Issued:
2006-05-09
Updated:
2006-05-09

RHSA-2006:0425 - Security Advisory

Synopsis

libtiff security update

Type/Severity

Security Advisory: Important

Topic

Updated libtiff packages that fix several security flaws are now available
for Red Hat Enterprise Linux.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

Description

The libtiff package contains a library of functions for manipulating TIFF
(Tagged Image File Format) image format files.

An integer overflow flaw was discovered in libtiff. An attacker could
create a carefully crafted TIFF file in such a way that it could cause an
application linked with libtiff to crash or possibly execute arbitrary
code. (CVE-2006-2025)

A double free flaw was discovered in libtiff. An attacker could create a
carefully crafted TIFF file in such a way that it could cause an
application linked with libtiff to crash or possibly execute arbitrary
code. (CVE-2006-2026)

Several denial of service flaws were discovered in libtiff. An attacker
could create a carefully crafted TIFF file in such a way that it could
cause an application linked with libtiff to crash. (CVE-2006-2024,
CVE-2006-2120)

All users are advised to upgrade to these updated packages, which contain
backported fixes for these issues.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Affected Products

  • Red Hat Enterprise Linux Server 4 x86_64
  • Red Hat Enterprise Linux Server 4 ia64
  • Red Hat Enterprise Linux Server 4 i386
  • Red Hat Enterprise Linux Server 3 x86_64
  • Red Hat Enterprise Linux Server 3 ia64
  • Red Hat Enterprise Linux Server 3 i386
  • Red Hat Enterprise Linux Server 2 ia64
  • Red Hat Enterprise Linux Server 2 i386
  • Red Hat Enterprise Linux Workstation 4 x86_64
  • Red Hat Enterprise Linux Workstation 4 ia64
  • Red Hat Enterprise Linux Workstation 4 i386
  • Red Hat Enterprise Linux Workstation 3 x86_64
  • Red Hat Enterprise Linux Workstation 3 ia64
  • Red Hat Enterprise Linux Workstation 3 i386
  • Red Hat Enterprise Linux Workstation 2 ia64
  • Red Hat Enterprise Linux Workstation 2 i386
  • Red Hat Enterprise Linux Desktop 4 x86_64
  • Red Hat Enterprise Linux Desktop 4 i386
  • Red Hat Enterprise Linux Desktop 3 x86_64
  • Red Hat Enterprise Linux Desktop 3 i386
  • Red Hat Enterprise Linux for IBM z Systems 4 s390x
  • Red Hat Enterprise Linux for IBM z Systems 4 s390
  • Red Hat Enterprise Linux for IBM z Systems 3 s390x
  • Red Hat Enterprise Linux for IBM z Systems 3 s390
  • Red Hat Enterprise Linux for Power, big endian 4 ppc
  • Red Hat Enterprise Linux for Power, big endian 3 ppc

Fixes

  • BZ - 189933 - CVE-2006-2024 multiple libtiff issues (CVE-2006-2025, CVE-2006-2026)
  • BZ - 189974 - CVE-2006-2120 libtiff DoS

CVEs

References

Red Hat Enterprise Linux Server 4

SRPM
x86_64
libtiff-3.6.1-10.i386.rpm SHA-256: 480a361154deaf39d20de5cea80dc18b13522299ca408f7b96ca4a7186fd2a2b
libtiff-3.6.1-10.i386.rpm SHA-256: 480a361154deaf39d20de5cea80dc18b13522299ca408f7b96ca4a7186fd2a2b
libtiff-3.6.1-10.x86_64.rpm SHA-256: 76e4d89c875e8894691b05b66e4854e7d7d371a086a08af29270961ae2a92c4b
libtiff-3.6.1-10.x86_64.rpm SHA-256: 76e4d89c875e8894691b05b66e4854e7d7d371a086a08af29270961ae2a92c4b
libtiff-devel-3.6.1-10.x86_64.rpm SHA-256: c39b4c92d0b7bc38c636d6c747d2739edcd801c479ca79d3af7c2357599cd06c
libtiff-devel-3.6.1-10.x86_64.rpm SHA-256: c39b4c92d0b7bc38c636d6c747d2739edcd801c479ca79d3af7c2357599cd06c
ia64
libtiff-3.6.1-10.i386.rpm SHA-256: 480a361154deaf39d20de5cea80dc18b13522299ca408f7b96ca4a7186fd2a2b
libtiff-3.6.1-10.i386.rpm SHA-256: 480a361154deaf39d20de5cea80dc18b13522299ca408f7b96ca4a7186fd2a2b
libtiff-3.6.1-10.ia64.rpm SHA-256: 9d674480d1bd76b66a452d25abc219bd91795e5dc46ede6ea1ad136770d2ef28
libtiff-3.6.1-10.ia64.rpm SHA-256: 9d674480d1bd76b66a452d25abc219bd91795e5dc46ede6ea1ad136770d2ef28
libtiff-devel-3.6.1-10.ia64.rpm SHA-256: 8786eecb1a9ebf6acfe103e20ebd11e7256e501d463107e9acd7d2a68858caaa
libtiff-devel-3.6.1-10.ia64.rpm SHA-256: 8786eecb1a9ebf6acfe103e20ebd11e7256e501d463107e9acd7d2a68858caaa
i386
libtiff-3.6.1-10.i386.rpm SHA-256: 480a361154deaf39d20de5cea80dc18b13522299ca408f7b96ca4a7186fd2a2b
libtiff-3.6.1-10.i386.rpm SHA-256: 480a361154deaf39d20de5cea80dc18b13522299ca408f7b96ca4a7186fd2a2b
libtiff-devel-3.6.1-10.i386.rpm SHA-256: 7ea1ecf53ac17750dc6fd38699b298c96c2b6245879f37769bdd20cd5029633f
libtiff-devel-3.6.1-10.i386.rpm SHA-256: 7ea1ecf53ac17750dc6fd38699b298c96c2b6245879f37769bdd20cd5029633f

