Synopsis:	Important: libtiff security update
Issue date:	2008-08-28
CVE Names:	CVE-2008-2327 CVE-2006-2193

Multiple uses of uninitialized values were discovered in libtiff's
Lempel-Ziv-Welch (LZW) compression algorithm decoder. An attacker could
create a carefully crafted LZW-encoded TIFF file that would cause an
application linked with libtiff to crash or, possibly, execute arbitrary
code. (CVE-2008-2327)

SL4: A buffer overflow flaw was discovered in the tiff2pdf conversion program
distributed with libtiff. An attacker could create a TIFF file containing
UTF-8 characters that would, when converted to PDF format, cause tiff2pdf
to crash, or, possibly, execute arbitrary code. (CVE-2006-2193)

SL4 & SL5:
Additionally, these updated packages fix the following bug:

* the libtiff packages included manual pages for the sgi2tiff and tiffsv
commands, which are not included in these packages. These extraneous manual
pages were removed.

SL 3.0.x

      SRPMS:
libtiff-3.5.7-31.el3.src.rpm
      i386:
libtiff-3.5.7-31.el3.i386.rpm
libtiff-devel-3.5.7-31.el3.i386.rpm
      x86_64:
libtiff-3.5.7-31.el3.i386.rpm
libtiff-3.5.7-31.el3.x86_64.rpm
libtiff-devel-3.5.7-31.el3.x86_64.rpm

SL 4.x

      SRPMS:
libtiff-3.6.1-12.el4_7.2.src.rpm
      i386:
libtiff-3.6.1-12.el4_7.2.i386.rpm
libtiff-devel-3.6.1-12.el4_7.2.i386.rpm
      x86_64:
libtiff-3.6.1-12.el4_7.2.i386.rpm
libtiff-3.6.1-12.el4_7.2.x86_64.rpm
libtiff-devel-3.6.1-12.el4_7.2.x86_64.rpm

SL 5.x

      SRPMS:
libtiff-3.8.2-7.el5_2.2.src.rpm
      i386:
libtiff-3.8.2-7.el5_2.2.i386.rpm
libtiff-devel-3.8.2-7.el5_2.2.i386.rpm
      x86_64:
libtiff-3.8.2-7.el5_2.2.i386.rpm
libtiff-3.8.2-7.el5_2.2.x86_64.rpm
libtiff-devel-3.8.2-7.el5_2.2.i386.rpm
libtiff-devel-3.8.2-7.el5_2.2.x86_64.rpm

-Connie Sieh
-Troy Dawson