Skip to navigation

Security Advisory libtiff security update

Advisory: RHSA-2005:019-11
Type: Security Advisory
Severity: Important
Issued on: 2005-01-13
Last updated on: 2005-01-13
Affected Products: Red Hat Desktop (v. 3)
Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
CVEs (cve.mitre.org): CVE-2004-1183
CVE-2004-1308

Details

Updated libtiff packages that fix various integer overflows are now available.

The libtiff package contains a library of functions for manipulating TIFF
(Tagged Image File Format) image format files.

iDEFENSE has reported an integer overflow bug that affects libtiff. An
attacker who has the ability to trick a user into opening a malicious TIFF
file could cause the application linked to libtiff to crash or possibly
execute arbitrary code. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-1308 to this issue.

Dmitry V. Levin reported another integer overflow in the tiffdump
utility. An atacker who has the ability to trick a user into opening a
malicious TIFF file with tiffdump could possibly execute arbitrary code.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-1183 to this issue.

All users are advised to upgrade to these updated packages, which contain
backported fixes for these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

Updated packages

Red Hat Desktop (v. 3)

IA-32:
libtiff-3.5.7-22.el3.i386.rpm
File outdated by:  RHSA-2010:0520
    MD5: 92b6f791091a438b1b798907dcdac625
libtiff-devel-3.5.7-22.el3.i386.rpm
File outdated by:  RHSA-2010:0520
    MD5: 85e8a16f6b0a069ee6136eb05fd08271
 
x86_64:
libtiff-3.5.7-22.el3.i386.rpm
File outdated by:  RHSA-2010:0520
    MD5: 92b6f791091a438b1b798907dcdac625
libtiff-3.5.7-22.el3.x86_64.rpm
File outdated by:  RHSA-2010:0520
    MD5: a475413f7d6f4dee48624fbf0ab6cb53
libtiff-devel-3.5.7-22.el3.x86_64.rpm
File outdated by:  RHSA-2010:0520
    MD5: 343b7da68281c2ec25351005bd1ab081
 
Red Hat Enterprise Linux AS (v. 2.1)

IA-32:
libtiff-3.5.5-19.i386.rpm
File outdated by:  RHSA-2008:0863
    MD5: ebdab894fe8b36793f3d277ecac3e870
libtiff-devel-3.5.5-19.i386.rpm
File outdated by:  RHSA-2008:0863
    MD5: 74c12e5af9b426a1c50bb906a50db452
 
IA-64:
libtiff-3.5.5-19.ia64.rpm
File outdated by:  RHSA-2008:0863
    MD5: c6c4648dfb26f03792898db6e75025e2
libtiff-devel-3.5.5-19.ia64.rpm
File outdated by:  RHSA-2008:0863
    MD5: 0e2f3a5d95535589bdc71c96f6740b40
 
Red Hat Enterprise Linux AS (v. 3)

IA-32:
libtiff-3.5.7-22.el3.i386.rpm
File outdated by:  RHSA-2010:0520
    MD5: 92b6f791091a438b1b798907dcdac625
libtiff-devel-3.5.7-22.el3.i386.rpm
File outdated by:  RHSA-2010:0520
    MD5: 85e8a16f6b0a069ee6136eb05fd08271
 
IA-64:
libtiff-3.5.7-22.el3.i386.rpm
File outdated by:  RHSA-2010:0520
    MD5: 92b6f791091a438b1b798907dcdac625
libtiff-3.5.7-22.el3.ia64.rpm
File outdated by:  RHSA-2010:0520
    MD5: 19f8fab02cba5e20525f98eedf00b81d
libtiff-devel-3.5.7-22.el3.ia64.rpm
File outdated by:  RHSA-2010:0520
    MD5: a8fe08e3128aeb918b9fd60f1750616a
 
PPC:
libtiff-3.5.7-22.el3.ppc.rpm
File outdated by:  RHSA-2010:0520
    MD5: b8d6bab0db333287b4737527f5f276b5
libtiff-3.5.7-22.el3.ppc64.rpm
File outdated by:  RHSA-2010:0520
    MD5: feee358ad4505b384359daefe9b14a5d
libtiff-devel-3.5.7-22.el3.ppc.rpm
File outdated by:  RHSA-2010:0520
    MD5: e9fd3b43c0b3d2adc9da465c09260e07
 
s390:
libtiff-3.5.7-22.el3.s390.rpm
File outdated by:  RHSA-2010:0520
    MD5: c532e0a2c9dbcd499499431aeccef2f5
libtiff-devel-3.5.7-22.el3.s390.rpm
File outdated by:  RHSA-2010:0520
    MD5: 87fc4f5c36a512ee3015e27159c0ca21
 
s390x:
libtiff-3.5.7-22.el3.s390.rpm
File outdated by:  RHSA-2010:0520
    MD5: c532e0a2c9dbcd499499431aeccef2f5
libtiff-3.5.7-22.el3.s390x.rpm
File outdated by:  RHSA-2010:0520
    MD5: 092ccc24332cc5664aee3425879c51e1
libtiff-devel-3.5.7-22.el3.s390x.rpm
File outdated by:  RHSA-2010:0520
    MD5: b5a4e320b091a5a2ccff69d50c8a57e3
 
x86_64:
libtiff-3.5.7-22.el3.i386.rpm
File outdated by:  RHSA-2010:0520
    MD5: 92b6f791091a438b1b798907dcdac625
libtiff-3.5.7-22.el3.x86_64.rpm
File outdated by:  RHSA-2010:0520
    MD5: a475413f7d6f4dee48624fbf0ab6cb53
libtiff-devel-3.5.7-22.el3.x86_64.rpm
File outdated by:  RHSA-2010:0520
    MD5: 343b7da68281c2ec25351005bd1ab081
 
