Synopsis:          Moderate: tcl security and bug fix update
Issue Date:        2013-01-08
CVE Numbers:       CVE-2007-4772
                    CVE-2007-6067
--

Two denial of service flaws were found in the Tcl regular expression 
handling
engine. If Tcl or an application using Tcl processed a specially-crafted
regular expression, it would lead to excessive CPU and memory consumption.
(CVE-2007-4772, CVE-2007-6067)

This update also fixes the following bug:

* Due to a suboptimal implementation of threading in the current version 
of the
Tcl language interpreter, an attempt to use threads in combination with 
fork in
a Tcl script could cause the script to stop responding. At the moment, it is
not possible to rewrite the source code or drop support for threading 
entirely.
Consequent to this, this update provides a version of Tcl without threading
support in addition to the standard version with this support. Users who 
need
to use fork in their Tcl scripts and do not require threading can now 
switch to
the version without threading support by using the alternatives command.
--

SL5
   x86_64
     tcl-8.4.13-6.el5.i386.rpm
     tcl-8.4.13-6.el5.x86_64.rpm
     tcl-debuginfo-8.4.13-6.el5.i386.rpm
     tcl-debuginfo-8.4.13-6.el5.x86_64.rpm
     tcl-html-8.4.13-6.el5.x86_64.rpm
     tcl-devel-8.4.13-6.el5.i386.rpm
     tcl-devel-8.4.13-6.el5.x86_64.rpm
   i386
     tcl-8.4.13-6.el5.i386.rpm
     tcl-debuginfo-8.4.13-6.el5.i386.rpm
     tcl-html-8.4.13-6.el5.i386.rpm
     tcl-devel-8.4.13-6.el5.i386.rpm

- Scientific Linux Development Team