Security Advisory Moderate: libtiff security update

Advisory: RHSA-2014:0222-1
Type: Security Advisory
Severity: Moderate
Issued on: 2014-02-27
Last updated on: 2014-02-27
Affected Products: Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux HPC Node (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Server AUS (v. 6.5)
Red Hat Enterprise Linux Server EUS (v. 6.5.z)
Red Hat Enterprise Linux Workstation (v. 6)
CVEs (cve.mitre.org): CVE-2010-2596
CVE-2013-1960
CVE-2013-1961
CVE-2013-4231
CVE-2013-4232
CVE-2013-4243
CVE-2013-4244

Details

Updated libtiff packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having Moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

The libtiff packages contain a library of functions for manipulating Tagged
Image File Format (TIFF) files.

A heap-based buffer overflow and a use-after-free flaw were found in the
tiff2pdf tool. An attacker could use these flaws to create a specially
crafted TIFF file that would cause tiff2pdf to crash or, possibly, execute
arbitrary code. (CVE-2013-1960, CVE-2013-4232)

Multiple buffer overflow flaws were found in the gif2tiff tool. An attacker
could use these flaws to create a specially crafted GIF file that could
cause gif2tiff to crash or, possibly, execute arbitrary code.
(CVE-2013-4231, CVE-2013-4243, CVE-2013-4244)

A flaw was found in the way libtiff handled OJPEG-encoded TIFF images. An
attacker could use this flaw to create a specially crafted TIFF file that
would cause an application using libtiff to crash. (CVE-2010-2596)

Multiple buffer overflow flaws were found in the tiff2pdf tool. An attacker
could use these flaws to create a specially crafted TIFF file that would
cause tiff2pdf to crash. (CVE-2013-1961)

Red Hat would like to thank Emmanuel Bouillon of NCI Agency for reporting
CVE-2013-1960 and CVE-2013-1961. The CVE-2013-4243 issue was discovered by
Murray McAllister of the Red Hat Security Response Team, and the
CVE-2013-4244 issue was discovered by Huzaifa Sidhpurwala of the Red Hat
Security Response Team.

All libtiff users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. All running
applications linked against libtiff must be restarted for this update to
take effect.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

Updated packages

Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
libtiff-3.9.4-10.el6_5.src.rpm     MD5: 7952936402ab65fad018f96dbb9361b8
SHA-256: c8089dd4f0a84329740b2b570d22f9ab52bc0b3de14c0f2bf469bcdffd42e732
 
IA-32:
libtiff-3.9.4-10.el6_5.i686.rpm     MD5: 6c7a0d480e9b80c7fa6bb89fb380851d
SHA-256: 24f3d3cc5a3a81dee91b94b20b362b0fb2da466ceb2dd2e2f3b7743b0e3545ff
libtiff-debuginfo-3.9.4-10.el6_5.i686.rpm     MD5: f143f3f36778796715ab44d07a035a4a
SHA-256: 90659c946070e29179f5cd116dbb7a5fa072de3828cc3c2c40aa5e7d76366909
libtiff-devel-3.9.4-10.el6_5.i686.rpm     MD5: 014e4f3157a1e5f832b2eda10c805133
SHA-256: fda4e0492936b8c0b33364742b2dfd72856369e6f467849021e19b016350ea30
libtiff-static-3.9.4-10.el6_5.i686.rpm     MD5: 4ed78613db7006c6962f8640a0d10214
SHA-256: 9ca5d687cf6384b7c7b499835f91cb5f4648a14d6dc91235bc1b22847b08bea4
 
x86_64:
libtiff-3.9.4-10.el6_5.i686.rpm     MD5: 6c7a0d480e9b80c7fa6bb89fb380851d
SHA-256: 24f3d3cc5a3a81dee91b94b20b362b0fb2da466ceb2dd2e2f3b7743b0e3545ff
libtiff-3.9.4-10.el6_5.x86_64.rpm     MD5: f907fe2bce325555d559aa3f765dbcba
SHA-256: 7dcf0302241e02aa9fd759d8efd02cf1454fd11dc0b975687c07f19850fefa95
libtiff-debuginfo-3.9.4-10.el6_5.i686.rpm     MD5: f143f3f36778796715ab44d07a035a4a
SHA-256: 90659c946070e29179f5cd116dbb7a5fa072de3828cc3c2c40aa5e7d76366909
libtiff-debuginfo-3.9.4-10.el6_5.x86_64.rpm     MD5: 026296e8ce5f0f5e34556be3a1d7f45a
SHA-256: 0c6e60669e268478f2ebd714fbe941a239707751de650bd1620670936699f782
libtiff-devel-3.9.4-10.el6_5.i686.rpm     MD5: 014e4f3157a1e5f832b2eda10c805133
SHA-256: fda4e0492936b8c0b33364742b2dfd72856369e6f467849021e19b016350ea30
libtiff-devel-3.9.4-10.el6_5.x86_64.rpm     MD5: 6be880dabeb3e0dada3513ce80fe9305
SHA-256: 18593973b52a7704743e328a43f4a211babb6367a11afaa56561e2c80a15a8b8
libtiff-static-3.9.4-10.el6_5.x86_64.rpm     MD5: a2656a4e389e477f8515853b4137ca1e
SHA-256: 8a8fea9a8f0537ef506deaa9f4b9c882e128c66eefbea6eb49bf4c523d17e30b
 
Red Hat Enterprise Linux HPC Node (v. 6)

SRPMS:
libtiff-3.9.4-10.el6_5.src.rpm     MD5: 7952936402ab65fad018f96dbb9361b8
SHA-256: c8089dd4f0a84329740b2b570d22f9ab52bc0b3de14c0f2bf469bcdffd42e732
 
x86_64:
libtiff-3.9.4-10.el6_5.i686.rpm     MD5: 6c7a0d480e9b80c7fa6bb89fb380851d
SHA-256: 24f3d3cc5a3a81dee91b94b20b362b0fb2da466ceb2dd2e2f3b7743b0e3545ff
libtiff-3.9.4-10.el6_5.x86_64.rpm     MD5: f907fe2bce325555d559aa3f765dbcba
SHA-256: 7dcf0302241e02aa9fd759d8efd02cf1454fd11dc0b975687c07f19850fefa95
libtiff-debuginfo-3.9.4-10.el6_5.i686.rpm     MD5: f143f3f36778796715ab44d07a035a4a
SHA-256: 90659c946070e29179f5cd116dbb7a5fa072de3828cc3c2c40aa5e7d76366909
libtiff-debuginfo-3.9.4-10.el6_5.x86_64.rpm     MD5: 026296e8ce5f0f5e34556be3a1d7f45a
SHA-256: 0c6e60669e268478f2ebd714fbe941a239707751de650bd1620670936699f782
libtiff-devel-3.9.4-10.el6_5.i686.rpm     MD5: 014e4f3157a1e5f832b2eda10c805133
SHA-256: fda4e0492936b8c0b33364742b2dfd72856369e6f467849021e19b016350ea30
libtiff-devel-3.9.4-10.el6_5.x86_64.rpm     MD5: 6be880dabeb3e0dada3513ce80fe9305
SHA-256: 18593973b52a7704743e328a43f4a211babb6367a11afaa56561e2c80a15a8b8
libtiff-static-3.9.4-10.el6_5.x86_64.rpm     MD5: a2656a4e389e477f8515853b4137ca1e
SHA-256: 8a8fea9a8f0537ef506deaa9f4b9c882e128c66eefbea6eb49bf4c523d17e30b
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
libtiff-3.9.4-10.el6_5.src.rpm     MD5: 7952936402ab65fad018f96dbb9361b8
SHA-256: c8089dd4f0a84329740b2b570d22f9ab52bc0b3de14c0f2bf469bcdffd42e732
 
IA-32:
libtiff-3.9.4-10.el6_5.i686.rpm     MD5: 6c7a0d480e9b80c7fa6bb89fb380851d
SHA-256: 24f3d3cc5a3a81dee91b94b20b362b0fb2da466ceb2dd2e2f3b7743b0e3545ff
libtiff-debuginfo-3.9.4-10.el6_5.i686.rpm     MD5: f143f3f36778796715ab44d07a035a4a
SHA-256: 90659c946070e29179f5cd116dbb7a5fa072de3828cc3c2c40aa5e7d76366909
libtiff-devel-3.9.4-10.el6_5.i686.rpm     MD5: 014e4f3157a1e5f832b2eda10c805133
SHA-256: fda4e0492936b8c0b33364742b2dfd72856369e6f467849021e19b016350ea30
libtiff-static-3.9.4-10.el6_5.i686.rpm     MD5: 4ed78613db7006c6962f8640a0d10214
SHA-256: 9ca5d687cf6384b7c7b499835f91cb5f4648a14d6dc91235bc1b22847b08bea4
 
PPC:
libtiff-3.9.4-10.el6_5.ppc.rpm     MD5: 0bdddea9b7763ab7e98ff9364ef4c5a9
SHA-256: 03a0a6f1fb08f8831c31d543a29f918c709817e0b9d85c40b6ca8e2f4a3731fe
libtiff-3.9.4-10.el6_5.ppc64.rpm     MD5: 7bcad1d429716805e41b4fa332b015e1
SHA-256: e99b100fc77af5c872d9f7b29a832b09069d35a152a956f72a73985b731ab51d
libtiff-debuginfo-3.9.4-10.el6_5.ppc.rpm     MD5: a4f37a3c4e7e0f2eb2798f9a12e74562
SHA-256: b82fe89088d2fa2ad1f94d20d894e75c8d585e9cdf3f29723e8c14cd02322a1f
libtiff-debuginfo-3.9.4-10.el6_5.ppc64.rpm     MD5: c34d1aec99f55844aed2b4c70c3f4ca9
SHA-256: 8d60c69470e9c521059827ea442069483f95c01c60ca8e8ae0f2b90a9a27dfcf
libtiff-devel-3.9.4-10.el6_5.ppc.rpm     MD5: 2ff7050c307742654edeebf09eb3f904
SHA-256: ce88bdd8b316ac33c264becd929b91edd0608b401dea1405203b4e8d8bde04cf
libtiff-devel-3.9.4-10.el6_5.ppc64.rpm     MD5: 82613aa8ddb07dedbb2b4f12be5e2325
SHA-256: 2fcdd9270de740458260e5680eb39da1b1d8c5b4c61a5b36998a148600c4ff35
libtiff-static-3.9.4-10.el6_5.ppc64.rpm     MD5: 7e665f50fb6f94736dcbaf7734784d2d
SHA-256: 6274a78cbfe0da6c255eecd414b777b98312280c91dbffaf50b04e3b0f8f9e60
 
s390x:
libtiff-3.9.4-10.el6_5.s390.rpm     MD5: 38a36e1cbee6d6995922be786357fa50
SHA-256: 876100fd56a80c12143031abd46cc633264f31db181496e84b3e5420a55cc398
libtiff-3.9.4-10.el6_5.s390x.rpm     MD5: 934f99573f557af415189b81a894a1d3
SHA-256: 4adfc80500e6b95f97855b257b4aeba62a7a2aef3022a0dfe07f1c9a59574eab
libtiff-debuginfo-3.9.4-10.el6_5.s390.rpm     MD5: 30a454ddd5c2dbfceb30d4eac969b872
SHA-256: 552b8c94087f1e06e794575e6c8e0595da55f4c09d0fda1dd8d51d10e9a94f88
libtiff-debuginfo-3.9.4-10.el6_5.s390x.rpm     MD5: 8d1c8a72b9309ceca59e87986c9c3426
SHA-256: 42a9665d84af308ec26f6c31cde4d6c5ea80e1c6b9dc412b652bf264170ff8e5
libtiff-devel-3.9.4-10.el6_5.s390.rpm     MD5: b46587d03b6ef54f9bb4527321380f0f
SHA-256: ada468e49ca27373e1e979d4635c7d01ecf031338687fb726ae14b597c38ac21
libtiff-devel-3.9.4-10.el6_5.s390x.rpm     MD5: c849d1473ac6bf5e053186ee00920e5f
SHA-256: 260c8cdf5b6e9416d13e2ca63b4f64a396c6e89d2993d4eb36e8b87a7e068502
libtiff-static-3.9.4-10.el6_5.s390x.rpm     MD5: ab17f23d8f9730d4f38986261f5a799c
SHA-256: 18d23025210f3dc30098e024ee7d54de71588e5d7d6c7cfee62795ac46201916
 
