Security Advisories (7)
The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (backend crash) via an out-of-bounds backref number.
- http://www.postgresql.org/about/news.905
- http://www.securityfocus.com/bid/27163
- http://securitytracker.com/id?1019157
- http://secunia.com/advisories/28359
- http://sourceforge.net/project/shownotes.php?release_id=565440&group_id=10894
- http://sourceforge.net/tracker/index.php?func=detail&aid=1810264&group_id=10894&atid=110894
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:004
- https://issues.rpath.com/browse/RPL-1768
- http://www.debian.org/security/2008/dsa-1460
- http://www.debian.org/security/2008/dsa-1463
- https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html
- https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html
- http://www.redhat.com/support/errata/RHSA-2008-0038.html
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1
- http://secunia.com/advisories/28376
- http://secunia.com/advisories/28438
- http://secunia.com/advisories/28437
- http://secunia.com/advisories/28454
- http://secunia.com/advisories/28464
- http://secunia.com/advisories/28477
- http://secunia.com/advisories/28479
- http://secunia.com/advisories/28455
- http://security.gentoo.org/glsa/glsa-200801-15.xml
- http://secunia.com/advisories/28679
- http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html
- http://secunia.com/advisories/28698
- http://www.redhat.com/support/errata/RHSA-2008-0040.html
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1
- http://secunia.com/advisories/29638
- http://www.vupen.com/english/advisories/2008/1071/references
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154
- http://www.vupen.com/english/advisories/2008/0109
- http://www.vupen.com/english/advisories/2008/0061
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39499
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9804
- https://usn.ubuntu.com/568-1/
- http://www.securityfocus.com/archive/1/486407/100/0/threaded
- http://www.securityfocus.com/archive/1/485864/100/0/threaded
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
- https://rt.cpan.org/Ticket/Display.html?id=143579
- https://www.openwall.com/lists/oss-security/2022/03/24/1
- https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531
- http://www.openwall.com/lists/oss-security/2022/03/25/2
- http://www.openwall.com/lists/oss-security/2022/03/26/1
- https://www.openwall.com/lists/oss-security/2022/03/28/1
- https://github.com/madler/zlib/compare/v1.2.11...v1.2.12
- https://www.openwall.com/lists/oss-security/2022/03/28/3
- https://github.com/madler/zlib/issues/605
- https://www.debian.org/security/2022/dsa-5111
- https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/
- https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html
- https://support.apple.com/kb/HT213255
- https://support.apple.com/kb/HT213256
- https://support.apple.com/kb/HT213257
- http://seclists.org/fulldisclosure/2022/May/33
- http://seclists.org/fulldisclosure/2022/May/35
- http://seclists.org/fulldisclosure/2022/May/38
- https://security.netapp.com/advisory/ntap-20220526-0009/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/
Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file, a different vulnerability than CVE-2011-3026.
- http://googlechromereleases.blogspot.com/2012/03/stable-channel-update_21.html
- http://code.google.com/p/chromium/issues/detail?id=116162
- http://src.chromium.org/viewvc/chrome?view=rev&revision=125311
- http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=a8c319a2b281af68f7ca0e2f9a28ca57b44ceb2b
- https://bugzilla.redhat.com/show_bug.cgi?id=799000
- http://secunia.com/advisories/48485
- http://secunia.com/advisories/48512
- http://secunia.com/advisories/48554
- http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076731.html
- http://secunia.com/advisories/48320
- http://lists.opensuse.org/opensuse-updates/2012-03/msg00051.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076461.html
- http://secunia.com/advisories/49660
- http://security.gentoo.org/glsa/glsa-201206-15.xml
- http://www.securitytracker.com/id?1026823
- http://rhn.redhat.com/errata/RHSA-2012-0488.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14763
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:033
- http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075987.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075981.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075619.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075424.html
- http://www.debian.org/security/2012/dsa-2439
- http://rhn.redhat.com/errata/RHSA-2012-0407.html
- http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00000.html
The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure.
- http://www.openwall.com/lists/oss-security/2016/12/30/4
- http://www.openwall.com/lists/oss-security/2016/12/29/2
- http://www.securityfocus.com/bid/95157
- https://security.gentoo.org/glsa/201701-74
- https://usn.ubuntu.com/3712-2/
- https://usn.ubuntu.com/3712-1/
- https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
- https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted regular expression.
- http://sourceforge.net/tracker/index.php?func=detail&aid=1810264&group_id=10894&atid=110894
- http://www.postgresql.org/about/news.905
- http://www.securityfocus.com/bid/27163
- http://securitytracker.com/id?1019157
- http://secunia.com/advisories/28359
- http://sourceforge.net/project/shownotes.php?release_id=565440&group_id=10894
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:004
- https://issues.rpath.com/browse/RPL-1768
- http://www.debian.org/security/2008/dsa-1460
- http://www.debian.org/security/2008/dsa-1463
- https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html
- https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html
- http://www.redhat.com/support/errata/RHSA-2008-0038.html
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1
- http://secunia.com/advisories/28376
- http://secunia.com/advisories/28438
- http://secunia.com/advisories/28437
- http://secunia.com/advisories/28454
- http://secunia.com/advisories/28464
- http://secunia.com/advisories/28477
- http://secunia.com/advisories/28479
- http://secunia.com/advisories/28455
- http://security.gentoo.org/glsa/glsa-200801-15.xml
- http://secunia.com/advisories/28679
- http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html
- http://secunia.com/advisories/28698
- http://www.redhat.com/support/errata/RHSA-2008-0040.html
- http://www.redhat.com/support/errata/RHSA-2008-0134.html
- http://secunia.com/advisories/29070
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:059
- http://secunia.com/advisories/29248
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1
- http://secunia.com/advisories/29638
- http://www.vmware.com/security/advisories/VMSA-2008-0009.html
- http://secunia.com/advisories/30535
- http://www.vupen.com/english/advisories/2008/1071/references
- http://www.vupen.com/english/advisories/2008/0109
- http://www.vupen.com/english/advisories/2008/1744
- http://www.vupen.com/english/advisories/2008/0061
- http://rhn.redhat.com/errata/RHSA-2013-0122.html
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00056.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00016.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00052.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00049.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00054.html
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39497
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11569
- https://usn.ubuntu.com/568-1/
- http://www.securityfocus.com/archive/1/493080/100/0/threaded
- http://www.securityfocus.com/archive/1/486407/100/0/threaded
- http://www.securityfocus.com/archive/1/485864/100/0/threaded
Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (memory consumption) via a crafted "complex" regular expression with doubly-nested states.
