suse-fu-2022:0868-1
Vulnerability from csaf_suse
Published
2022-03-16 06:16
Modified
2022-03-16 06:16
Summary
Feature update for tcl and tk
Notes
Title of the patch
Feature update for tcl and tk
Description of the patch
This feature update for tcl and tk fixes the following issues:
Update tcl and tk to version 8.6.12 (jsc#SLE-21016, jsc#SLE-23284):
- Move tcl.macros to /usr/lib/rpm/macros.d (bsc#1185662)
- Use FAT LTO objects in order to provide proper static library (bsc#1138797)
- Fix a bug in itcl that was affecting iwidgets (bsc#903017)
- Add [combobox current] support 'end' index
- Add fixes in [text] bindings
- Add missing 'deferred clear code' support to GIF photo images
- Add new virtual event <<TkWorldChanged>>
- Add new keycodes: CodeInput, SingleCandidate, MultipleCandidate, PreviousCandidate
- Add new support for POSIX error: EILSEQ
- Add new command [tcl::unsupported::corotype]
- Add new command [tcl::unsupported::timerate] for performance testing
- Add new option -state to [ttk::scale]
- Add portable keycodes: OE, oe, Ydiaeresis
- Add support for backrefs in [array names -regexp]
- Add support for Unicode 14
- Disfavor Master/Slave terminology
- Enhance [oo::object] to acquire or lose a class identity dynamically
- Fix canvas rotated text overlap detection
- Fix canvas closed polylines yo fully honor -joinstyle
- Fix display of Long non-wrapped lines in text
- Fix display treeview focus ring when -selectmode none
- Fix focus events not to break entry validation
- Fix [package prefer stable] failing case
- Fix auto_path initialization by Safe Base interps
- Fix bad interaction between grab and mouse pointer warp
- Fix borderwidth calculations on menu items
- Fix cascade tearoff menu redraw artifacts
- Fix coords rounding when drawing canvas items
- Fix corrupt result from [$c postscript] with -file or -channel
- Fix errno management in socket full close
- Fix failure when a [proc] argument name is computed, not literal
- Fix focus on unmapped windows
- Fix handling of duplicates in spinbox -values list
- Fix incomplete read of multi-image GIF
- Fix initialization order of static package in wish
- Fix issue when trying to display angled text without Xft
- Fix issue with font initialization when no font is installed
- Fix problems with Noto Color Emoji font
- Fix race conditions in [file delete] and [file mkdir]
- Fix Std channel initialization for multi-thread operations
- Fix tearoff menu redraw artifacts
- Fix up arrow key in [text] to correctly move cursor to index 1.0
- Fix various cursor issues
- Fix various encoding issues
- Fix various fontchooser issues
- Fix various issues causing crashes and hang in
- Fix various memory issues
- Fix various scrolling bugs and add improvements
- Fix 32/64-bit confusion of FS DIR operations reported for AIX
- Improve appearance of text selection in [*entry] widgets
- Improve checkbutton handling of -selectcolor
- Improve handling of resolution changes
- Improve multi-thread safety when Xft is in use
- Improve ttk high-contrast-mode support
- Improve emoji support
- Improve legacy support for [tk_setPalette]
- Make combobox -postoffset option work with default style
- Make spinbox use proper names in query of option database
- Menu flaws when empty menubar clicked
- New index argument in [$menubutton post x y index]
- Preserve canvas tag list order during add/delete
- Prevent cross-manager loops of geom management
- Rewrite of zlib inflation for multi-stream and completeness
- Run fileevents in proper thread after [thread::attach $channel]
- Stop [unload] corruption of list of loaded packages
- Stop app switching exposing withdrawn windows as zombies
- Tk now denied access to PRIMARY selection from safe interps
- TkpDrawAngledCharsInContext leaked a CGColor
- Try to restore Tcl's [update] command when Tk is unloaded
- Changed [info * methods] to include mixins
- [package require] is now NR-enabled
The following fixes might show some potential incompatibilities with existing software:
- Revised [binary (en|de)code base64] for RFC compliance and roundtrip
- Tcl_DStringAppendElement # quoting precision, dstring-2.13, dstring-3.10
- Extended [clock scan] ISO format and time zone support
