4.5-3.3.C30mdk.i586.rpm aca59d9916edfbf607b42a089c4e51f5 corporate/3.0/SRPMS/tcltk-8.4.5-3.3.C30mdk.src.rpm Corporate 3.0/X86_64: ab9dcf95b516f63779a48fa5da217e2c corporate/3.0/x86_64/expect-8.4.5-3.3.C30mdk.x86_64.rpm ccf0b17e73baed1a5597698501d4e16c corporate/3.0/x86_64/itcl-8.4.5-3.3.C30mdk.x86_64.rpm 7004fe82ceadb690a1c537dfffa8a602 corporate/3.0/x86_64/tcl-8.4.5-3.3.C30mdk.x86_64.rpm 8082288dd36eefe4f59f288636d86f52 corporate/3.0/x86_64/tcllib-8.4.5-3.3.C30mdk.x86_64.rpm 0d535ba37b8521ba2aed9ef62597b91f corporate/3.0/x86_64/tclx-8.4.5-3.3.C30mdk.x86_64.rpm 8eb5591457bdac01a6ebd5946bedbae2 corporate/3.0/x86_64/tix-8.4.5-3.3.C30mdk.x86_64.rpm 73d05959408f8daba243008033d1214c corporate/3.0/x86_64/tk-8.4.5-3.3.C30mdk.x86_64.rpm aca59d9916edfbf607b42a089c4e51f5 corporate/3.0/SRPMS/tcltk-8.4.5-3.3.C30mdk.src.rpm Corporate 4.0: 5a24c2fa2c3ef75bf5a6a9c8e8d9fde4 corporate/4.0/i586/expect-8.4.11-1.3.20060mlcs4.i586.rpm 2f76f932af5019692972d3fe8cbe942b corporate/4.0/i586/itcl-8.4.11-1.3.20060mlcs4.i586.rpm 059e9d9563b405543ccec50b92fa49e3 corporate/4.0/i586/iwidgets-8.4.11-1.3.20060mlcs4.i586.rpm 014aeb9e3dc0e3899fa4b5b5d8c7c704 corporate/4.0/i586/libtcl8.4-8.4.11-1.3.20060mlcs4.i586.rpm b35a6907bd77090e61fec7d65bbcf80a corporate/4.0/i586/libtk8.4-8.4.11-1.3.20060mlcs4.i586.rpm 01ca6961c52b0f1739a6aba00be421ea corporate/4.0/i586/tcl-8.4.11-1.3.20060mlcs4.i586.rpm db164a6464887403276021736452643c corporate/4.0/i586/tcllib-8.4.11-1.3.20060mlcs4.i586.rpm cf1c172d676d667dcd6c3b78e116fb2a corporate/4.0/i586/tclx-8.4.11-1.3.20060mlcs4.i586.rpm 80688ec696067190d438844dd1c1ebd4 corporate/4.0/i586/tix-8.4.11-1.3.20060mlcs4.i586.rpm 03dd827528301f02038d3696c36f1f86 corporate/4.0/i586/tk-8.4.11-1.3.20060mlcs4.i586.rpm 07140ab293a0f8bbd2e85bd89b489fd5 corporate/4.0/SRPMS/tcltk-8.4.11-1.3.20060mlcs4.src.rpm Corporate 4.0/X86_64: 232612b1f9135e5234bff7df706ab1df corporate/4.0/x86_64/expect-8.4.11-1.3.20060mlcs4.x86_64.rpm 078c7030c223c97d6ab8541452b63753 corporate/4.0/x86_64/itcl-8.4.11-1.3.20060mlcs4.x86_64.rpm 3ba3e8b7c99c760bc3a08a03132291e3 corporate/4.0/x86_64/iwidgets-8.4.11-1.3.20060mlcs4.x86_64.rpm bb86132cbefd68b96aa124ecb89f672c corporate/4.0/x86_64/lib64tcl8.4-8.4.11-1.3.20060mlcs4.x86_64.rpm 868ea1ba1a40899c20e7ccfb49683dfd corporate/4.0/x86_64/lib64tk8.4-8.4.11-1.3.20060mlcs4.x86_64.rpm e508a95776eb6df6173a696f4db57871 corporate/4.0/x86_64/tcl-8.4.11-1.3.20060mlcs4.x86_64.rpm 97a832f2d7ca0fe9a9784d2ed9800533 corporate/4.0/x86_64/tcllib-8.4.11-1.3.20060mlcs4.x86_64.rpm 1829edd678990445ddf160f1ba7953d3 corporate/4.0/x86_64/tclx-8.4.11-1.3.20060mlcs4.x86_64.rpm 16851058602125ff6b2a34ca0732ffb9 corporate/4.0/x86_64/tix-8.4.11-1.3.20060mlcs4.x86_64.rpm 094fb75804cd0458f073c41561f3b0e7 corporate/4.0/x86_64/tk-8.4.11-1.3.20060mlcs4.x86_64.rpm 07140ab293a0f8bbd2e85bd89b489fd5 corporate/4.0/SRPMS/tcltk-8.4.11-1.3.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (GNU/Linux) iD8DBQFHzu0hmqjQ0CJFipgRAu/NAJ9HlV2actdS3759zWv52I2E0WXfmACfZ2qG ECG/JHPiF9WC6uUiU76BKpw= =g0B/ -----END PGP SIGNATURE-----