Skip to navigation

Security Advisory libtiff security update

Advisory: RHSA-2004:577-16
Type: Security Advisory
Severity: Important
Issued on: 2004-10-22
Last updated on: 2004-10-22
Affected Products: Red Hat Desktop (v. 3)
Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
CVEs (cve.mitre.org): CVE-2004-0803
CVE-2004-0804
CVE-2004-0886
CVE-2004-1307

Details

Updated libtiff packages that fix various buffer and integer overflows are
now available.

The libtiff package contains a library of functions for manipulating TIFF
(Tagged Image File Format) image format files. TIFF is a widely used file
format for bitmapped images.

During a source code audit, Chris Evans discovered a number of integer
overflow bugs that affect libtiff. An attacker who has the ability to trick
a user into opening a malicious TIFF file could cause the application
linked to libtiff to crash or possibly execute arbitrary code. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
names CAN-2004-0886 and CAN-2004-0804 to these issues.

Additionally, a number of buffer overflow bugs that affect libtiff have
been found. An attacker who has the ability to trick a user into opening a
malicious TIFF file could cause the application linked to libtiff to crash
or possibly execute arbitrary code. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-0803 to
this issue.

All users are advised to upgrade to these errata packages, which contain
fixes for these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

Updated packages

Red Hat Desktop (v. 3)
SRPMS:
libtiff-3.5.7-20.1.src.rpm
File outdated by:  RHSA-2010:0520		     MD5: 63d28c10b3bd0c697395b236c675fc79
libtiff-3.5.7-20.1.src.rpm
File outdated by:  RHSA-2010:0520		     MD5: 63d28c10b3bd0c697395b236c675fc79
 
IA-32:
libtiff-3.5.7-20.1.i386.rpm
File outdated by:  RHSA-2010:0520		     MD5: 818848dcbf461a6f37790579d8c80f0f
libtiff-devel-3.5.7-20.1.i386.rpm
File outdated by:  RHSA-2010:0520		     MD5: 41d907de858669e84d1a2c9bad3c5051
 
x86_64:
libtiff-3.5.7-20.1.i386.rpm
File outdated by:  RHSA-2010:0520		     MD5: 818848dcbf461a6f37790579d8c80f0f
libtiff-3.5.7-20.1.x86_64.rpm
File outdated by:  RHSA-2010:0520		     MD5: 47246fe4da56c5bd5c75c35a50d7ad7c
libtiff-devel-3.5.7-20.1.x86_64.rpm
File outdated by:  RHSA-2010:0520		     MD5: 51458cc4571eff6f68fa528b19acbd68
 
Red Hat Enterprise Linux AS (v. 2.1)
SRPMS:
libtiff-3.5.5-17.src.rpm
File outdated by:  RHSA-2008:0863		     MD5: 81fdc07747655ddf15df50f3e091bd88
 
IA-32:
libtiff-3.5.5-17.i386.rpm
File outdated by:  RHSA-2008:0863		     MD5: 3c3cfb6ea1d426f7dfaf3eba049b01fa
libtiff-devel-3.5.5-17.i386.rpm
File outdated by:  RHSA-2008:0863		     MD5: bed65897ba0f56dd646cfe108d16ec53
 
IA-64:
libtiff-3.5.5-17.ia64.rpm
File outdated by:  RHSA-2008:0863		     MD5: 2dd106332e7f94e7c1b68a259b697527
libtiff-devel-3.5.5-17.ia64.rpm
File outdated by:  RHSA-2008:0863		     MD5: f55c05ad31942a5c55e05afc3f1cffac
 
Red Hat Enterprise Linux AS (v. 3)
SRPMS:
libtiff-3.5.7-20.1.src.rpm
File outdated by:  RHSA-2010:0520		     MD5: 63d28c10b3bd0c697395b236c675fc79
libtiff-3.5.7-20.1.src.rpm
File outdated by:  RHSA-2010:0520		     MD5: 63d28c10b3bd0c697395b236c675fc79
 
IA-32:
libtiff-3.5.7-20.1.i386.rpm
File outdated by:  RHSA-2010:0520		     MD5: 818848dcbf461a6f37790579d8c80f0f
libtiff-devel-3.5.7-20.1.i386.rpm
File outdated by:  RHSA-2010:0520		     MD5: 41d907de858669e84d1a2c9bad3c5051
 