- Allow for select/copy from disabled text widget on all platforms
- Revised case of [info loaded] module names
- [info hostname] reports DNS name, not NetBIOS name
- Force -eofchar \032 when evaluating library scripts
- Revised error messages: 'too few' => 'not enough'
- Performed rewrite of Tk event loop to prevent ring overflow
- Refactored all MouseWheel bindings
- Revised precision of ::scale widget tick mark values
- Prevent transient window cycles (crashed on Aqua)
- Builds no longer use -lieee
- Quoting of command line arguments by [exec] on Windows revised. Prior
quoting rules left holes where some values would not pass through, but
could trigger substitutions or program execution. See
https://core.tcl-lang.org/tcl/info/21b0629c81
- [lreplace] accepts all out-of-range index values
Patchnames
SUSE-2022-868,SUSE-SLE-Module-Basesystem-15-SP3-2022-868,SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-868
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Feature update for tcl and tk",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This feature update for tcl and tk fixes the following issues:\n\nUpdate tcl and tk to version 8.6.12 (jsc#SLE-21016, jsc#SLE-23284):\n\n- Move tcl.macros to /usr/lib/rpm/macros.d (bsc#1185662) \n- Use FAT LTO objects in order to provide proper static library (bsc#1138797)\n- Fix a bug in itcl that was affecting iwidgets (bsc#903017)\n- Add [combobox current] support \u0027end\u0027 index\n- Add fixes in [text] bindings\n- Add missing \u0027deferred clear code\u0027 support to GIF photo images\n- Add new virtual event \u003c\u003cTkWorldChanged\u003e\u003e \n- Add new keycodes: CodeInput, SingleCandidate, MultipleCandidate, PreviousCandidate\n- Add new support for POSIX error: EILSEQ\n- Add new command [tcl::unsupported::corotype]\n- Add new command [tcl::unsupported::timerate] for performance testing\n- Add new option -state to [ttk::scale]\n- Add portable keycodes: OE, oe, Ydiaeresis\n- Add support for backrefs in [array names -regexp]\n- Add support for Unicode 14\n- Disfavor Master/Slave terminology\n- Enhance [oo::object] to acquire or lose a class identity dynamically\n- Fix canvas rotated text overlap detection\n- Fix canvas closed polylines yo fully honor -joinstyle\n- Fix display of Long non-wrapped lines in text\n- Fix display treeview focus ring when -selectmode none\n- Fix focus events not to break entry validation\n- Fix [package prefer stable] failing case\n- Fix auto_path initialization by Safe Base interps\n- Fix bad interaction between grab and mouse pointer warp\n- Fix borderwidth calculations on menu items\n- Fix cascade tearoff menu redraw artifacts\n- Fix coords rounding when drawing canvas items\n- Fix corrupt result from [$c postscript] with -file or -channel\n- Fix errno management in socket full close\n- Fix failure when a [proc] argument name is computed, not literal\n- Fix focus on unmapped windows\n- Fix handling of duplicates in spinbox -values list\n- Fix incomplete read of multi-image GIF\n- Fix initialization order of static package in wish \n- Fix issue when trying to display angled text without Xft\n- Fix issue with font initialization when no font is installed\n- Fix problems with Noto Color Emoji font\n- Fix race conditions in [file delete] and [file mkdir]\n- Fix Std channel initialization for multi-thread operations\n- Fix tearoff menu redraw artifacts\n- Fix up arrow key in [text] to correctly move cursor to index 1.0\n- Fix various cursor issues\n- Fix various encoding issues\n- Fix various fontchooser issues\n- Fix various issues causing crashes and hang in\n- Fix various memory issues\n- Fix various scrolling bugs and add improvements\n- Fix 32/64-bit confusion of FS DIR operations reported for AIX\n- Improve appearance of text selection in [*entry] widgets\n- Improve checkbutton handling of -selectcolor\n- Improve handling of resolution changes\n- Improve multi-thread safety when Xft is in use \n- Improve ttk high-contrast-mode support\n- Improve emoji support\n- Improve legacy support for [tk_setPalette]\n- Make combobox -postoffset option work with default style\n- Make spinbox use proper names in query of option database\n- Menu flaws when empty menubar clicked\n- New index argument