RHBA-2011:1686 - Bug Fix Advisory

Topic

An updated tcsh package that fixes various bugs is now available for Red Hat
Enterprise Linux 6.

Description

Tcsh is an enhanced and compatible version of the C shell (csh). It is a command
language interpreter, which can be used as an interactive login shell, as well
as a shell script command processor.

This updated tcsh package includes fixes for the following bugs:

• Under certain circumstances when using the cwd symbolic link, a null pointer

may have been incorrectly dereferenced, causing the tcsh shell to terminate
unexpectedly. With this update, the pointer is now checked properly and tcsh no
longer crashes. (BZ#700309)

• This package fixes the return value of the "status" (or "$?") variable in the

case of pipelines and backquoted commands. The "anyerror" variable, which
selects the behavior, has been added to retain backward compatibility.
(BZ#658190)

• If the tcsh shell redirected standard output to a child process using a pipe

and this child process terminated, the shell tried to print a message to the
already-closed pipe as a high-priority event that could never been finished. As
a consequence, tcsh entered an infinite loop and consumed up to 100% of the CPU.
To fix this issue, this error event is now removed from the event queue before
the shell tries to write it to the broken pipe. As result, the parent process
terminates ordinarily. (BZ#690356)

• Prior to this update, the blkend() function was called redundantly in the tsch

code. These calls had no effect on tcsh functionality and thus they have been
removed. Tcsh functionality remains unchanged and the code is now more
effective. (BZ#684063)

• The tcsh shell allowed variables to named in incorrect formats, such as by

allowing a variable name to begin with a digit. This issue has been fixed:
variable names are now verified according to Unix variable-naming conventions.
(BZ#672592)

All users of tcsh are advised to upgrade to this updated package, which resolves
these issues.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Affected Products

• Red Hat Enterprise Linux Server 6 x86_64
• Red Hat Enterprise Linux Server 6 i386
• Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 x86_64
• Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 i386
• Red Hat Enterprise Linux Workstation 6 x86_64
• Red Hat Enterprise Linux Workstation 6 i386
• Red Hat Enterprise Linux Desktop 6 x86_64
• Red Hat Enterprise Linux Desktop 6 i386
• Red Hat Enterprise Linux for IBM z Systems 6 s390x
• Red Hat Enterprise Linux for Power, big endian 6 ppc64
• Red Hat Enterprise Linux for Scientific Computing 6 x86_64
• Red Hat Enterprise Linux Server from RHUI 6 x86_64
• Red Hat Enterprise Linux Server from RHUI 6 i386
• Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6 s390x

Fixes

• BZ - 658190 - Incorrect value of $status ($?) in case of pipelines
• BZ - 672592 - It should not be allowed if environment variable begins with a digit
• BZ - 684063 - code defects in tcsh-6.17.00-glob-automount.patch
• BZ - 690356 - tcsh doesn't exit when child killed, consumes 100% cpu
• BZ - 700309 - null pointer dereference crashes tcsh

CVEs

(none)

References

(none)