Synopsis: Important: libtiff security update Issue date: 2011-04-18 CVE Names: CVE-2009-5022 A heap-based buffer overflow flaw was found in the way libtiff processed certain TIFF image files that were compressed with the JPEG compression algorithm. An attacker could use this flaw to create a specially-crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. (CVE-2009-5022) All running applications linked against libtiff must be restarted for this update to take effect. SL 6.x SRPMS: libtiff-3.9.4-1.el6_0.3.src.rpm i386: libtiff-3.9.4-1.el6_0.3.i686.rpm libtiff-devel-3.9.4-1.el6_0.3.i686.rpm libtiff-static-3.9.4-1.el6_0.3.i686.rpm x86_64: libtiff-3.9.4-1.el6_0.3.i686.rpm libtiff-3.9.4-1.el6_0.3.x86_64.rpm libtiff-devel-3.9.4-1.el6_0.3.i686.rpm libtiff-devel-3.9.4-1.el6_0.3.x86_64.rpm libtiff-static-3.9.4-1.el6_0.3.x86_64.rpm - Scientific Linux Development Team