LISTSERV - SCIENTIFIC-LINUX-ERRATA Archives

SCIENTIFIC-LINUX-ERRATA Archives

December 2012

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-ERRATA Home
	SCIENTIFIC-LINUX-ERRATA December 2012

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Security ERRATA Moderate: libtiff on SL5.x, SL6.x i386/x86_64
From:	Pat Riehecky <[log in to unmask]>
Reply To:	Pat Riehecky <[log in to unmask]>
Date:	Wed, 19 Dec 2012 09:45:16 -0600
Content-Type:	text/plain
Parts/Attachments:	text/plain (64 lines)

Synopsis:          Moderate: libtiff security update
Issue Date:        2012-12-18
CVE Numbers:       CVE-2012-3401
                    CVE-2012-4447
                    CVE-2012-5581
                    CVE-2012-4564
--

A heap-based buffer overflow flaw was found in the way libtiff processed
certain TIFF images using the Pixar Log Format encoding. An attacker could
create a specially-crafted TIFF file that, when opened, could cause an
application using libtiff to crash or, possibly, execute arbitrary code with
the privileges of the user running the application. (CVE-2012-4447)

A stack-based buffer overflow flaw was found in the way libtiff handled
DOTRANGE tags. An attacker could use this flaw to create a specially-crafted
TIFF file that, when opened, would cause an application linked against 
libtiff
to crash or, possibly, execute arbitrary code. (CVE-2012-5581)

A heap-based buffer overflow flaw was found in the tiff2pdf tool. An 
attacker
could use this flaw to create a specially-crafted TIFF file that would cause
tiff2pdf to crash or, possibly, execute arbitrary code. (CVE-2012-3401)

A missing return value check flaw, leading to a heap-based buffer 
overflow, was
found in the ppm2tiff tool. An attacker could use this flaw to create a
specially-crafted PPM (Portable Pixel Map) file that would cause ppm2tiff to
crash or, possibly, execute arbitrary code. (CVE-2012-4564)

All running applications linked against libtiff must be restarted for this
update to take effect.
--

SL5
   x86_64
     libtiff-3.8.2-18.el5_8.i386.rpm
     libtiff-3.8.2-18.el5_8.x86_64.rpm
     libtiff-debuginfo-3.8.2-18.el5_8.i386.rpm
     libtiff-debuginfo-3.8.2-18.el5_8.x86_64.rpm
     libtiff-devel-3.8.2-18.el5_8.i386.rpm
     libtiff-devel-3.8.2-18.el5_8.x86_64.rpm
   i386
     libtiff-3.8.2-18.el5_8.i386.rpm
     libtiff-debuginfo-3.8.2-18.el5_8.i386.rpm
     libtiff-devel-3.8.2-18.el5_8.i386.rpm
SL6
   x86_64
     libtiff-3.9.4-9.el6_3.i686.rpm
     libtiff-3.9.4-9.el6_3.x86_64.rpm
     libtiff-debuginfo-3.9.4-9.el6_3.i686.rpm
     libtiff-debuginfo-3.9.4-9.el6_3.x86_64.rpm
     libtiff-devel-3.9.4-9.el6_3.i686.rpm
     libtiff-devel-3.9.4-9.el6_3.x86_64.rpm
     libtiff-static-3.9.4-9.el6_3.x86_64.rpm
   i386
     libtiff-3.9.4-9.el6_3.i686.rpm
     libtiff-debuginfo-3.9.4-9.el6_3.i686.rpm
     libtiff-devel-3.9.4-9.el6_3.i686.rpm
     libtiff-static-3.9.4-9.el6_3.i686.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV