Synopsis: Important: libtiff security update Issue date: 2010-07-08 CVE Names: CVE-2010-1411 CVE-2010-2481 CVE-2010-2483 CVE-2010-2595 CVE-2010-2597 CVE-2010-2598 Multiple integer overflow flaws, leading to a buffer overflow, were discovered in libtiff. An attacker could use these flaws to create a specially-crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. (CVE-2010-1411) Multiple input validation flaws were discovered in libtiff. An attacker could use these flaws to create a specially-crafted TIFF file that, when opened, would cause an application linked against libtiff to crash. (CVE-2010-2481, CVE-2010-2483, CVE-2010-2595, CVE-2010-2597) - SL4, SL5 An input validation flaw was discovered in libtiff. An attacker could use this flaw to create a specially-crafted TIFF file that, when opened, would cause an application linked against libtiff to crash. (CVE-2010-2598) - SL3 All runningapplications linked against libtiff must be restarted for this update to take effect. SL 3.0.x SRPMS: libtiff-3.5.7-34.el3.src.rpm i386: libtiff-3.5.7-34.el3.i386.rpm libtiff-devel-3.5.7-34.el3.i386.rpm x86_64: libtiff-3.5.7-34.el3.i386.rpm libtiff-3.5.7-34.el3.x86_64.rpm libtiff-devel-3.5.7-34.el3.x86_64.rpm SL 4.x SRPMS: libtiff-3.6.1-12.el4_8.5.src.rpm i386: libtiff-3.6.1-12.el4_8.5.i386.rpm libtiff-devel-3.6.1-12.el4_8.5.i386.rpm x86_64: libtiff-3.6.1-12.el4_8.5.i386.rpm libtiff-3.6.1-12.el4_8.5.x86_64.rpm libtiff-devel-3.6.1-12.el4_8.5.x86_64.rpm SL 5.x SRPMS: libtiff-3.8.2-7.el5_5.5.src.rpm i386: libtiff-3.8.2-7.el5_5.5.i386.rpm libtiff-devel-3.8.2-7.el5_5.5.i386.rpm x86_64: libtiff-3.8.2-7.el5_5.5.i386.rpm libtiff-3.8.2-7.el5_5.5.x86_64.rpm libtiff-devel-3.8.2-7.el5_5.5.i386.rpm libtiff-devel-3.8.2-7.el5_5.5.x86_64.rpm -Connie Sieh -Troy Dawson