in [$menubutton post x y index]\n- Preserve canvas tag list order during add/delete\n- Prevent cross-manager loops of geom management\n- Rewrite of zlib inflation for multi-stream and completeness\n- Run fileevents in proper thread after [thread::attach $channel]\n- Stop [unload] corruption of list of loaded packages\n- Stop app switching exposing withdrawn windows as zombies\n- Tk now denied access to PRIMARY selection from safe interps\n- TkpDrawAngledCharsInContext leaked a CGColor\n- Try to restore Tcl\u0027s [update] command when Tk is unloaded\n- Changed [info * methods] to include mixins\n- [package require] is now NR-enabled\n\nThe following fixes might show some potential incompatibilities with existing software:\n\n- Revised [binary (en|de)code base64] for RFC compliance and roundtrip\n- Tcl_DStringAppendElement # quoting precision, dstring-2.13, dstring-3.10\n- Extended [clock scan] ISO format and time zone support\n- Allow for select/copy from disabled text widget on all platforms\n- Revised case of [info loaded] module names\n- [info hostname] reports DNS name, not NetBIOS name\n- Force -eofchar \\032 when evaluating library scripts\n- Revised error messages: \u0027too few\u0027 =\u003e \u0027not enough\u0027\n- Performed rewrite of Tk event loop to prevent ring overflow\n- Refactored all MouseWheel bindings\n- Revised precision of ::scale widget tick mark values\n- Prevent transient window cycles (crashed on Aqua)\n- Builds no longer use -lieee\n- Quoting of command line arguments by [exec] on Windows revised. Prior\n quoting rules left holes where some values would not pass through, but\n could trigger substitutions or program execution. See\n https://core.tcl-lang.org/tcl/info/21b0629c81 \n- [lreplace] accepts all out-of-range index values\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-868,SUSE-SLE-Module-Basesystem-15-SP3-2022-868,SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-868",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-fu-2022_0868-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-FU-2022:0868-1",
"url": "https://www.suse.com/support/update/announcement//suse-fu-20220868-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-FU-2022:0868-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2022-March/022127.html"
},
{
"category": "self",
"summary": "SUSE Bug 1138797",
"url": "https://bugzilla.suse.com/1138797"
},
{
"category": "self",
"summary": "SUSE Bug 1185662",
"url": "https://bugzilla.suse.com/1185662"
},
{
"category": "self",
"summary": "SUSE Bug 1195257",
"url": "https://bugzilla.suse.com/1195257"
},
{
"category": "self",
"summary": "SUSE Bug 903017",
"url": "https://bugzilla.suse.com/903017"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-35331 page",
"url": "https://www.suse.com/security/cve/CVE-2021-35331/"
}
],
"title": "Feature update for tcl and tk",
"tracking": {
"current_release_date": "2022-03-16T06:16:05Z",
"generator": {
"date": "2022-03-16T06:16:05Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-FU-2022:0868-1",
"initial_release_date": "2022-03-16T06:16:05Z",
"revision_history": [
{
"date": "2022-03-16T06:16:05Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "tcl-8.6.12-150300.14.3.1.aarch64",
"product": {
"name": "tcl-8.6.12-150300.14.3.1.aarch64",
"product_id": "tcl-8.6.12-150300.14.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "tcl-devel-8.6.12-150300.14.3.1.aarch64",
"product": {
"name": "tcl-devel-8.6.12-150300.14.3.1.aarch64",
"product_id": "tcl-devel-8.6.12-150300.14.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "tk-8.6.12-150300.10.3.1.aarch64",
"product": {
"name": "tk-8.6.12-150300.10.3.1.aarch64",
"product_id": "tk-8.6.12-150300.10.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "tk-devel-8.6.12-150300.10.3.1.aarch64",
"product": {
"name": "tk-devel-8.6.12-150300.10.3.1.aarch64",
"product_id": "tk-devel-8.6.12-150300.10.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "tcl-64bit-8.6.12-150300.14.3.1.aarch64_ilp32",
"product": {
"name": "tcl-64bit-8.6.12-150300.14.3.1.aarch64_ilp32",
"product_id": "tcl-64bit-8.6.12-150300.14.3.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "tk-64bit-8.6.12-150300.10.3.1.aarch64_ilp32",
"product": {