x86_64:
libtiff-3.9.4-10.el6_5.i686.rpm     MD5: 6c7a0d480e9b80c7fa6bb89fb380851d
SHA-256: 24f3d3cc5a3a81dee91b94b20b362b0fb2da466ceb2dd2e2f3b7743b0e3545ff
libtiff-3.9.4-10.el6_5.x86_64.rpm     MD5: f907fe2bce325555d559aa3f765dbcba
SHA-256: 7dcf0302241e02aa9fd759d8efd02cf1454fd11dc0b975687c07f19850fefa95
libtiff-debuginfo-3.9.4-10.el6_5.i686.rpm     MD5: f143f3f36778796715ab44d07a035a4a
SHA-256: 90659c946070e29179f5cd116dbb7a5fa072de3828cc3c2c40aa5e7d76366909
libtiff-debuginfo-3.9.4-10.el6_5.x86_64.rpm     MD5: 026296e8ce5f0f5e34556be3a1d7f45a
SHA-256: 0c6e60669e268478f2ebd714fbe941a239707751de650bd1620670936699f782
libtiff-devel-3.9.4-10.el6_5.i686.rpm     MD5: 014e4f3157a1e5f832b2eda10c805133
SHA-256: fda4e0492936b8c0b33364742b2dfd72856369e6f467849021e19b016350ea30
libtiff-devel-3.9.4-10.el6_5.x86_64.rpm     MD5: 6be880dabeb3e0dada3513ce80fe9305
SHA-256: 18593973b52a7704743e328a43f4a211babb6367a11afaa56561e2c80a15a8b8
libtiff-static-3.9.4-10.el6_5.x86_64.rpm     MD5: a2656a4e389e477f8515853b4137ca1e
SHA-256: 8a8fea9a8f0537ef506deaa9f4b9c882e128c66eefbea6eb49bf4c523d17e30b
 
Red Hat Enterprise Linux Server AUS (v. 6.5)

SRPMS:
libtiff-3.9.4-10.el6_5.src.rpm     MD5: 7952936402ab65fad018f96dbb9361b8
SHA-256: c8089dd4f0a84329740b2b570d22f9ab52bc0b3de14c0f2bf469bcdffd42e732
 
x86_64:
libtiff-3.9.4-10.el6_5.i686.rpm     MD5: 6c7a0d480e9b80c7fa6bb89fb380851d
SHA-256: 24f3d3cc5a3a81dee91b94b20b362b0fb2da466ceb2dd2e2f3b7743b0e3545ff
libtiff-3.9.4-10.el6_5.x86_64.rpm     MD5: f907fe2bce325555d559aa3f765dbcba
SHA-256: 7dcf0302241e02aa9fd759d8efd02cf1454fd11dc0b975687c07f19850fefa95
libtiff-debuginfo-3.9.4-10.el6_5.i686.rpm     MD5: f143f3f36778796715ab44d07a035a4a
SHA-256: 90659c946070e29179f5cd116dbb7a5fa072de3828cc3c2c40aa5e7d76366909
libtiff-debuginfo-3.9.4-10.el6_5.x86_64.rpm     MD5: 026296e8ce5f0f5e34556be3a1d7f45a
SHA-256: 0c6e60669e268478f2ebd714fbe941a239707751de650bd1620670936699f782
libtiff-devel-3.9.4-10.el6_5.i686.rpm     MD5: 014e4f3157a1e5f832b2eda10c805133
SHA-256: fda4e0492936b8c0b33364742b2dfd72856369e6f467849021e19b016350ea30
libtiff-devel-3.9.4-10.el6_5.x86_64.rpm     MD5: 6be880dabeb3e0dada3513ce80fe9305
SHA-256: 18593973b52a7704743e328a43f4a211babb6367a11afaa56561e2c80a15a8b8
libtiff-static-3.9.4-10.el6_5.x86_64.rpm     MD5: a2656a4e389e477f8515853b4137ca1e
SHA-256: 8a8fea9a8f0537ef506deaa9f4b9c882e128c66eefbea6eb49bf4c523d17e30b
 
Red Hat Enterprise Linux Server EUS (v. 6.5.z)

SRPMS:
libtiff-3.9.4-10.el6_5.src.rpm     MD5: 7952936402ab65fad018f96dbb9361b8
SHA-256: c8089dd4f0a84329740b2b570d22f9ab52bc0b3de14c0f2bf469bcdffd42e732
 
IA-32:
libtiff-3.9.4-10.el6_5.i686.rpm     MD5: 6c7a0d480e9b80c7fa6bb89fb380851d
SHA-256: 24f3d3cc5a3a81dee91b94b20b362b0fb2da466ceb2dd2e2f3b7743b0e3545ff
libtiff-debuginfo-3.9.4-10.el6_5.i686.rpm     MD5: f143f3f36778796715ab44d07a035a4a
SHA-256: 90659c946070e29179f5cd116dbb7a5fa072de3828cc3c2c40aa5e7d76366909
libtiff-devel-3.9.4-10.el6_5.i686.rpm     MD5: 014e4f3157a1e5f832b2eda10c805133
SHA-256: fda4e0492936b8c0b33364742b2dfd72856369e6f467849021e19b016350ea30
libtiff-static-3.9.4-10.el6_5.i686.rpm     MD5: 4ed78613db7006c6962f8640a0d10214
SHA-256: 9ca5d687cf6384b7c7b499835f91cb5f4648a14d6dc91235bc1b22847b08bea4
 
PPC:
libtiff-3.9.4-10.el6_5.ppc.rpm     MD5: 0bdddea9b7763ab7e98ff9364ef4c5a9
SHA-256: 03a0a6f1fb08f8831c31d543a29f918c709817e0b9d85c40b6ca8e2f4a3731fe
libtiff-3.9.4-10.el6_5.ppc64.rpm     MD5: 7bcad1d429716805e41b4fa332b015e1
SHA-256: e99b100fc77af5c872d9f7b29a832b09069d35a152a956f72a73985b731ab51d
libtiff-debuginfo-3.9.4-10.el6_5.ppc.rpm     MD5: a4f37a3c4e7e0f2eb2798f9a12e74562
SHA-256: b82fe89088d2fa2ad1f94d20d894e75c8d585e9cdf3f29723e8c14cd02322a1f
libtiff-debuginfo-3.9.4-10.el6_5.ppc64.rpm     MD5: c34d1aec99f55844aed2b4c70c3f4ca9
SHA-256: 8d60c69470e9c521059827ea442069483f95c01c60ca8e8ae0f2b90a9a27dfcf
libtiff-devel-3.9.4-10.el6_5.ppc.rpm     MD5: 2ff7050c307742654edeebf09eb3f904
SHA-256: ce88bdd8b316ac33c264becd929b91edd0608b401dea1405203b4e8d8bde04cf
libtiff-devel-3.9.4-10.el6_5.ppc64.rpm     MD5: 82613aa8ddb07dedbb2b4f12be5e2325
SHA-256: 2fcdd9270de740458260e5680eb39da1b1d8c5b4c61a5b36998a148600c4ff35
libtiff-static-3.9.4-10.el6_5.ppc64.rpm     MD5: 7e665f50fb6f94736dcbaf7734784d2d
SHA-256: 6274a78cbfe0da6c255eecd414b777b98312280c91dbffaf50b04e3b0f8f9e60
 
