Security Advisory Moderate: libtiff security update

Advisory: RHSA-2014:0223-1
Type: Security Advisory
Severity: Moderate
Issued on: 2014-02-27
Last updated on: 2014-02-27
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
CVEs (cve.mitre.org): CVE-2013-1960
CVE-2013-1961
CVE-2013-4231
CVE-2013-4232
CVE-2013-4243
CVE-2013-4244

Details

Updated libtiff packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having Moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

The libtiff packages contain a library of functions for manipulating Tagged
Image File Format (TIFF) files.

A heap-based buffer overflow and a use-after-free flaw were found in the
tiff2pdf tool. An attacker could use these flaws to create a specially
crafted TIFF file that would cause tiff2pdf to crash or, possibly, execute
arbitrary code. (CVE-2013-1960, CVE-2013-4232)

Multiple buffer overflow flaws were found in the gif2tiff tool. An attacker
could use these flaws to create a specially crafted GIF file that could
cause gif2tiff to crash or, possibly, execute arbitrary code.
(CVE-2013-4231, CVE-2013-4243, CVE-2013-4244)

Multiple buffer overflow flaws were found in the tiff2pdf tool. An attacker
could use these flaws to create a specially crafted TIFF file that would
cause tiff2pdf to crash. (CVE-2013-1961)

Red Hat would like to thank Emmanuel Bouillon of NCI Agency for reporting
CVE-2013-1960 and CVE-2013-1961. The CVE-2013-4243 issue was discovered by
Murray McAllister of the Red Hat Security Response Team, and the
CVE-2013-4244 issue was discovered by Huzaifa Sidhpurwala of the Red Hat
Security Response Team.

All libtiff users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. All running
applications linked against libtiff must be restarted for this update to
take effect.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

Updated packages

RHEL Desktop Workstation (v. 5 client)

SRPMS:
libtiff-3.8.2-19.el5_10.src.rpm     MD5: e6b956163f48d678d5308a301f3d9c2e
SHA-256: 2bdaa87184cc2b113edd3cfebfe82ff55f7582a899c394c266edbe3f932ffdd4
 
IA-32:
libtiff-debuginfo-3.8.2-19.el5_10.i386.rpm     MD5: 9e9a211398875f0cedd9f5c6e3e646e7
SHA-256: 7612830c980b14439be6bdffc0eb8ce0a26c584a4ea27b8b073c7491d6953aa5
libtiff-devel-3.8.2-19.el5_10.i386.rpm     MD5: eda02bc852932339317c27f064812325
SHA-256: 09574889832c53f529b91669c3500c9f04e33f54fff8f8bb0fe487d9bc4d5181
 
x86_64:
libtiff-debuginfo-3.8.2-19.el5_10.i386.rpm     MD5: 9e9a211398875f0cedd9f5c6e3e646e7
SHA-256: 7612830c980b14439be6bdffc0eb8ce0a26c584a4ea27b8b073c7491d6953aa5
libtiff-debuginfo-3.8.2-19.el5_10.x86_64.rpm     MD5: a8724ab0486d3b419adac587210c3107
SHA-256: 839ecfb3097dab5c320c21a8e213dbb1ef5b872c7b26d62d598bed63f3680ede
libtiff-devel-3.8.2-19.el5_10.i386.rpm     MD5: eda02bc852932339317c27f064812325
SHA-256: 09574889832c53f529b91669c3500c9f04e33f54fff8f8bb0fe487d9bc4d5181
libtiff-devel-3.8.2-19.el5_10.x86_64.rpm     MD5: 3f075a00877139aa2d5fb938c47ae067
SHA-256: 944c6145636c4c3d29f5858318ce589acf7cfe9de4c926d569dababe16fd5427
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
libtiff-3.8.2-19.el5_10.src.rpm     MD5: e6b956163f48d678d5308a301f3d9c2e
SHA-256: 2bdaa87184cc2b113edd3cfebfe82ff55f7582a899c394c266edbe3f932ffdd4
 
IA-32:
libtiff-3.8.2-19.el5_10.i386.rpm     MD5: faeb163184617e6ad8e1a63e10e3fe07
SHA-256: b38dd64ef1efaf97d798926dedf1c51f675ab505a15b8c779395a633fb3542a7
libtiff-debuginfo-3.8.2-19.el5_10.i386.rpm     MD5: 9e9a211398875f0cedd9f5c6e3e646e7
SHA-256: 7612830c980b14439be6bdffc0eb8ce0a26c584a4ea27b8b073c7491d6953aa5
libtiff-devel-3.8.2-19.el5_10.i386.rpm     MD5: eda02bc852932339317c27f064812325
SHA-256: 09574889832c53f529b91669c3500c9f04e33f54fff8f8bb0fe487d9bc4d5181
 