Red Hat Enterprise Linux Workstation 4

SRPM
x86_64
libtiff-3.6.1-10.i386.rpm SHA-256: 480a361154deaf39d20de5cea80dc18b13522299ca408f7b96ca4a7186fd2a2b
libtiff-3.6.1-10.x86_64.rpm SHA-256: 76e4d89c875e8894691b05b66e4854e7d7d371a086a08af29270961ae2a92c4b
libtiff-devel-3.6.1-10.x86_64.rpm SHA-256: c39b4c92d0b7bc38c636d6c747d2739edcd801c479ca79d3af7c2357599cd06c
ia64
libtiff-3.6.1-10.i386.rpm SHA-256: 480a361154deaf39d20de5cea80dc18b13522299ca408f7b96ca4a7186fd2a2b
libtiff-3.6.1-10.ia64.rpm SHA-256: 9d674480d1bd76b66a452d25abc219bd91795e5dc46ede6ea1ad136770d2ef28
libtiff-devel-3.6.1-10.ia64.rpm SHA-256: 8786eecb1a9ebf6acfe103e20ebd11e7256e501d463107e9acd7d2a68858caaa
i386
libtiff-3.6.1-10.i386.rpm SHA-256: 480a361154deaf39d20de5cea80dc18b13522299ca408f7b96ca4a7186fd2a2b
libtiff-devel-3.6.1-10.i386.rpm SHA-256: 7ea1ecf53ac17750dc6fd38699b298c96c2b6245879f37769bdd20cd5029633f

Red Hat Enterprise Linux Desktop 4

SRPM
x86_64
libtiff-3.6.1-10.i386.rpm SHA-256: 480a361154deaf39d20de5cea80dc18b13522299ca408f7b96ca4a7186fd2a2b
libtiff-3.6.1-10.x86_64.rpm SHA-256: 76e4d89c875e8894691b05b66e4854e7d7d371a086a08af29270961ae2a92c4b
libtiff-devel-3.6.1-10.x86_64.rpm SHA-256: c39b4c92d0b7bc38c636d6c747d2739edcd801c479ca79d3af7c2357599cd06c
i386
libtiff-3.6.1-10.i386.rpm SHA-256: 480a361154deaf39d20de5cea80dc18b13522299ca408f7b96ca4a7186fd2a2b
libtiff-devel-3.6.1-10.i386.rpm SHA-256: 7ea1ecf53ac17750dc6fd38699b298c96c2b6245879f37769bdd20cd5029633f

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
s390x
libtiff-3.6.1-10.s390.rpm SHA-256: 7b1ebac0c8e9f541ebd5d7798f9c280e27b77c7847e47bde1909d86207704e6a
libtiff-3.6.1-10.s390x.rpm SHA-256: 9e6da00724531a6132177f5407067b050531ab5dc1ef93ebf31040a13d40f12a
libtiff-devel-3.6.1-10.s390x.rpm SHA-256: bd8da7a9bc04c6a610e3da1d8a8b19ebf563b80e1eb9d391944bd1ba93639097
s390
libtiff-3.6.1-10.s390.rpm SHA-256: 7b1ebac0c8e9f541ebd5d7798f9c280e27b77c7847e47bde1909d86207704e6a
libtiff-devel-3.6.1-10.s390.rpm SHA-256: 961d92daaa7a6ae39b9077721c05abfeb2ae6a59b2f669bbd90d5ee247662b05

Red Hat Enterprise Linux for Power, big endian 4

SRPM
ppc
libtiff-3.6.1-10.ppc.rpm SHA-256: b10fecfe182d56af5995d3cd238989bbf56d1ae6c967f5dab32488e35393b9b1
libtiff-3.6.1-10.ppc64.rpm SHA-256: 9ce65d02ed8dc688cfd0ff247864a123400bf37c3fd3cd0faa73a9207128221b
libtiff-devel-3.6.1-10.ppc.rpm SHA-256: 43aefa028f8b4a35292de0c57e185da7154e44e19ed7595e8a38bf5a0cf6c39b

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.