"name": "tk-64bit-8.6.12-150300.10.3.1.aarch64_ilp32",
"product_id": "tk-64bit-8.6.12-150300.10.3.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "tcl-8.6.12-150300.14.3.1.i586",
"product": {
"name": "tcl-8.6.12-150300.14.3.1.i586",
"product_id": "tcl-8.6.12-150300.14.3.1.i586"
}
},
{
"category": "product_version",
"name": "tcl-devel-8.6.12-150300.14.3.1.i586",
"product": {
"name": "tcl-devel-8.6.12-150300.14.3.1.i586",
"product_id": "tcl-devel-8.6.12-150300.14.3.1.i586"
}
},
{
"category": "product_version",
"name": "tk-8.6.12-150300.10.3.1.i586",
"product": {
"name": "tk-8.6.12-150300.10.3.1.i586",
"product_id": "tk-8.6.12-150300.10.3.1.i586"
}
},
{
"category": "product_version",
"name": "tk-devel-8.6.12-150300.10.3.1.i586",
"product": {
"name": "tk-devel-8.6.12-150300.10.3.1.i586",
"product_id": "tk-devel-8.6.12-150300.10.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "tcl-8.6.12-150300.14.3.1.ppc64le",
"product": {
"name": "tcl-8.6.12-150300.14.3.1.ppc64le",
"product_id": "tcl-8.6.12-150300.14.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tcl-devel-8.6.12-150300.14.3.1.ppc64le",
"product": {
"name": "tcl-devel-8.6.12-150300.14.3.1.ppc64le",
"product_id": "tcl-devel-8.6.12-150300.14.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tk-8.6.12-150300.10.3.1.ppc64le",
"product": {
"name": "tk-8.6.12-150300.10.3.1.ppc64le",
"product_id": "tk-8.6.12-150300.10.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tk-devel-8.6.12-150300.10.3.1.ppc64le",
"product": {
"name": "tk-devel-8.6.12-150300.10.3.1.ppc64le",
"product_id": "tk-devel-8.6.12-150300.10.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "tcl-8.6.12-150300.14.3.1.s390x",
"product": {
"name": "tcl-8.6.12-150300.14.3.1.s390x",
"product_id": "tcl-8.6.12-150300.14.3.1.s390x"
}
},
{
"category": "product_version",
"name": "tcl-devel-8.6.12-150300.14.3.1.s390x",
"product": {
"name": "tcl-devel-8.6.12-150300.14.3.1.s390x",
"product_id": "tcl-devel-8.6.12-150300.14.3.1.s390x"
}
},
{
"category": "product_version",
"name": "tk-8.6.12-150300.10.3.1.s390x",
"product": {
"name": "tk-8.6.12-150300.10.3.1.s390x",
"product_id": "tk-8.6.12-150300.10.3.1.s390x"
}
},
{
"category": "product_version",
"name": "tk-devel-8.6.12-150300.10.3.1.s390x",
"product": {
"name": "tk-devel-8.6.12-150300.10.3.1.s390x",
"product_id": "tk-devel-8.6.12-150300.10.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "tcl-8.6.12-150300.14.3.1.x86_64",
"product": {
"name": "tcl-8.6.12-150300.14.3.1.x86_64",
"product_id": "tcl-8.6.12-150300.14.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "tcl-32bit-8.6.12-150300.14.3.1.x86_64",
"product": {
"name": "tcl-32bit-8.6.12-150300.14.3.1.x86_64",
"product_id": "tcl-32bit-8.6.12-150300.14.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "tcl-devel-8.6.12-150300.14.3.1.x86_64",
"product": {
"name": "tcl-devel-8.6.12-150300.14.3.1.x86_64",
"product_id": "tcl-devel-8.6.12-150300.14.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "tk-8.6.12-150300.10.3.1.x86_64",
"product": {
"name": "tk-8.6.12-150300.10.3.1.x86_64",
"product_id": "tk-8.6.12-150300.10.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "tk-32bit-8.6.12-150300.10.3.1.x86_64",
"product": {
"name": "tk-32bit-8.6.12-150300.10.3.1.x86_64",
"product_id": "tk-32bit-8.6.12-150300.10.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "tk-devel-8.6.12-150300.10.3.1.x86_64",
"product": {
"name": "tk-devel-8.6.12-150300.10.3.1.x86_64",
"product_id": "tk-devel-8.6.12-150300.10.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Desktop Applications 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Module for Desktop Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-desktop-applications:15:sp3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tcl-8.6.12-150300.14.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:tcl-8.6.12-150300.14.3.1.aarch64"
},
"product_reference": "tcl-8.6.12-150300.14.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tcl-8.6.12-150300.14.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:tcl-8.6.12-150300.14.3.1.ppc64le"
},
"product_reference": "tcl-8.6.12-150300.14.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tcl-8.6.12-150300.14.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:tcl-8.6.12-150300.14.3.1.s390x"