Red Hat Enterprise Linux ES (v. 2.1)

IA-32:
libtiff-3.5.5-19.i386.rpm
File outdated by:  RHSA-2008:0863
    MD5: ebdab894fe8b36793f3d277ecac3e870
libtiff-devel-3.5.5-19.i386.rpm
File outdated by:  RHSA-2008:0863
    MD5: 74c12e5af9b426a1c50bb906a50db452
 
Red Hat Enterprise Linux ES (v. 3)

IA-32:
libtiff-3.5.7-22.el3.i386.rpm
File outdated by:  RHSA-2010:0520
    MD5: 92b6f791091a438b1b798907dcdac625
libtiff-devel-3.5.7-22.el3.i386.rpm
File outdated by:  RHSA-2010:0520
    MD5: 85e8a16f6b0a069ee6136eb05fd08271
 
IA-64:
libtiff-3.5.7-22.el3.i386.rpm
File outdated by:  RHSA-2010:0520
    MD5: 92b6f791091a438b1b798907dcdac625
libtiff-3.5.7-22.el3.ia64.rpm
File outdated by:  RHSA-2010:0520
    MD5: 19f8fab02cba5e20525f98eedf00b81d
libtiff-devel-3.5.7-22.el3.ia64.rpm
File outdated by:  RHSA-2010:0520
    MD5: a8fe08e3128aeb918b9fd60f1750616a
 
x86_64:
libtiff-3.5.7-22.el3.i386.rpm
File outdated by:  RHSA-2010:0520
    MD5: 92b6f791091a438b1b798907dcdac625
libtiff-3.5.7-22.el3.x86_64.rpm
File outdated by:  RHSA-2010:0520
    MD5: a475413f7d6f4dee48624fbf0ab6cb53
libtiff-devel-3.5.7-22.el3.x86_64.rpm
File outdated by:  RHSA-2010:0520
    MD5: 343b7da68281c2ec25351005bd1ab081
 
Red Hat Enterprise Linux WS (v. 2.1)

IA-32:
libtiff-3.5.5-19.i386.rpm
File outdated by:  RHSA-2008:0863
    MD5: ebdab894fe8b36793f3d277ecac3e870
libtiff-devel-3.5.5-19.i386.rpm
File outdated by:  RHSA-2008:0863
    MD5: 74c12e5af9b426a1c50bb906a50db452
 
Red Hat Enterprise Linux WS (v. 3)

IA-32:
libtiff-3.5.7-22.el3.i386.rpm
File outdated by:  RHSA-2010:0520
    MD5: 92b6f791091a438b1b798907dcdac625
libtiff-devel-3.5.7-22.el3.i386.rpm
File outdated by:  RHSA-2010:0520
    MD5: 85e8a16f6b0a069ee6136eb05fd08271
 
IA-64:
libtiff-3.5.7-22.el3.i386.rpm
File outdated by:  RHSA-2010:0520
    MD5: 92b6f791091a438b1b798907dcdac625
libtiff-3.5.7-22.el3.ia64.rpm
File outdated by:  RHSA-2010:0520
    MD5: 19f8fab02cba5e20525f98eedf00b81d
libtiff-devel-3.5.7-22.el3.ia64.rpm
File outdated by:  RHSA-2010:0520
    MD5: a8fe08e3128aeb918b9fd60f1750616a
 
x86_64:
libtiff-3.5.7-22.el3.i386.rpm
File outdated by:  RHSA-2010:0520
    MD5: 92b6f791091a438b1b798907dcdac625
libtiff-3.5.7-22.el3.x86_64.rpm
File outdated by:  RHSA-2010:0520
    MD5: a475413f7d6f4dee48624fbf0ab6cb53
libtiff-devel-3.5.7-22.el3.x86_64.rpm
File outdated by:  RHSA-2010:0520
    MD5: 343b7da68281c2ec25351005bd1ab081
 
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor

IA-64:
libtiff-3.5.5-19.ia64.rpm
File outdated by:  RHSA-2008:0863
    MD5: c6c4648dfb26f03792898db6e75025e2
libtiff-devel-3.5.5-19.ia64.rpm
File outdated by:  RHSA-2008:0863
    MD5: 0e2f3a5d95535589bdc71c96f6740b40
 

Bugs fixed (see bugzilla for more information)

143505 - CAN-2004-1308 LibTIFF Directory Entry Count Integer Overflow Vulnerability
143577 - libtiff integer overflow.


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/