Linux Compatible
  • News
    • Channels
    • Archive
    • Search
    • Submit
  • Articles
    • Categories
  • Knowledgebase
  • Compatibility
    • Search
  • Links
  • Forums
  • Twitter
Advertisement

Latest News
[ Windows | Linux | Apple ]

· GCC-4.9-Backport New Package for Debian 7 LTS
· NVIDIA Geforce Game Ready Driver 397.31 released
· Samsung 970 SSDs Reviews and more
· Windows Server 2019 Insider Preview Build 17650 released
· iOS 11.3.1 and macOS 10.13.4 released
· Shotwell 0.29.1 released
· PackageKit Update for Ubuntu 17.10
· Psensor and Lucene-Solr Updates for Debian 7 LTS
· Librelp and PackageKit Updates for Oracle Linux
· Linux-tools Update for Debian 8

Upcoming News
· Samsung 860 Pro SSD Review @ Vortez
· Raijintek Orcus 240 @ TechPowerUp
· Team Group Cardea Zero 240 GB @ TechPowerUp
· Guru3D Rig of the Month - January 2018
· Cooler Master MK750 Review @ Vortez
· Seagate Skyhawk 10TB SATA III HDD Review
· Vulkan Continues To Show Its Gaming Strength On Low-End Hardware
· Seagate IronWolf ST12000VN0007 12TB Hard Drive Review @ APH Networks
· Sennheiser Game One @ TechPowerUp
· be quiet! Straight Power 11 1000W Power Supply Review

Linux Compatibility
· Brother DCP-L2540DN
· Sound Blaster E5
· WD Elements 500GB external hard drive
· Canon D660U Flatbad scanner
· Umax Astra 4500 USB Scanner
· Logitech QuickCam Pro 4000
· Dell Latitude E6420
· Creative Sound Blaster Z
· Photosmart 5520
· TB-5300 Slimline Design Tablet

New Forum Topics
· Dale
by: Dale Blinco
on: 2018-02-05 00:26
1 replies, 1220 views

· modem driver needed
by: jongiffen777
on: 2017-12-13 11:11
1 replies, 2402 views

· Need a decent browser for XP Pro!
by: percy
on: 2017-12-05 11:02
2 replies, 4284 views

· Comodo Time Machine + Faronics Deep Freeze
by: Jabberwocky
on: 2017-11-15 23:17
1 replies, 2888 views

· Linux compatablity
by: ibme
on: 2017-10-04 18:05
1 replies, 4806 views

News Channels
· Drivers
· Guides
· Reviews
· Security
· Software
· Press Release
· Updates
· Interviews
· Linux
· General
· Debian
· Red Hat
· Slackware
· Gentoo
· Mandriva
· White Box
· SUSE
· GNOME
· KDE
· CentOS
· Ubuntu
· MEPIS
· Android
· Oracle Linux
· Arch Linux

What's New
Login to see an overview of all news stories since your last visit.

Welcome to our website

To take full advantage of all features you need to login or register. Registration is completely free and takes only a few seconds.

Linux Compatible » News » February 2008 » RHSA-2008:0134-01 Moderate: tcltk security update

RHSA-2008:0134-01 Moderate: tcltk security update

Posted by Bob on: 02/21/2008 10:45 PM [ Print | 0 comment(s) ]

A new update is available for Red Hat Enterprise Linux. Here the announcement:




-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: tcltk security update
Advisory ID: RHSA-2008:0134-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0134.html
Issue date: 2008-02-21
CVE Names: CVE-2008-0553 CVE-2007-5378 CVE-2007-4772
=====================================================================

1. Summary:

Updated tcltk packages that fix a security issue are now available for Red
Hat Enterprise Linux 2.1, and 3.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Description:

Tcl is a scripting language designed for embedding into other applications
and for use with Tk, a widget set.

An input validation flaw was discovered in Tk's GIF image handling. A
code-size value read from a GIF image was not properly validated before
being used, leading to a buffer overflow. A specially crafted GIF file
could use this to cause a crash or, potentially, execute code with the
privileges of the application using the Tk graphical toolkit.
(CVE-2008-0553)

A buffer overflow flaw was discovered in Tk's animated GIF image handling.
An animated GIF containing an initial image smaller than subsequent images
could cause a crash or, potentially, execute code with the privileges of
the application using the Tk library. (CVE-2007-5378)

A flaw in the Tcl regular expression handling engine was discovered by Will
Drewry. This flaw, first discovered in the Tcl regular expression engine
used in the PostgreSQL database server, resulted in an infinite loop when
processing certain regular expressions. (CVE-2007-4772)

