CentOS Errata and Security Advisory CESA-2013:0122
Tcl (Tool Command Language) provides a powerful platform for creating integration applications that tie together diverse applications, protocols, devices, and frameworks. When paired with the Tk toolkit, Tcl provides a fast and powerful way to create cross-platform GUI applications.
Two denial of service flaws were found in the Tcl regular expression handling engine. If Tcl or an application using Tcl processed a specially-crafted regular expression, it would lead to excessive CPU and memory consumption. (CVE-2007-4772, CVE-2007-6067)
This update also fixes the following bug:
All users of Tcl are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2013-January/019168.html http://lists.centos.org/pipermail/centos-cr-announce/2013-January/000450.html
Affected packages: tcl tcl-devel tcl-html
Upstream details at: https://rhn.redhat.com/errata/RHSA-2013-0122.html