IA-64:
libtiff-3.8.2-19.el5_10.i386.rpm     MD5: faeb163184617e6ad8e1a63e10e3fe07
SHA-256: b38dd64ef1efaf97d798926dedf1c51f675ab505a15b8c779395a633fb3542a7
libtiff-3.8.2-19.el5_10.ia64.rpm     MD5: fec8ecc5d47aa3810e7723f6c2e3c6fb
SHA-256: bea0865b1d105f1f1613a8d224234a6b6b70a7f1468185ab92a5c0f143e376ec
libtiff-debuginfo-3.8.2-19.el5_10.i386.rpm     MD5: 9e9a211398875f0cedd9f5c6e3e646e7
SHA-256: 7612830c980b14439be6bdffc0eb8ce0a26c584a4ea27b8b073c7491d6953aa5
libtiff-debuginfo-3.8.2-19.el5_10.ia64.rpm     MD5: 7e0a2a39efbb38fac858193f7cb14311
SHA-256: 8b6208a55e82c7d84a31e965563ef97b65fc3cc8114dbb26f61c43a8efaf71c9
libtiff-devel-3.8.2-19.el5_10.ia64.rpm     MD5: 798940b9ed1446ad9c1a52c2da2b3665
SHA-256: 90e793cc9bda84c5dd9eda9bb91a141e1bd39a348bc9601770d50fb83902f2b7
 
PPC:
libtiff-3.8.2-19.el5_10.ppc.rpm     MD5: cb0729e666ebc4462e858585e6a8ecd4
SHA-256: 9d5b0fdd807e0f72d7357dc068f996b65b9cca1a9651f08fa2de49fc6df89710
libtiff-3.8.2-19.el5_10.ppc64.rpm     MD5: 95e72306dd9e422968c2e9fcf6013d1a
SHA-256: 31722a17774004f814fb7ee7423575e35afd56660b49e083a8c54db606d6a726
libtiff-debuginfo-3.8.2-19.el5_10.ppc.rpm     MD5: 4ae806b1e6aecc79ebb3064b98793c2e
SHA-256: b7aa689b588d62f9aad8bc7580ad9b5ff7e4c39eddee741b8a25e81949259b40
libtiff-debuginfo-3.8.2-19.el5_10.ppc64.rpm     MD5: d4e4163faf566d1f20cbe3a054615fb3
SHA-256: aa425c500b08d935b4aa2e24fd4b61e0e944467a3603ace898dd8b78b5709b7c
libtiff-devel-3.8.2-19.el5_10.ppc.rpm     MD5: 2241371d8cfc081958341176b396c31e
SHA-256: 310de56559f04fed8b91af523a983fd5e72967ace042f5a7128172c4afbe57c4
libtiff-devel-3.8.2-19.el5_10.ppc64.rpm     MD5: 997a5cdf4ad6bb072376124ea5894e7a
SHA-256: 2e8e2d88cc254a741109b1baad9f68ff1a86610fa602573f3c11c015ecf58bb7
 
s390x:
libtiff-3.8.2-19.el5_10.s390.rpm     MD5: 23acf21e08823dbcb16fc1193e782711
SHA-256: f77aa718b1797fd11bacfa421f62b507dc8ca6b25d11fa903d84a48001311908
libtiff-3.8.2-19.el5_10.s390x.rpm     MD5: b4f1a2a17b12b47e3b5d16fba525ef73
SHA-256: a3ac0314accb9f402e1fb680a0529253884b1b505b671461df5aff662f1c980f
libtiff-debuginfo-3.8.2-19.el5_10.s390.rpm     MD5: 2e51a8be39e1e0f02b06d32019fde3bd
SHA-256: 0c0533c4d7593ca9715940b19779c8bdd9bf261c443e927ab3f042f7a75f48b5
libtiff-debuginfo-3.8.2-19.el5_10.s390x.rpm     MD5: 107300f1f3cfb82aa56a4cfecad4d0cf
SHA-256: 9dc5de6b7599b3a5f2e457d19a48a31f59806993d9e55a355c80598f714a4d3c
libtiff-devel-3.8.2-19.el5_10.s390.rpm     MD5: 9952d8e856b903937b611f83dee9cc08
SHA-256: 9508c22fd13f1945b36db2e80d5d05be8eaeab7ee23e476dcb85a45366342be2
libtiff-devel-3.8.2-19.el5_10.s390x.rpm     MD5: 3bc31d24635d7b6358d1b9dc23871feb
SHA-256: 094cba1340d61cd1c4a9954ce09ca894b58c48396071587641eae85550d8b031
 
