Synopsis: Important: libtiff security update Issue date: 2008-08-28 CVE Names: CVE-2008-2327 CVE-2006-2193 Multiple uses of uninitialized values were discovered in libtiff's Lempel-Ziv-Welch (LZW) compression algorithm decoder. An attacker could create a carefully crafted LZW-encoded TIFF file that would cause an application linked with libtiff to crash or, possibly, execute arbitrary code. (CVE-2008-2327) SL4: A buffer overflow flaw was discovered in the tiff2pdf conversion program distributed with libtiff. An attacker could create a TIFF file containing UTF-8 characters that would, when converted to PDF format, cause tiff2pdf to crash, or, possibly, execute arbitrary code. (CVE-2006-2193) SL4 & SL5: Additionally, these updated packages fix the following bug: * the libtiff packages included manual pages for the sgi2tiff and tiffsv commands, which are not included in these packages. These extraneous manual pages were removed. SL 3.0.x SRPMS: libtiff-3.5.7-31.el3.src.rpm i386: libtiff-3.5.7-31.el3.i386.rpm libtiff-devel-3.5.7-31.el3.i386.rpm x86_64: libtiff-3.5.7-31.el3.i386.rpm libtiff-3.5.7-31.el3.x86_64.rpm libtiff-devel-3.5.7-31.el3.x86_64.rpm SL 4.x SRPMS: libtiff-3.6.1-12.el4_7.2.src.rpm i386: libtiff-3.6.1-12.el4_7.2.i386.rpm libtiff-devel-3.6.1-12.el4_7.2.i386.rpm x86_64: libtiff-3.6.1-12.el4_7.2.i386.rpm libtiff-3.6.1-12.el4_7.2.x86_64.rpm libtiff-devel-3.6.1-12.el4_7.2.x86_64.rpm SL 5.x SRPMS: libtiff-3.8.2-7.el5_2.2.src.rpm i386: libtiff-3.8.2-7.el5_2.2.i386.rpm libtiff-devel-3.8.2-7.el5_2.2.i386.rpm x86_64: libtiff-3.8.2-7.el5_2.2.i386.rpm libtiff-3.8.2-7.el5_2.2.x86_64.rpm libtiff-devel-3.8.2-7.el5_2.2.i386.rpm libtiff-devel-3.8.2-7.el5_2.2.x86_64.rpm -Connie Sieh -Troy Dawson