Skip to navigation

Security Advisory libtiff security update

Advisory: RHSA-2006:0425-5
Type: Security Advisory
Severity: Important
Issued on: 2006-05-09
Last updated on: 2006-05-09
Affected Products: Red Hat Desktop (v. 3)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Enterprise Linux WS (v. 4)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
CVEs (cve.mitre.org): CVE-2006-2024
CVE-2006-2025
CVE-2006-2026
CVE-2006-2120

Details

Updated libtiff packages that fix several security flaws are now available
for Red Hat Enterprise Linux.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

The libtiff package contains a library of functions for manipulating TIFF
(Tagged Image File Format) image format files.

An integer overflow flaw was discovered in libtiff. An attacker could
create a carefully crafted TIFF file in such a way that it could cause an
application linked with libtiff to crash or possibly execute arbitrary
code. (CVE-2006-2025)

A double free flaw was discovered in libtiff. An attacker could create a
carefully crafted TIFF file in such a way that it could cause an
application linked with libtiff to crash or possibly execute arbitrary
code. (CVE-2006-2026)

Several denial of service flaws were discovered in libtiff. An attacker
could create a carefully crafted TIFF file in such a way that it could
cause an application linked with libtiff to crash. (CVE-2006-2024,
CVE-2006-2120)

All users are advised to upgrade to these updated packages, which contain
backported fixes for these issues.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages

Red Hat Desktop (v. 3)

SRPMS:
libtiff-3.5.7-25.el3.1.src.rpm
File outdated by:  RHSA-2010:0520
    MD5: 1490807b5d6fbda4ee076ea8f5680fee
 
IA-32:
libtiff-3.5.7-25.el3.1.i386.rpm
File outdated by:  RHSA-2010:0520
    MD5: 24db138a653e9c931fab2f6e78450c6f
libtiff-devel-3.5.7-25.el3.1.i386.rpm
File outdated by:  RHSA-2010:0520
    MD5: cfaef3999623396ab3024ebe7e38335b
 
x86_64:
libtiff-3.5.7-25.el3.1.i386.rpm
File outdated by:  RHSA-2010:0520
    MD5: 24db138a653e9c931fab2f6e78450c6f
libtiff-3.5.7-25.el3.1.x86_64.rpm
File outdated by:  RHSA-2010:0520
    MD5: 7f9c8bb211fbdb36a0d45f80b4ba3a91
libtiff-devel-3.5.7-25.el3.1.x86_64.rpm
File outdated by:  RHSA-2010:0520
    MD5: 26133072ae5ea80696b2fdf5241c3d99
 
Red Hat Desktop (v. 4)

SRPMS:
libtiff-3.6.1-10.src.rpm
File outdated by:  RHSA-2011:0392
    MD5: f187e5faa4a9e9217decb8226ab1f320
 
IA-32:
libtiff-3.6.1-10.i386.rpm
File outdated by:  RHSA-2011:0392
    MD5: 7ed5bd7e2376a403e733737ca8f258ab
libtiff-devel-3.6.1-10.i386.rpm
File outdated by:  RHSA-2011:0392
    MD5: 65b8fe42255d336352887a472a5fb029
 
x86_64:
libtiff-3.6.1-10.i386.rpm
File outdated by:  RHSA-2011:0392
    MD5: 7ed5bd7e2376a403e733737ca8f258ab
libtiff-3.6.1-10.x86_64.rpm
File outdated by:  RHSA-2011:0392
    MD5: e390b83c9f71ffedab52f7e53fe09827
libtiff-devel-3.6.1-10.x86_64.rpm
File outdated by:  RHSA-2011:0392
    MD5: 562f7e95d243e4d69cbe123eb14bf947
 
Red Hat Enterprise Linux AS (v. 2.1)

SRPMS:
libtiff-3.5.7-30.el2.1.src.rpm
File outdated by:  RHSA-2008:0863
    MD5: 87e92d44fcc7ce77758132833ad900cb
 
IA-32:
libtiff-3.5.7-30.el2.1.i386.rpm
File outdated by:  RHSA-2008:0863
    MD5: f551309d6c28a7116a54634908d57f9d
libtiff-devel-3.5.7-30.el2.1.i386.rpm
File outdated by:  RHSA-2008:0863
    MD5: 64aa285808fcd3e1d5e52e9c9c84e712
 
IA-64:
libtiff-3.5.7-30.el2.1.ia64.rpm
File outdated by:  RHSA-2008:0863
    MD5: 9274af2e436ec05555f326fc02293756
libtiff-devel-3.5.7-30.el2.1.ia64.rpm
File outdated by:  RHSA-2008:0863
    MD5: 93f02f4b82ab1e9a7d1e088cefc6bf82
 
Red Hat Enterprise Linux AS (v. 3)

SRPMS:
libtiff-3.5.7-25.el3.1.src.rpm
File outdated by:  RHSA-2010:0520
    MD5: 1490807b5d6fbda4ee076ea8f5680fee
 
IA-32:
libtiff-3.5.7-25.el3.1.i386.rpm
File outdated by:  RHSA-2010:0520
    MD5: 24db138a653e9c931fab2f6e78450c6f
libtiff-devel-3.5.7-25.el3.1.i386.rpm
File outdated by:  RHSA-2010:0520
    MD5: cfaef3999623396ab3024ebe7e38335b
 
IA-64:
libtiff-3.5.7-25.el3.1.i386.rpm
File outdated by:  RHSA-2010:0520
    MD5: 24db138a653e9c931fab2f6e78450c6f
libtiff-3.5.7-25.el3.1.ia64.rpm
File outdated by:  RHSA-2010:0520
    MD5: dcd1eae2ccb0544c5c63643ef51be812
libtiff-devel-3.5.7-25.el3.1.ia64.rpm
File outdated by:  RHSA-2010:0520
    MD5: 091a246db5120a322b0bf562d0b44142
 
PPC:
libtiff-3.5.7-25.el3.1.ppc.rpm
File outdated by:  RHSA-2010:0520
    MD5: 08d9bfb07060faabdc1eaf9f85557fd9
libtiff-3.5.7-25.el3.1.ppc64.rpm
File outdated by:  RHSA-2010:0520
    MD5: 9b6467e3e2ccc62833c17c103e94b3c9
libtiff-devel-3.5.7-25.el3.1.ppc.rpm
File outdated by:  RHSA-2010:0520
    MD5: e0b1e68eb2f3cf750ac5d690705735ea
 
s390:
libtiff-3.5.7-25.el3.1.s390.rpm
File outdated by:  RHSA-2010:0520
    MD5: b0c32ff31e6d57030137ceea7d62eb6b
libtiff-devel-3.5.7-25.el3.1.s390.rpm
File outdated by:  RHSA-2010:0520
    MD5: 268f9aceccf4f4436f5b84253abbf340
 
s390x:
libtiff-3.5.7-25.el3.1.s390.rpm
File outdated by:  RHSA-2010:0520
    MD5: b0c32ff31e6d57030137ceea7d62eb6b
libtiff-3.5.7-25.el3.1.s390x.rpm
File outdated by:  RHSA-2010:0520
    MD5: 108dbc6bc9a7c923ec735c64bc52ec71
libtiff-devel-3.5.7-25.el3.1.s390x.rpm
File outdated by:  RHSA-2010:0520
    MD5: a35d361c5b96ecb2fd13d0455294d18a
 
x86_64:
libtiff-3.5.7-25.el3.1.i386.rpm
File outdated by:  RHSA-2010:0520
    MD5: 24db138a653e9c931fab2f6e78450c6f
libtiff-3.5.7-25.el3.1.x86_64.rpm
File outdated by:  RHSA-2010:0520
    MD5: 7f9c8bb211fbdb36a0d45f80b4ba3a91
libtiff-devel-3.5.7-25.el3.1.x86_64.rpm
File outdated by:  RHSA-2010:0520
    MD5: 26133072ae5ea80696b2fdf5241c3d99
 
Red Hat Enterprise Linux AS (v. 4)

SRPMS:
libtiff-3.6.1-10.src.rpm
File outdated by:  RHSA-2011:0392
    MD5: f187e5faa4a9e9217decb8226ab1f320
 
IA-32:
libtiff-3.6.1-10.i386.rpm
File outdated by:  RHSA-2011:0392
    MD5: 7ed5bd7e2376a403e733737ca8f258ab
libtiff-devel-3.6.1-10.i386.rpm
File outdated by:  RHSA-2011:0392
    MD5: 65b8fe42255d336352887a472a5fb029
 
IA-64:
libtiff-3.6.1-10.i386.rpm
File outdated by:  RHSA-2011:0392
    MD5: 7ed5bd7e2376a403e733737ca8f258ab
libtiff-3.6.1-10.ia64.rpm
File outdated by:  RHSA-2011:0392
    MD5: 7c3512460660ced6b5c37cc824bf4f8c
libtiff-devel-3.6.1-10.ia64.rpm
File outdated by:  RHSA-2011:0392
    MD5: fe810c4f0117fff2a78dd12102e0fc5f
 
PPC:
libtiff-3.6.1-10.ppc.rpm
File outdated by:  RHSA-2011:0392
    MD5: 689acd25b3a5e061cfeba66ec7e4bb6b
libtiff-3.6.1-10.ppc64.rpm
File outdated by:  RHSA-2011:0392
    MD5: 832b748b65e89e395e67a371a4853190
libtiff-devel-3.6.1-10.ppc.rpm
File outdated by:  RHSA-2011:0392
    MD5: 11f03497cc931183e82b9ad134e6014d
 
s390:
libtiff-3.6.1-10.s390.rpm
File outdated by:  RHSA-2011:0392
    MD5: e673fb7053252c168b2b107181c466c8
libtiff-devel-3.6.1-10.s390.rpm
File outdated by:  RHSA-2011:0392
    MD5: 2df1d55c020d38bbd9c7ffbbf5673404
 
s390x:
libtiff-3.6.1-10.s390.rpm
File outdated by:  RHSA-2011:0392
    MD5: e673fb7053252c168b2b107181c466c8
libtiff-3.6.1-10.s390x.rpm
File outdated by:  RHSA-2011:0392
    MD5: 241d95f0cdb88ef26399bc7e6d5af764
libtiff-devel-3.6.1-10.s390x.rpm
File outdated by:  RHSA-2011:0392
    MD5: 03901241d37afb1c38835838076b34c1
 
x86_64:
libtiff-3.6.1-10.i386.rpm
File outdated by:  RHSA-2011:0392
    MD5: 7ed5bd7e2376a403e733737ca8f258ab
libtiff-3.6.1-10.x86_64.rpm
File outdated by:  RHSA-2011:0392
    MD5: e390b83c9f71ffedab52f7e53fe09827
libtiff-devel-3.6.1-10.x86_64.rpm
File outdated by:  RHSA-2011:0392
    MD5: 562f7e95d243e4d69cbe123eb14bf947
 
Red Hat Enterprise Linux ES (v. 2.1)

SRPMS:
libtiff-3.5.7-30.el2.1.src.rpm
File outdated by:  RHSA-2008:0863
    MD5: 87e92d44fcc7ce77758132833ad900cb
 
IA-32:
libtiff-3.5.7-30.el2.1.i386.rpm
File outdated by:  RHSA-2008:0863
    MD5: f551309d6c28a7116a54634908d57f9d
libtiff-devel-3.5.7-30.el2.1.i386.rpm
File outdated by:  RHSA-2008:0863
    MD5: 64aa285808fcd3e1d5e52e9c9c84e712
 
Red Hat Enterprise Linux ES (v. 3)

SRPMS:
libtiff-3.5.7-25.el3.1.src.rpm
File outdated by:  RHSA-2010:0520
    MD5: 1490807b5d6fbda4ee076ea8f5680fee
 
IA-32:
libtiff-3.5.7-25.el3.1.i386.rpm
File outdated by:  RHSA-2010:0520
    MD5: 24db138a653e9c931fab2f6e78450c6f
libtiff-devel-3.5.7-25.el3.1.i386.rpm
File outdated by:  RHSA-2010:0520
    MD5: cfaef3999623396ab3024ebe7e38335b
 
IA-64:
libtiff-3.5.7-25.el3.1.i386.rpm
File outdated by:  RHSA-2010:0520
    MD5: 24db138a653e9c931fab2f6e78450c6f
libtiff-3.5.7-25.el3.1.ia64.rpm
File outdated by:  RHSA-2010:0520
    MD5: dcd1eae2ccb0544c5c63643ef51be812
libtiff-devel-3.5.7-25.el3.1.ia64.rpm
File outdated by:  RHSA-2010:0520
    MD5: 091a246db5120a322b0bf562d0b44142
 
x86_64:
libtiff-3.5.7-25.el3.1.i386.rpm
File outdated by:  RHSA-2010:0520
    MD5: 24db138a653e9c931fab2f6e78450c6f
libtiff-3.5.7-25.el3.1.x86_64.rpm
File outdated by:  RHSA-2010:0520
    MD5: 7f9c8bb211fbdb36a0d45f80b4ba3a91
libtiff-devel-3.5.7-25.el3.1.x86_64.rpm
File outdated by:  RHSA-2010:0520
    MD5: 26133072ae5ea80696b2fdf5241c3d99
 
Red Hat Enterprise Linux ES (v. 4)

SRPMS:
libtiff-3.6.1-10.src.rpm
File outdated by:  RHSA-2011:0392
    MD5: f187e5faa4a9e9217decb8226ab1f320
 
IA-32:
libtiff-3.6.1-10.i386.rpm
File outdated by:  RHSA-2011:0392
    MD5: 7ed5bd7e2376a403e733737ca8f258ab
libtiff-devel-3.6.1-10.i386.rpm
File outdated by:  RHSA-2011:0392
    MD5: 65b8fe42255d336352887a472a5fb029
 
IA-64:
libtiff-3.6.1-10.i386.rpm
File outdated by:  RHSA-2011:0392
    MD5: 7ed5bd7e2376a403e733737ca8f258ab
libtiff-3.6.1-10.ia64.rpm
File outdated by:  RHSA-2011:0392
    MD5: 7c3512460660ced6b5c37cc824bf4f8c
libtiff-devel-3.6.1-10.ia64.rpm
File outdated by:  RHSA-2011:0392
    MD5: fe810c4f0117fff2a78dd12102e0fc5f
 
x86_64:
libtiff-3.6.1-10.i386.rpm
File outdated by:  RHSA-2011:0392
    MD5: 7ed5bd7e2376a403e733737ca8f258ab
libtiff-3.6.1-10.x86_64.rpm
File outdated by:  RHSA-2011:0392
    MD5: e390b83c9f71ffedab52f7e53fe09827
libtiff-devel-3.6.1-10.x86_64.rpm
File outdated by:  RHSA-2011:0392
    MD5: 562f7e95d243e4d69cbe123eb14bf947
 
Red Hat Enterprise Linux WS (v. 2.1)

SRPMS:
libtiff-3.5.7-30.el2.1.src.rpm
File outdated by:  RHSA-2008:0863
    MD5: 87e92d44fcc7ce77758132833ad900cb
 
IA-32:
libtiff-3.5.7-30.el2.1.i386.rpm
File outdated by:  RHSA-2008:0863
    MD5: f551309d6c28a7116a54634908d57f9d
libtiff-devel-3.5.7-30.el2.1.i386.rpm
File outdated by:  RHSA-2008:0863
    MD5: 64aa285808fcd3e1d5e52e9c9c84e712
 
Red Hat Enterprise Linux WS (v. 3)

SRPMS:
libtiff-3.5.7-25.el3.1.src.rpm
File outdated by:  RHSA-2010:0520
    MD5: 1490807b5d6fbda4ee076ea8f5680fee
 