x86_64:
libtiff-3.8.2-19.el5_10.i386.rpm     MD5: faeb163184617e6ad8e1a63e10e3fe07
SHA-256: b38dd64ef1efaf97d798926dedf1c51f675ab505a15b8c779395a633fb3542a7
libtiff-3.8.2-19.el5_10.x86_64.rpm     MD5: 8530635db05adeb5dbc5a4aba1ca6e3d
SHA-256: 4ae3edb471ccce8a87e0e9264c8a2cccbb8c9732aef451d6c81c0d6e6acf8d65
libtiff-debuginfo-3.8.2-19.el5_10.i386.rpm     MD5: 9e9a211398875f0cedd9f5c6e3e646e7
SHA-256: 7612830c980b14439be6bdffc0eb8ce0a26c584a4ea27b8b073c7491d6953aa5
libtiff-debuginfo-3.8.2-19.el5_10.x86_64.rpm     MD5: a8724ab0486d3b419adac587210c3107
SHA-256: 839ecfb3097dab5c320c21a8e213dbb1ef5b872c7b26d62d598bed63f3680ede
libtiff-devel-3.8.2-19.el5_10.i386.rpm     MD5: eda02bc852932339317c27f064812325
SHA-256: 09574889832c53f529b91669c3500c9f04e33f54fff8f8bb0fe487d9bc4d5181
libtiff-devel-3.8.2-19.el5_10.x86_64.rpm     MD5: 3f075a00877139aa2d5fb938c47ae067
SHA-256: 944c6145636c4c3d29f5858318ce589acf7cfe9de4c926d569dababe16fd5427
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
libtiff-3.8.2-19.el5_10.src.rpm     MD5: e6b956163f48d678d5308a301f3d9c2e
SHA-256: 2bdaa87184cc2b113edd3cfebfe82ff55f7582a899c394c266edbe3f932ffdd4
 
IA-32:
libtiff-3.8.2-19.el5_10.i386.rpm     MD5: faeb163184617e6ad8e1a63e10e3fe07
SHA-256: b38dd64ef1efaf97d798926dedf1c51f675ab505a15b8c779395a633fb3542a7
libtiff-debuginfo-3.8.2-19.el5_10.i386.rpm     MD5: 9e9a211398875f0cedd9f5c6e3e646e7
SHA-256: 7612830c980b14439be6bdffc0eb8ce0a26c584a4ea27b8b073c7491d6953aa5
 
x86_64:
libtiff-3.8.2-19.el5_10.i386.rpm     MD5: faeb163184617e6ad8e1a63e10e3fe07
SHA-256: b38dd64ef1efaf97d798926dedf1c51f675ab505a15b8c779395a633fb3542a7
libtiff-3.8.2-19.el5_10.x86_64.rpm     MD5: 8530635db05adeb5dbc5a4aba1ca6e3d
SHA-256: 4ae3edb471ccce8a87e0e9264c8a2cccbb8c9732aef451d6c81c0d6e6acf8d65
libtiff-debuginfo-3.8.2-19.el5_10.i386.rpm     MD5: 9e9a211398875f0cedd9f5c6e3e646e7
SHA-256: 7612830c980b14439be6bdffc0eb8ce0a26c584a4ea27b8b073c7491d6953aa5
libtiff-debuginfo-3.8.2-19.el5_10.x86_64.rpm     MD5: a8724ab0486d3b419adac587210c3107
SHA-256: 839ecfb3097dab5c320c21a8e213dbb1ef5b872c7b26d62d598bed63f3680ede
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

952131 - CVE-2013-1961 libtiff (tiff2pdf): Stack-based buffer overflow with malformed image-length and resolution
952158 - CVE-2013-1960 libtiff (tiff2pdf): Heap-based buffer overflow in t2_process_jpeg_strip()
995965 - CVE-2013-4231 libtiff (gif2tiff): GIF LZW decoder missing datasize value check
995975 - CVE-2013-4232 libtiff (tiff2pdf): use-after-free in t2p_readwrite_pdf_image()
996052 - CVE-2013-4243 libtiff (gif2tiff): possible heap-based buffer overflow in readgifimage()
996468 - CVE-2013-4244 libtiff (gif2tiff): OOB Write in LZW decompressor


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/