},
"product_reference": "tcl-8.6.12-150300.14.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tcl-8.6.12-150300.14.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:tcl-8.6.12-150300.14.3.1.x86_64"
},
"product_reference": "tcl-8.6.12-150300.14.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tcl-32bit-8.6.12-150300.14.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:tcl-32bit-8.6.12-150300.14.3.1.x86_64"
},
"product_reference": "tcl-32bit-8.6.12-150300.14.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tcl-devel-8.6.12-150300.14.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:tcl-devel-8.6.12-150300.14.3.1.aarch64"
},
"product_reference": "tcl-devel-8.6.12-150300.14.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tcl-devel-8.6.12-150300.14.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:tcl-devel-8.6.12-150300.14.3.1.ppc64le"
},
"product_reference": "tcl-devel-8.6.12-150300.14.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tcl-devel-8.6.12-150300.14.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:tcl-devel-8.6.12-150300.14.3.1.s390x"
},
"product_reference": "tcl-devel-8.6.12-150300.14.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tcl-devel-8.6.12-150300.14.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:tcl-devel-8.6.12-150300.14.3.1.x86_64"
},
"product_reference": "tcl-devel-8.6.12-150300.14.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tk-8.6.12-150300.10.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:tk-8.6.12-150300.10.3.1.aarch64"
},
"product_reference": "tk-8.6.12-150300.10.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tk-8.6.12-150300.10.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:tk-8.6.12-150300.10.3.1.ppc64le"
},
"product_reference": "tk-8.6.12-150300.10.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tk-8.6.12-150300.10.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:tk-8.6.12-150300.10.3.1.s390x"
},
"product_reference": "tk-8.6.12-150300.10.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tk-8.6.12-150300.10.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:tk-8.6.12-150300.10.3.1.x86_64"
},
"product_reference": "tk-8.6.12-150300.10.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tk-32bit-8.6.12-150300.10.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:tk-32bit-8.6.12-150300.10.3.1.x86_64"
},
"product_reference": "tk-32bit-8.6.12-150300.10.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tk-devel-8.6.12-150300.10.3.1.aarch64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP3:tk-devel-8.6.12-150300.10.3.1.aarch64"
},
"product_reference": "tk-devel-8.6.12-150300.10.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tk-devel-8.6.12-150300.10.3.1.ppc64le as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP3:tk-devel-8.6.12-150300.10.3.1.ppc64le"
},
"product_reference": "tk-devel-8.6.12-150300.10.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tk-devel-8.6.12-150300.10.3.1.s390x as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP3:tk-devel-8.6.12-150300.10.3.1.s390x"
},
"product_reference": "tk-devel-8.6.12-150300.10.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tk-devel-8.6.12-150300.10.3.1.x86_64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP3:tk-devel-8.6.12-150300.10.3.1.x86_64"
},
"product_reference": "tk-devel-8.6.12-150300.10.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-35331",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-35331"
}
],
"notes": [
{
"category": "general",
"text": "** DISPUTED ** In Tcl 8.6.11, a format string vulnerability in nmakehlp.c might allow code execution via a crafted file. NOTE: multiple third parties dispute the significance of this finding.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP3:tcl-32bit-8.6.12-150300.14.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:tcl-8.6.12-150300.14.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:tcl-8.6.12-150300.14.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:tcl-8.6.12-150300.14.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:tcl-8.6.12-150300.14.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:tcl-devel-8.6.12-150300.14.