All users are advised to upgrade to these updated packages which contain
backported patches which resolve these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bugs fixed (http://bugzilla.redhat.com/):

316511 - CVE-2007-4772 postgresql DoS via infinite loop in regex NFA optimization code
332021 - CVE-2007-5378 Tk GIF processing buffer overflow
431518 - CVE-2008-0553 tk: GIF handling buffer overflow

6. Package List:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 :

Source:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/tcltk-8.3.3-75.src.rpm

i386:
expect-5.38.0-75.i386.rpm
itcl-3.2-75.i386.rpm
tcl-8.3.3-75.i386.rpm
tcllib-1.0-75.i386.rpm
tclx-8.3-75.i386.rpm
tix-8.2.0b1-75.i386.rpm
tk-8.3.3-75.i386.rpm

ia64:
expect-5.38.0-75.ia64.rpm
itcl-3.2-75.ia64.rpm
tcl-8.3.3-75.ia64.rpm
tcllib-1.0-75.ia64.rpm
tclx-8.3-75.ia64.rpm
tix-8.2.0b1-75.ia64.rpm
tk-8.3.3-75.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

Source:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/tcltk-8.3.3-75.src.rpm

ia64:
expect-5.38.0-75.ia64.rpm
itcl-3.2-75.ia64.rpm
tcl-8.3.3-75.ia64.rpm
tcllib-1.0-75.ia64.rpm
tclx-8.3-75.ia64.rpm
tix-8.2.0b1-75.ia64.rpm
tk-8.3.3-75.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

Source:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/tcltk-8.3.3-75.src.rpm

i386:
expect-5.38.0-75.i386.rpm
itcl-3.2-75.i386.rpm
tcl-8.3.3-75.i386.rpm
tcllib-1.0-75.i386.rpm
tclx-8.3-75.i386.rpm
tix-8.2.0b1-75.i386.rpm
tk-8.3.3-75.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

Source:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/tcltk-8.3.3-75.src.rpm

i386:
expect-5.38.0-75.i386.rpm
itcl-3.2-75.i386.rpm
tcl-8.3.3-75.i386.rpm
tcllib-1.0-75.i386.rpm
tclx-8.3-75.i386.rpm
tix-8.2.0b1-75.i386.rpm
tk-8.3.3-75.i386.rpm

Red Hat Enterprise Linux AS version 3:

Source:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/tcltk-8.3.5-92.8.src.rpm

i386:
expect-5.38.0-92.8.i386.rpm
expect-devel-5.38.0-92.8.i386.rpm
itcl-3.2-92.8.i386.rpm
tcl-8.3.5-92.8.i386.rpm
tcl-devel-8.3.5-92.8.i386.rpm
tcltk-debuginfo-8.3.5-92.8.i386.rpm
tclx-8.3-92.8.i386.rpm
tix-8.1.4-92.8.i386.rpm
tk-8.3.5-92.8.i386.rpm
tk-devel-8.3.5-92.8.i386.rpm

ia64:
expect-5.38.0-92.8.ia64.rpm
expect-devel-5.38.0-92.8.ia64.rpm
itcl-3.2-92.8.ia64.rpm
tcl-8.3.5-92.8.i386.rpm
tcl-8.3.5-92.8.ia64.rpm
tcl-devel-8.3.5-92.8.ia64.rpm
tcltk-debuginfo-8.3.5-92.8.i386.rpm
tcltk-debuginfo-8.3.5-92.8.ia64.rpm
tclx-8.3-92.8.i386.rpm
tclx-8.3-92.8.ia64.rpm
tix-8.1.4-92.8.ia64.rpm
tk-8.3.5-92.8.i386.rpm
tk-8.3.5-92.8.ia64.rpm
tk-devel-8.3.5-92.8.ia64.rpm

ppc:
expect-5.38.0-92.8.ppc.rpm
expect-devel-5.38.0-92.8.ppc.rpm
itcl-3.2-92.8.ppc.rpm
tcl-8.3.5-92.8.ppc.rpm
tcl-8.3.5-92.8.ppc64.rpm
tcl-devel-8.3.5-92.8.ppc.rpm
tcltk-debuginfo-8.3.5-92.8.ppc.rpm
tcltk-debuginfo-8.3.5-92.8.ppc64.rpm
tclx-8.3-92.8.ppc.rpm
tclx-8.3-92.8.ppc64.rpm
tix-8.1.4-92.8.ppc.rpm
tk-8.3.5-92.8.ppc.rpm
tk-8.3.5-92.8.ppc64.rpm
tk-devel-8.3.5-92.8.ppc.rpm