s390x:
libtiff-3.9.4-10.el6_5.s390.rpm     MD5: 38a36e1cbee6d6995922be786357fa50
SHA-256: 876100fd56a80c12143031abd46cc633264f31db181496e84b3e5420a55cc398
libtiff-3.9.4-10.el6_5.s390x.rpm     MD5: 934f99573f557af415189b81a894a1d3
SHA-256: 4adfc80500e6b95f97855b257b4aeba62a7a2aef3022a0dfe07f1c9a59574eab
libtiff-debuginfo-3.9.4-10.el6_5.s390.rpm     MD5: 30a454ddd5c2dbfceb30d4eac969b872
SHA-256: 552b8c94087f1e06e794575e6c8e0595da55f4c09d0fda1dd8d51d10e9a94f88
libtiff-debuginfo-3.9.4-10.el6_5.s390x.rpm     MD5: 8d1c8a72b9309ceca59e87986c9c3426
SHA-256: 42a9665d84af308ec26f6c31cde4d6c5ea80e1c6b9dc412b652bf264170ff8e5
libtiff-devel-3.9.4-10.el6_5.s390.rpm     MD5: b46587d03b6ef54f9bb4527321380f0f
SHA-256: ada468e49ca27373e1e979d4635c7d01ecf031338687fb726ae14b597c38ac21
libtiff-devel-3.9.4-10.el6_5.s390x.rpm     MD5: c849d1473ac6bf5e053186ee00920e5f
SHA-256: 260c8cdf5b6e9416d13e2ca63b4f64a396c6e89d2993d4eb36e8b87a7e068502
libtiff-static-3.9.4-10.el6_5.s390x.rpm     MD5: ab17f23d8f9730d4f38986261f5a799c
SHA-256: 18d23025210f3dc30098e024ee7d54de71588e5d7d6c7cfee62795ac46201916
 
x86_64:
libtiff-3.9.4-10.el6_5.i686.rpm     MD5: 6c7a0d480e9b80c7fa6bb89fb380851d
SHA-256: 24f3d3cc5a3a81dee91b94b20b362b0fb2da466ceb2dd2e2f3b7743b0e3545ff
libtiff-3.9.4-10.el6_5.x86_64.rpm     MD5: f907fe2bce325555d559aa3f765dbcba
SHA-256: 7dcf0302241e02aa9fd759d8efd02cf1454fd11dc0b975687c07f19850fefa95
libtiff-debuginfo-3.9.4-10.el6_5.i686.rpm     MD5: f143f3f36778796715ab44d07a035a4a
SHA-256: 90659c946070e29179f5cd116dbb7a5fa072de3828cc3c2c40aa5e7d76366909
libtiff-debuginfo-3.9.4-10.el6_5.x86_64.rpm     MD5: 026296e8ce5f0f5e34556be3a1d7f45a
SHA-256: 0c6e60669e268478f2ebd714fbe941a239707751de650bd1620670936699f782
libtiff-devel-3.9.4-10.el6_5.i686.rpm     MD5: 014e4f3157a1e5f832b2eda10c805133
SHA-256: fda4e0492936b8c0b33364742b2dfd72856369e6f467849021e19b016350ea30
libtiff-devel-3.9.4-10.el6_5.x86_64.rpm     MD5: 6be880dabeb3e0dada3513ce80fe9305
SHA-256: 18593973b52a7704743e328a43f4a211babb6367a11afaa56561e2c80a15a8b8
libtiff-static-3.9.4-10.el6_5.x86_64.rpm     MD5: a2656a4e389e477f8515853b4137ca1e
SHA-256: 8a8fea9a8f0537ef506deaa9f4b9c882e128c66eefbea6eb49bf4c523d17e30b
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
libtiff-3.9.4-10.el6_5.src.rpm     MD5: 7952936402ab65fad018f96dbb9361b8
SHA-256: c8089dd4f0a84329740b2b570d22f9ab52bc0b3de14c0f2bf469bcdffd42e732
 