IA-32:
libtiff-3.5.7-25.el3.1.i386.rpm
File outdated by:  RHSA-2010:0520
    MD5: 24db138a653e9c931fab2f6e78450c6f
libtiff-devel-3.5.7-25.el3.1.i386.rpm
File outdated by:  RHSA-2010:0520
    MD5: cfaef3999623396ab3024ebe7e38335b
 
IA-64:
libtiff-3.5.7-25.el3.1.i386.rpm
File outdated by:  RHSA-2010:0520
    MD5: 24db138a653e9c931fab2f6e78450c6f
libtiff-3.5.7-25.el3.1.ia64.rpm
File outdated by:  RHSA-2010:0520
    MD5: dcd1eae2ccb0544c5c63643ef51be812
libtiff-devel-3.5.7-25.el3.1.ia64.rpm
File outdated by:  RHSA-2010:0520
    MD5: 091a246db5120a322b0bf562d0b44142
 
x86_64:
libtiff-3.5.7-25.el3.1.i386.rpm
File outdated by:  RHSA-2010:0520
    MD5: 24db138a653e9c931fab2f6e78450c6f
libtiff-3.5.7-25.el3.1.x86_64.rpm
File outdated by:  RHSA-2010:0520
    MD5: 7f9c8bb211fbdb36a0d45f80b4ba3a91
libtiff-devel-3.5.7-25.el3.1.x86_64.rpm
File outdated by:  RHSA-2010:0520
    MD5: 26133072ae5ea80696b2fdf5241c3d99
 
Red Hat Enterprise Linux WS (v. 4)

SRPMS:
libtiff-3.6.1-10.src.rpm
File outdated by:  RHSA-2011:0392
    MD5: f187e5faa4a9e9217decb8226ab1f320
 
IA-32:
libtiff-3.6.1-10.i386.rpm
File outdated by:  RHSA-2011:0392
    MD5: 7ed5bd7e2376a403e733737ca8f258ab
libtiff-devel-3.6.1-10.i386.rpm
File outdated by:  RHSA-2011:0392
    MD5: 65b8fe42255d336352887a472a5fb029
 
IA-64:
libtiff-3.6.1-10.i386.rpm
File outdated by:  RHSA-2011:0392
    MD5: 7ed5bd7e2376a403e733737ca8f258ab
libtiff-3.6.1-10.ia64.rpm
File outdated by:  RHSA-2011:0392
    MD5: 7c3512460660ced6b5c37cc824bf4f8c
libtiff-devel-3.6.1-10.ia64.rpm
File outdated by:  RHSA-2011:0392
    MD5: fe810c4f0117fff2a78dd12102e0fc5f
 
x86_64:
libtiff-3.6.1-10.i386.rpm
File outdated by:  RHSA-2011:0392
    MD5: 7ed5bd7e2376a403e733737ca8f258ab
libtiff-3.6.1-10.x86_64.rpm
File outdated by:  RHSA-2011:0392
    MD5: e390b83c9f71ffedab52f7e53fe09827
libtiff-devel-3.6.1-10.x86_64.rpm
File outdated by:  RHSA-2011:0392
    MD5: 562f7e95d243e4d69cbe123eb14bf947
 
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor

SRPMS:
libtiff-3.5.7-30.el2.1.src.rpm
File outdated by:  RHSA-2008:0863
    MD5: 87e92d44fcc7ce77758132833ad900cb
 
IA-64:
libtiff-3.5.7-30.el2.1.ia64.rpm
File outdated by:  RHSA-2008:0863
    MD5: 9274af2e436ec05555f326fc02293756
libtiff-devel-3.5.7-30.el2.1.ia64.rpm
File outdated by:  RHSA-2008:0863
    MD5: 93f02f4b82ab1e9a7d1e088cefc6bf82
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

189933 - CVE-2006-2024 multiple libtiff issues (CVE-2006-2025, CVE-2006-2026)
189974 - CVE-2006-2120 libtiff DoS


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/