Detections
Analytics
Scientific Linux Security Update : tcl on SL5.x i386/x86_64 (20130108)
medium Nessus Plugin ID 63605
Language:
Synopsis
The remote Scientific Linux host is missing one or more security updates.Description
Two denial of service flaws were found in the Tcl regular expression handling engine. If Tcl or an application using Tcl processed a specially crafted regular expression, it would lead to excessive CPU and memory consumption. (CVE-2007-4772, CVE-2007-6067)This update also fixes the following bug :
- Due to a suboptimal implementation of threading in the current version of the Tcl language interpreter, an attempt to use threads in combination with fork in a Tcl script could cause the script to stop responding. At the moment, it is not possible to rewrite the source code or drop support for threading entirely. Consequent to this, this update provides a version of Tcl without threading support in addition to the standard version with this support. Users who need to use fork in their Tcl scripts and do not require threading can now switch to the version without threading support by using the alternatives command.
Solution
Update the affected packages.See Also
Plugin Details
Severity: Medium
ID: 63605
File Name: sl_20130108_tcl_on_SL5_x.nasl
Version: 1.7
Type: local
Agent: unix
Published: 1/17/2013
Updated: 1/14/2021
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.4
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C
Vulnerability Information
CPE: p-cpe:/a:fermilab:scientific_linux:tcl, p-cpe:/a:fermilab:scientific_linux:tcl-debuginfo, p-cpe:/a:fermilab:scientific_linux:tcl-devel, p-cpe:/a:fermilab:scientific_linux:tcl-html, x-cpe:/o:fermilab:scientific_linux
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/RedHat/release, Host/RedHat/rpm-list
Patch Publication Date: 1/8/2013
Vulnerability Publication Date: 1/9/2008
Reference Information
CVE: CVE-2007-4772, CVE-2007-6067