-------------------------------------------------------------------------- Turbolinux Security Advisory TLSA-2002-55 http://www/turbolinux.co.jp/security/ security-team@turbolinux.co.jp -------------------------------------------------------------------------- Tcl/tk Vulnerability of tcl/tk Release date : 2002-08-21 Solution: package : expect-5.32-11 itcl-3.2-11 tcl-8.3.3-11 tclx-8.3-11 tix-8.1.1-11 tk-8.3.3-11 Problem Appropriate library searching in the Tcl/Tk processing. There is a possibility the optional cord/code being executed by unauthorized local user. Solution: Please verify version and execute the command below. # rpm -qa | grep package name When problem corresponds, please download the update package. Do the update by the using the command below. Furthermore, please execute the package number which corresponds to your version number. Without starting a new paragraph, please enter the "\ " Bunchu sign. Execution example --------------------------------------------------------------------- # rpm -Fvh Package-1.0.0-1.i586.rpm \ Package-doc-1.0.0-1.i586.rpm \ Package-devel-1.0.0-1.i586.rpm The case where rpm command is executed, please enter as follows on the command line. # rpm -Fvh package-1.0.0-1.i586.rpm package-doc-1.0.0-1.i586.rpm package-devel-1.0.0-1.i586.rpm --------------------------------------------------------------------- < Turbolinux 8 Workstation > < Turbolinux 7 Server > < Turbolinux 7 Workstation > # rpm -Fvh expect-5.32-11.i586.rpm \ itcl-3.2-11.i586.rpm \ tcl-8.3.3-11.i586.rpm \ tclx-8.3-11.i586.rpm \ tix-8.1.1-11.i586.rpm \ tk-8.3.3-11.i586.rpm < Turbolinux Server 6.5 > < Turbolinux Workstation 6.0 > # rpm -Fvh expect-5.32-11.i386.rpm \ itcl-3.2-11.i386.rpm \ tcl-8.3.3-11.i386.rpm \ tclx-8.3-11.i386.rpm \ tix-8.1.1-11.i386.rpm \ tk-8.3.3-11.i386.rpm < Turbolinux Advanced Server 6 > < Turbolinux Server 6.1 > # rpm -Fvh expect-5.32-11.i386.rpm \ tcl-8.3.3-11.i386.rpm \ tclx-8.3-11.i386.rpm \ tix-8.1.1-11.i386.rpm \ tk-8.3.3-11.i386.rpm Package updates: http://www.turbolinux.co.jp/update/