IA-64:
libtiff-3.5.7-20.1.i386.rpm
File outdated by:  RHSA-2010:0520		     MD5: 818848dcbf461a6f37790579d8c80f0f
libtiff-3.5.7-20.1.ia64.rpm
File outdated by:  RHSA-2010:0520		     MD5: 223bd77614b274ea88e82cc2b7179fc5
libtiff-devel-3.5.7-20.1.ia64.rpm
File outdated by:  RHSA-2010:0520		     MD5: f28363290fa144bdc459ff3804cdf5aa
 
PPC:
libtiff-3.5.7-20.1.ppc.rpm
File outdated by:  RHSA-2010:0520		     MD5: 10659dd13f97307f8066a4807f941264
libtiff-3.5.7-20.1.ppc64.rpm
File outdated by:  RHSA-2010:0520		     MD5: b439935cb94f59e804e51ec43bf1f990
libtiff-devel-3.5.7-20.1.ppc.rpm
File outdated by:  RHSA-2010:0520		     MD5: baf93839e20c42f0a60690a19eabd883
 
s390:
libtiff-3.5.7-20.1.s390.rpm
File outdated by:  RHSA-2010:0520		     MD5: 1455a42e3976cae523bf87e3708ff35e
libtiff-devel-3.5.7-20.1.s390.rpm
File outdated by:  RHSA-2010:0520		     MD5: 8a4ba4c7c08f3c7774b1596ff10ba15a
 
s390x:
libtiff-3.5.7-20.1.s390.rpm
File outdated by:  RHSA-2010:0520		     MD5: 1455a42e3976cae523bf87e3708ff35e
libtiff-3.5.7-20.1.s390x.rpm
File outdated by:  RHSA-2010:0520		     MD5: a3be3779774c347e96d761cbd97ff898
libtiff-devel-3.5.7-20.1.s390x.rpm
File outdated by:  RHSA-2010:0520		     MD5: bc686fba5bea3978cdfaa99134615e77
 
x86_64:
libtiff-3.5.7-20.1.i386.rpm
File outdated by:  RHSA-2010:0520		     MD5: 818848dcbf461a6f37790579d8c80f0f
libtiff-3.5.7-20.1.x86_64.rpm
File outdated by:  RHSA-2010:0520		     MD5: 47246fe4da56c5bd5c75c35a50d7ad7c
libtiff-devel-3.5.7-20.1.x86_64.rpm
File outdated by:  RHSA-2010:0520		     MD5: 51458cc4571eff6f68fa528b19acbd68
 
Red Hat Enterprise Linux ES (v. 2.1)
SRPMS:
libtiff-3.5.5-17.src.rpm
File outdated by:  RHSA-2008:0863		     MD5: 81fdc07747655ddf15df50f3e091bd88
 
IA-32:
libtiff-3.5.5-17.i386.rpm
File outdated by:  RHSA-2008:0863		     MD5: 3c3cfb6ea1d426f7dfaf3eba049b01fa
libtiff-devel-3.5.5-17.i386.rpm
File outdated by:  RHSA-2008:0863		     MD5: bed65897ba0f56dd646cfe108d16ec53
 
Red Hat Enterprise Linux ES (v. 3)
SRPMS:
libtiff-3.5.7-20.1.src.rpm
File outdated by:  RHSA-2010:0520		     MD5: 63d28c10b3bd0c697395b236c675fc79
libtiff-3.5.7-20.1.src.rpm
File outdated by:  RHSA-2010:0520		     MD5: 63d28c10b3bd0c697395b236c675fc79
 
IA-32:
libtiff-3.5.7-20.1.i386.rpm
File outdated by:  RHSA-2010:0520		     MD5: 818848dcbf461a6f37790579d8c80f0f
libtiff-devel-3.5.7-20.1.i386.rpm
File outdated by:  RHSA-2010:0520		     MD5: 41d907de858669e84d1a2c9bad3c5051
 