IA-32:
libtiff-3.9.4-10.el6_5.i686.rpm     MD5: 6c7a0d480e9b80c7fa6bb89fb380851d
SHA-256: 24f3d3cc5a3a81dee91b94b20b362b0fb2da466ceb2dd2e2f3b7743b0e3545ff
libtiff-debuginfo-3.9.4-10.el6_5.i686.rpm     MD5: f143f3f36778796715ab44d07a035a4a
SHA-256: 90659c946070e29179f5cd116dbb7a5fa072de3828cc3c2c40aa5e7d76366909
libtiff-devel-3.9.4-10.el6_5.i686.rpm     MD5: 014e4f3157a1e5f832b2eda10c805133
SHA-256: fda4e0492936b8c0b33364742b2dfd72856369e6f467849021e19b016350ea30
libtiff-static-3.9.4-10.el6_5.i686.rpm     MD5: 4ed78613db7006c6962f8640a0d10214
SHA-256: 9ca5d687cf6384b7c7b499835f91cb5f4648a14d6dc91235bc1b22847b08bea4
 
x86_64:
libtiff-3.9.4-10.el6_5.i686.rpm     MD5: 6c7a0d480e9b80c7fa6bb89fb380851d
SHA-256: 24f3d3cc5a3a81dee91b94b20b362b0fb2da466ceb2dd2e2f3b7743b0e3545ff
libtiff-3.9.4-10.el6_5.x86_64.rpm     MD5: f907fe2bce325555d559aa3f765dbcba
SHA-256: 7dcf0302241e02aa9fd759d8efd02cf1454fd11dc0b975687c07f19850fefa95
libtiff-debuginfo-3.9.4-10.el6_5.i686.rpm     MD5: f143f3f36778796715ab44d07a035a4a
SHA-256: 90659c946070e29179f5cd116dbb7a5fa072de3828cc3c2c40aa5e7d76366909
libtiff-debuginfo-3.9.4-10.el6_5.x86_64.rpm     MD5: 026296e8ce5f0f5e34556be3a1d7f45a
SHA-256: 0c6e60669e268478f2ebd714fbe941a239707751de650bd1620670936699f782
libtiff-devel-3.9.4-10.el6_5.i686.rpm     MD5: 014e4f3157a1e5f832b2eda10c805133
SHA-256: fda4e0492936b8c0b33364742b2dfd72856369e6f467849021e19b016350ea30
libtiff-devel-3.9.4-10.el6_5.x86_64.rpm     MD5: 6be880dabeb3e0dada3513ce80fe9305
SHA-256: 18593973b52a7704743e328a43f4a211babb6367a11afaa56561e2c80a15a8b8
libtiff-static-3.9.4-10.el6_5.x86_64.rpm     MD5: a2656a4e389e477f8515853b4137ca1e
SHA-256: 8a8fea9a8f0537ef506deaa9f4b9c882e128c66eefbea6eb49bf4c523d17e30b
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

610759 - CVE-2010-2596 libtiff: assertion failure on downsampled OJPEG file
952131 - CVE-2013-1961 libtiff (tiff2pdf): Stack-based buffer overflow with malformed image-length and resolution
952158 - CVE-2013-1960 libtiff (tiff2pdf): Heap-based buffer overflow in t2_process_jpeg_strip()
995965 - CVE-2013-4231 libtiff (gif2tiff): GIF LZW decoder missing datasize value check
995975 - CVE-2013-4232 libtiff (tiff2pdf): use-after-free in t2p_readwrite_pdf_image()
996052 - CVE-2013-4243 libtiff (gif2tiff): possible heap-based buffer overflow in readgifimage()
996468 - CVE-2013-4244 libtiff (gif2tiff): OOB Write in LZW decompressor


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/