Subject: | |
From: | |
Reply To: | |
Date: | Fri, 29 Aug 2008 14:24:10 -0500 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Synopsis: Important: libtiff security update
Issue date: 2008-08-28
CVE Names: CVE-2008-2327 CVE-2006-2193
Multiple uses of uninitialized values were discovered in libtiff's
Lempel-Ziv-Welch (LZW) compression algorithm decoder. An attacker could
create a carefully crafted LZW-encoded TIFF file that would cause an
application linked with libtiff to crash or, possibly, execute arbitrary
code. (CVE-2008-2327)
SL4: A buffer overflow flaw was discovered in the tiff2pdf conversion program
distributed with libtiff. An attacker could create a TIFF file containing
UTF-8 characters that would, when converted to PDF format, cause tiff2pdf
to crash, or, possibly, execute arbitrary code. (CVE-2006-2193)
SL4 & SL5:
Additionally, these updated packages fix the following bug:
* the libtiff packages included manual pages for the sgi2tiff and tiffsv
commands, which are not included in these packages. These extraneous manual
pages were removed.
SL 3.0.x
SRPMS:
libtiff-3.5.7-31.el3.src.rpm
i386:
libtiff-3.5.7-31.el3.i386.rpm
libtiff-devel-3.5.7-31.el3.i386.rpm
x86_64:
libtiff-3.5.7-31.el3.i386.rpm
libtiff-3.5.7-31.el3.x86_64.rpm
libtiff-devel-3.5.7-31.el3.x86_64.rpm
SL 4.x
SRPMS:
libtiff-3.6.1-12.el4_7.2.src.rpm
i386:
libtiff-3.6.1-12.el4_7.2.i386.rpm
libtiff-devel-3.6.1-12.el4_7.2.i386.rpm
x86_64:
libtiff-3.6.1-12.el4_7.2.i386.rpm
libtiff-3.6.1-12.el4_7.2.x86_64.rpm
libtiff-devel-3.6.1-12.el4_7.2.x86_64.rpm
SL 5.x
SRPMS:
libtiff-3.8.2-7.el5_2.2.src.rpm
i386:
libtiff-3.8.2-7.el5_2.2.i386.rpm
libtiff-devel-3.8.2-7.el5_2.2.i386.rpm
x86_64:
libtiff-3.8.2-7.el5_2.2.i386.rpm
libtiff-3.8.2-7.el5_2.2.x86_64.rpm
libtiff-devel-3.8.2-7.el5_2.2.i386.rpm
libtiff-devel-3.8.2-7.el5_2.2.x86_64.rpm
-Connie Sieh
-Troy Dawson
|
|
|