- http://sourceforge.net/tracker/index.php?func=detail&aid=1810264&group_id=10894&atid=110894
- http://www.postgresql.org/about/news.905
- http://www.securityfocus.com/bid/27163
- http://securitytracker.com/id?1019157
- http://secunia.com/advisories/28359
- http://sourceforge.net/project/shownotes.php?release_id=565440&group_id=10894
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:004
- https://issues.rpath.com/browse/RPL-1768
- http://www.debian.org/security/2008/dsa-1460
- http://www.debian.org/security/2008/dsa-1463
- https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html
- https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html
- http://www.redhat.com/support/errata/RHSA-2008-0038.html
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1
- http://secunia.com/advisories/28376
- http://secunia.com/advisories/28438
- http://secunia.com/advisories/28437
- http://secunia.com/advisories/28454
- http://secunia.com/advisories/28464
- http://secunia.com/advisories/28477
- http://secunia.com/advisories/28479
- http://secunia.com/advisories/28455
- http://security.gentoo.org/glsa/glsa-200801-15.xml
- http://secunia.com/advisories/28679
- http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html
- http://secunia.com/advisories/28698
- http://www.redhat.com/support/errata/RHSA-2008-0040.html
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1
- http://secunia.com/advisories/29638
- http://www.vupen.com/english/advisories/2008/1071/references
- http://www.vupen.com/english/advisories/2008/0109
- http://www.vupen.com/english/advisories/2008/0061
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154
- http://rhn.redhat.com/errata/RHSA-2013-0122.html
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39498
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10235
- https://usn.ubuntu.com/568-1/
- http://www.securityfocus.com/archive/1/486407/100/0/threaded
- http://www.securityfocus.com/archive/1/485864/100/0/threaded
libpng before 1.6.32 does not properly check the length of chunks against the user limit.
- https://github.com/glennrp/libpng/blob/df7e9dae0c4aac63d55361e35709c864fa1b8363/ANNOUNCE
- http://www.securityfocus.com/bid/109269
- https://support.f5.com/csp/article/K88124225
- https://support.f5.com/csp/article/K88124225?utm_source=f5support&utm_medium=RSS
- https://security.netapp.com/advisory/ntap-20220506-0003/
NAME
Tk::Dialog - Create modal dialog and wait for a response.
SYNOPSIS
$dialog = $parent->Dialog(-option => value, ... );
DESCRIPTION
This procedure is part of the Tk script library - its arguments describe a dialog box. After creating a dialog box, Dialog waits for the user to select one of the Buttons either by clicking on the Button with the mouse or by typing return to invoke the default Button (if any). Then it returns the text string of the selected Button.
While waiting for the user to respond, Dialog sets a local grab. This prevents the user from interacting with the application in any way except to invoke the dialog box. See the Show() method.
OPTIONS
The following option/value pairs are supported:
- -title
-
Text to appear in the window manager's title bar for the dialog.
- -text
-
Message to appear in the top portion of the Dialog.
- -bitmap
-
If non-empty, specifies a bitmap to display in the top portion of the Dialog, to the left of the text. If this is an empty string then no bitmap is displayed in the Dialog.
- -default_button
-
Text label string of the Button that displays the default ring.
- -buttons
-
A reference to a list of Button label strings. Each string specifies text to display in a Button, in order from left to right.
METHODS
- $answer = $dialog->Show(?-global?);
-
This method displays the Dialog, waits for the user's response, and stores the text string of the selected Button in $answer. If -global is specified a global (rather than local) grab is performed.
The actual Dialog is shown using the Popup method. Any other options supplied to Show are passed to Popup, and can be used to position the Dialog on the screen. Please read Tk::Popup for details.
ADVERTISED WIDGETS
Because Tk::Dialog is a subclass of Tk::DialogBox it inherits all the advertised subwidgets of its superclass: e.g. "B_button-text", where 'button-text' is a Button's -text value. Additionally, Tk::Dialog advertises:
- message
-
The dialog's Label widget containing the message text.
- bitmap
-
The dialog's Label widget containing the bitmap image.
EXAMPLE
$dialog = $mw->Dialog(-text => 'Save File?', -bitmap => 'question', -title => 'Save File Dialog', -default_button => 'Yes', -buttons => [qw/Yes No Cancel/);
KEYWORDS
bitmap, dialog, modal, messageBox
Module Install Instructions
To install Tk, copy and paste the appropriate command in to your terminal.
cpanm Tkperl -MCPAN -e shell
install TkFor more information on module installation, please visit the detailed CPAN module installation guide.