s390:
expect-5.38.0-92.8.s390.rpm
expect-devel-5.38.0-92.8.s390.rpm
itcl-3.2-92.8.s390.rpm
tcl-8.3.5-92.8.s390.rpm
tcl-devel-8.3.5-92.8.s390.rpm
tcltk-debuginfo-8.3.5-92.8.s390.rpm
tclx-8.3-92.8.s390.rpm
tix-8.1.4-92.8.s390.rpm
tk-8.3.5-92.8.s390.rpm
tk-devel-8.3.5-92.8.s390.rpm

s390x:
expect-5.38.0-92.8.s390x.rpm
expect-devel-5.38.0-92.8.s390x.rpm
itcl-3.2-92.8.s390x.rpm
tcl-8.3.5-92.8.s390.rpm
tcl-8.3.5-92.8.s390x.rpm
tcl-devel-8.3.5-92.8.s390x.rpm
tcltk-debuginfo-8.3.5-92.8.s390.rpm
tcltk-debuginfo-8.3.5-92.8.s390x.rpm
tclx-8.3-92.8.s390.rpm
tclx-8.3-92.8.s390x.rpm
tix-8.1.4-92.8.s390x.rpm
tk-8.3.5-92.8.s390.rpm
tk-8.3.5-92.8.s390x.rpm
tk-devel-8.3.5-92.8.s390x.rpm

x86_64:
expect-5.38.0-92.8.x86_64.rpm
expect-devel-5.38.0-92.8.x86_64.rpm
itcl-3.2-92.8.x86_64.rpm
tcl-8.3.5-92.8.i386.rpm
tcl-8.3.5-92.8.x86_64.rpm
tcl-devel-8.3.5-92.8.x86_64.rpm
tcltk-debuginfo-8.3.5-92.8.i386.rpm
tcltk-debuginfo-8.3.5-92.8.x86_64.rpm
tclx-8.3-92.8.i386.rpm
tclx-8.3-92.8.x86_64.rpm
tix-8.1.4-92.8.x86_64.rpm
tk-8.3.5-92.8.i386.rpm
tk-8.3.5-92.8.x86_64.rpm
tk-devel-8.3.5-92.8.x86_64.rpm

Red Hat Desktop version 3:

Source:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/tcltk-8.3.5-92.8.src.rpm

i386:
expect-5.38.0-92.8.i386.rpm
expect-devel-5.38.0-92.8.i386.rpm
itcl-3.2-92.8.i386.rpm
tcl-8.3.5-92.8.i386.rpm
tcl-devel-8.3.5-92.8.i386.rpm
tcltk-debuginfo-8.3.5-92.8.i386.rpm
tclx-8.3-92.8.i386.rpm
tix-8.1.4-92.8.i386.rpm
tk-8.3.5-92.8.i386.rpm
tk-devel-8.3.5-92.8.i386.rpm

x86_64:
expect-5.38.0-92.8.x86_64.rpm
expect-devel-5.38.0-92.8.x86_64.rpm
itcl-3.2-92.8.x86_64.rpm
tcl-8.3.5-92.8.i386.rpm
tcl-8.3.5-92.8.x86_64.rpm
tcl-devel-8.3.5-92.8.x86_64.rpm
tcltk-debuginfo-8.3.5-92.8.i386.rpm
tcltk-debuginfo-8.3.5-92.8.x86_64.rpm
tclx-8.3-92.8.i386.rpm
tclx-8.3-92.8.x86_64.rpm
tix-8.1.4-92.8.x86_64.rpm
tk-8.3.5-92.8.i386.rpm
tk-8.3.5-92.8.x86_64.rpm
tk-devel-8.3.5-92.8.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

Source:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/tcltk-8.3.5-92.8.src.rpm

i386:
expect-5.38.0-92.8.i386.rpm
expect-devel-5.38.0-92.8.i386.rpm
itcl-3.2-92.8.i386.rpm
tcl-8.3.5-92.8.i386.rpm
tcl-devel-8.3.5-92.8.i386.rpm
tcltk-debuginfo-8.3.5-92.8.i386.rpm
tclx-8.3-92.8.i386.rpm
tix-8.1.4-92.8.i386.rpm
tk-8.3.5-92.8.i386.rpm
tk-devel-8.3.5-92.8.i386.rpm