IA-64:
libtiff-3.5.7-20.1.i386.rpm
File outdated by:  RHSA-2010:0520		     MD5: 818848dcbf461a6f37790579d8c80f0f
libtiff-3.5.7-20.1.ia64.rpm
File outdated by:  RHSA-2010:0520		     MD5: 223bd77614b274ea88e82cc2b7179fc5
libtiff-devel-3.5.7-20.1.ia64.rpm
File outdated by:  RHSA-2010:0520		     MD5: f28363290fa144bdc459ff3804cdf5aa
 
x86_64:
libtiff-3.5.7-20.1.i386.rpm
File outdated by:  RHSA-2010:0520		     MD5: 818848dcbf461a6f37790579d8c80f0f
libtiff-3.5.7-20.1.x86_64.rpm
File outdated by:  RHSA-2010:0520		     MD5: 47246fe4da56c5bd5c75c35a50d7ad7c
libtiff-devel-3.5.7-20.1.x86_64.rpm
File outdated by:  RHSA-2010:0520		     MD5: 51458cc4571eff6f68fa528b19acbd68
 
Red Hat Enterprise Linux WS (v. 2.1)
SRPMS:
libtiff-3.5.5-17.src.rpm
File outdated by:  RHSA-2008:0863		     MD5: 81fdc07747655ddf15df50f3e091bd88
 
IA-32:
libtiff-3.5.5-17.i386.rpm
File outdated by:  RHSA-2008:0863		     MD5: 3c3cfb6ea1d426f7dfaf3eba049b01fa
libtiff-devel-3.5.5-17.i386.rpm
File outdated by:  RHSA-2008:0863		     MD5: bed65897ba0f56dd646cfe108d16ec53
 
Red Hat Enterprise Linux WS (v. 3)
SRPMS:
libtiff-3.5.7-20.1.src.rpm
File outdated by:  RHSA-2010:0520		     MD5: 63d28c10b3bd0c697395b236c675fc79
libtiff-3.5.7-20.1.src.rpm
File outdated by:  RHSA-2010:0520		     MD5: 63d28c10b3bd0c697395b236c675fc79
 
IA-32:
libtiff-3.5.7-20.1.i386.rpm
File outdated by:  RHSA-2010:0520		     MD5: 818848dcbf461a6f37790579d8c80f0f
libtiff-devel-3.5.7-20.1.i386.rpm
File outdated by:  RHSA-2010:0520		     MD5: 41d907de858669e84d1a2c9bad3c5051
 
IA-64:
libtiff-3.5.7-20.1.i386.rpm
File outdated by:  RHSA-2010:0520		     MD5: 818848dcbf461a6f37790579d8c80f0f
libtiff-3.5.7-20.1.ia64.rpm
File outdated by:  RHSA-2010:0520		     MD5: 223bd77614b274ea88e82cc2b7179fc5
libtiff-devel-3.5.7-20.1.ia64.rpm
File outdated by:  RHSA-2010:0520		     MD5: f28363290fa144bdc459ff3804cdf5aa
 
x86_64:
libtiff-3.5.7-20.1.i386.rpm
File outdated by:  RHSA-2010:0520		     MD5: 818848dcbf461a6f37790579d8c80f0f
libtiff-3.5.7-20.1.x86_64.rpm
File outdated by:  RHSA-2010:0520		     MD5: 47246fe4da56c5bd5c75c35a50d7ad7c
libtiff-devel-3.5.7-20.1.x86_64.rpm
File outdated by:  RHSA-2010:0520		     MD5: 51458cc4571eff6f68fa528b19acbd68
 
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
SRPMS:
libtiff-3.5.5-17.src.rpm
File outdated by:  RHSA-2008:0863		     MD5: 81fdc07747655ddf15df50f3e091bd88
 
IA-64:
libtiff-3.5.5-17.ia64.rpm
File outdated by:  RHSA-2008:0863		     MD5: 2dd106332e7f94e7c1b68a259b697527
libtiff-devel-3.5.5-17.ia64.rpm
File outdated by:  RHSA-2008:0863		     MD5: f55c05ad31942a5c55e05afc3f1cffac
 

Bugs fixed (see bugzilla for more information)

134847 - CAN-2004-0803 buffer overflows in libtiff
134850 - CAN-2004-0886 multiple integer overflows in libtiff


References

https://www.redhat.com/security/data/cve/CVE-2004-0803.html
https://www.redhat.com/security/data/cve/CVE-2004-0804.html
https://www.redhat.com/security/data/cve/CVE-2004-0886.html
https://www.redhat.com/security/data/cve/CVE-2004-1307.html

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/