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:tcl-devel-8.6.12-150300.14.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:tcl-devel-8.6.12-150300.14.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:tcl-devel-8.6.12-150300.14.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:tk-32bit-8.6.12-150300.10.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:tk-8.6.12-150300.10.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:tk-8.6.12-150300.10.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:tk-8.6.12-150300.10.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:tk-8.6.12-150300.10.3.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP3:tk-devel-8.6.12-150300.10.3.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP3:tk-devel-8.6.12-150300.10.3.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP3:tk-devel-8.6.12-150300.10.3.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP3:tk-devel-8.6.12-150300.10.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-35331",
"url": "https://www.suse.com/security/cve/CVE-2021-35331"
},
{
"category": "external",
"summary": "SUSE Bug 1195257 for CVE-2021-35331",
"url": "https://bugzilla.suse.com/1195257"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP3:tcl-32bit-8.6.12-150300.14.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:tcl-8.6.12-150300.14.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:tcl-8.6.12-150300.14.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:tcl-8.6.12-150300.14.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:tcl-8.6.12-150300.14.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:tcl-devel-8.6.12-150300.14.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:tcl-devel-8.6.12-150300.14.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:tcl-devel-8.6.12-150300.14.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:tcl-devel-8.6.12-150300.14.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:tk-32bit-8.6.12-150300.10.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:tk-8.6.12-150300.10.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:tk-8.6.12-150300.10.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:tk-8.6.12-150300.10.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:tk-8.6.12-150300.10.3.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP3:tk-devel-8.6.12-150300.10.3.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP3:tk-devel-8.6.12-150300.10.3.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP3:tk-devel-8.6.12-150300.10.3.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP3:tk-devel-8.6.12-150300.10.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP3:tcl-32bit-8.6.12-150300.14.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:tcl-8.6.12-150300.14.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:tcl-8.6.12-150300.14.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:tcl-8.6.12-150300.14.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:tcl-8.6.12-150300.14.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:tcl-devel-8.6.12-150300.14.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:tcl-devel-8.6.12-150300.14.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:tcl-devel-8.6.12-150300.14.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:tcl-devel-8.6.12-150300.14.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:tk-32bit-8.6.12-150300.10.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:tk-8.6.12-150300.10.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:tk-8.6.12-150300.10.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:tk-8.6.12-150300.10.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:tk-8.6.12-150300.10.3.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP3:tk-devel-8.6.12-150300.10.3.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP3:tk-devel-8.6.12-150300.10.3.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP3:tk-devel-8.6.12-150300.10.3.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP3:tk-devel-8.6.12-150300.10.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-03-16T06:16:05Z",
"details": "important"
}
],
"title": "CVE-2021-35331"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…