ia64:
expect-5.38.0-92.8.ia64.rpm
expect-devel-5.38.0-92.8.ia64.rpm
itcl-3.2-92.8.ia64.rpm
tcl-8.3.5-92.8.i386.rpm
tcl-8.3.5-92.8.ia64.rpm
tcl-devel-8.3.5-92.8.ia64.rpm
tcltk-debuginfo-8.3.5-92.8.i386.rpm
tcltk-debuginfo-8.3.5-92.8.ia64.rpm
tclx-8.3-92.8.i386.rpm
tclx-8.3-92.8.ia64.rpm
tix-8.1.4-92.8.ia64.rpm
tk-8.3.5-92.8.i386.rpm
tk-8.3.5-92.8.ia64.rpm
tk-devel-8.3.5-92.8.ia64.rpm

x86_64:
expect-5.38.0-92.8.x86_64.rpm
expect-devel-5.38.0-92.8.x86_64.rpm
itcl-3.2-92.8.x86_64.rpm
tcl-8.3.5-92.8.i386.rpm
tcl-8.3.5-92.8.x86_64.rpm
tcl-devel-8.3.5-92.8.x86_64.rpm
tcltk-debuginfo-8.3.5-92.8.i386.rpm
tcltk-debuginfo-8.3.5-92.8.x86_64.rpm
tclx-8.3-92.8.i386.rpm
tclx-8.3-92.8.x86_64.rpm
tix-8.1.4-92.8.x86_64.rpm
tk-8.3.5-92.8.i386.rpm
tk-8.3.5-92.8.x86_64.rpm
tk-devel-8.3.5-92.8.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

Source:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/tcltk-8.3.5-92.8.src.rpm

i386:
expect-5.38.0-92.8.i386.rpm
expect-devel-5.38.0-92.8.i386.rpm
itcl-3.2-92.8.i386.rpm
tcl-8.3.5-92.8.i386.rpm
tcl-devel-8.3.5-92.8.i386.rpm
tcltk-debuginfo-8.3.5-92.8.i386.rpm
tclx-8.3-92.8.i386.rpm
tix-8.1.4-92.8.i386.rpm
tk-8.3.5-92.8.i386.rpm
tk-devel-8.3.5-92.8.i386.rpm

ia64:
expect-5.38.0-92.8.ia64.rpm
expect-devel-5.38.0-92.8.ia64.rpm
itcl-3.2-92.8.ia64.rpm
tcl-8.3.5-92.8.i386.rpm
tcl-8.3.5-92.8.ia64.rpm
tcl-devel-8.3.5-92.8.ia64.rpm
tcltk-debuginfo-8.3.5-92.8.i386.rpm
tcltk-debuginfo-8.3.5-92.8.ia64.rpm
tclx-8.3-92.8.i386.rpm
tclx-8.3-92.8.ia64.rpm
tix-8.1.4-92.8.ia64.rpm
tk-8.3.5-92.8.i386.rpm
tk-8.3.5-92.8.ia64.rpm
tk-devel-8.3.5-92.8.ia64.rpm

x86_64:
expect-5.38.0-92.8.x86_64.rpm
expect-devel-5.38.0-92.8.x86_64.rpm
itcl-3.2-92.8.x86_64.rpm
tcl-8.3.5-92.8.i386.rpm
tcl-8.3.5-92.8.x86_64.rpm
tcl-devel-8.3.5-92.8.x86_64.rpm
tcltk-debuginfo-8.3.5-92.8.i386.rpm
tcltk-debuginfo-8.3.5-92.8.x86_64.rpm
tclx-8.3-92.8.i386.rpm
tclx-8.3-92.8.x86_64.rpm
tix-8.1.4-92.8.x86_64.rpm
tk-8.3.5-92.8.i386.rpm
tk-8.3.5-92.8.x86_64.rpm
tk-devel-8.3.5-92.8.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0553
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5378
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4772
http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is lt;secalert@redhat.comgt;. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2008 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFHveqJXlSAg2UNWIIRAuZNAJ9rwJhE+mNOpHRvlsN2IxtAcjLWuACgo6qj
ryPjT1L0s/ng8+12m/viQBE=
=iyZR
-----END PGP SIGNATURE-----


Bookmark and Share

« RHSA-2008:0135-01 Moderate: tk security update · RHSA-2008:0110-01 Moderate: openldap security update »

Linux Compatible » News » February 2008 » RHSA-2008:0134-01 Moderate: tcltk security update
All products mentioned are registered trademarks or trademarks of their respective owners.
© 2002-2018 Esselbach Internet Solutions - All Rights Reserved. Terms and privacy policy
Powered by Contentteller® Business Edition