Issued:: 2006-05-09
Updated:: 2006-05-09

RHSA-2006:0425 - Security Advisory

Overview
Updated Packages

Synopsis

libtiff security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated libtiff packages that fix several security flaws are now available
for Red Hat Enterprise Linux.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

Description

The libtiff package contains a library of functions for manipulating TIFF
(Tagged Image File Format) image format files.

An integer overflow flaw was discovered in libtiff. An attacker could
create a carefully crafted TIFF file in such a way that it could cause an
application linked with libtiff to crash or possibly execute arbitrary
code. (CVE-2006-2025)

A double free flaw was discovered in libtiff. An attacker could create a
carefully crafted TIFF file in such a way that it could cause an
application linked with libtiff to crash or possibly execute arbitrary
code. (CVE-2006-2026)

Several denial of service flaws were discovered in libtiff. An attacker
could create a carefully crafted TIFF file in such a way that it could
cause an application linked with libtiff to crash. (CVE-2006-2024,
CVE-2006-2120)

All users are advised to upgrade to these updated packages, which contain
backported fixes for these issues.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Affected Products

Red Hat Enterprise Linux Server 4 x86_64
Red Hat Enterprise Linux Server 4 ia64
Red Hat Enterprise Linux Server 4 i386
Red Hat Enterprise Linux Server 3 x86_64
Red Hat Enterprise Linux Server 3 ia64
Red Hat Enterprise Linux Server 3 i386
Red Hat Enterprise Linux Server 2 ia64
Red Hat Enterprise Linux Server 2 i386
Red Hat Enterprise Linux Workstation 4 x86_64
Red Hat Enterprise Linux Workstation 4 ia64
Red Hat Enterprise Linux Workstation 4 i386
Red Hat Enterprise Linux Workstation 3 x86_64
Red Hat Enterprise Linux Workstation 3 ia64
Red Hat Enterprise Linux Workstation 3 i386
Red Hat Enterprise Linux Workstation 2 ia64
Red Hat Enterprise Linux Workstation 2 i386
Red Hat Enterprise Linux Desktop 4 x86_64
Red Hat Enterprise Linux Desktop 4 i386
Red Hat Enterprise Linux Desktop 3 x86_64
Red Hat Enterprise Linux Desktop 3 i386
Red Hat Enterprise Linux for IBM z Systems 4 s390x
Red Hat Enterprise Linux for IBM z Systems 4 s390
Red Hat Enterprise Linux for IBM z Systems 3 s390x
Red Hat Enterprise Linux for IBM z Systems 3 s390
Red Hat Enterprise Linux for Power, big endian 4 ppc
Red Hat Enterprise Linux for Power, big endian 3 ppc

Fixes

BZ - 189933 - CVE-2006-2024 multiple libtiff issues (CVE-2006-2025, CVE-2006-2026)
BZ - 189974 - CVE-2006-2120 libtiff DoS

CVEs

References

http://www.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 4

SRPM
x86_64
libtiff-3.6.1-10.i386.rpm	SHA-256: 480a361154deaf39d20de5cea80dc18b13522299ca408f7b96ca4a7186fd2a2b
libtiff-3.6.1-10.i386.rpm	SHA-256: 480a361154deaf39d20de5cea80dc18b13522299ca408f7b96ca4a7186fd2a2b
libtiff-3.6.1-10.x86_64.rpm	SHA-256: 76e4d89c875e8894691b05b66e4854e7d7d371a086a08af29270961ae2a92c4b
libtiff-3.6.1-10.x86_64.rpm	SHA-256: 76e4d89c875e8894691b05b66e4854e7d7d371a086a08af29270961ae2a92c4b
libtiff-devel-3.6.1-10.x86_64.rpm	SHA-256: c39b4c92d0b7bc38c636d6c747d2739edcd801c479ca79d3af7c2357599cd06c
libtiff-devel-3.6.1-10.x86_64.rpm	SHA-256: c39b4c92d0b7bc38c636d6c747d2739edcd801c479ca79d3af7c2357599cd06c
ia64
libtiff-3.6.1-10.i386.rpm	SHA-256: 480a361154deaf39d20de5cea80dc18b13522299ca408f7b96ca4a7186fd2a2b
libtiff-3.6.1-10.i386.rpm	SHA-256: 480a361154deaf39d20de5cea80dc18b13522299ca408f7b96ca4a7186fd2a2b
libtiff-3.6.1-10.ia64.rpm	SHA-256: 9d674480d1bd76b66a452d25abc219bd91795e5dc46ede6ea1ad136770d2ef28
libtiff-3.6.1-10.ia64.rpm	SHA-256: 9d674480d1bd76b66a452d25abc219bd91795e5dc46ede6ea1ad136770d2ef28
libtiff-devel-3.6.1-10.ia64.rpm	SHA-256: 8786eecb1a9ebf6acfe103e20ebd11e7256e501d463107e9acd7d2a68858caaa
libtiff-devel-3.6.1-10.ia64.rpm	SHA-256: 8786eecb1a9ebf6acfe103e20ebd11e7256e501d463107e9acd7d2a68858caaa
i386
libtiff-3.6.1-10.i386.rpm	SHA-256: 480a361154deaf39d20de5cea80dc18b13522299ca408f7b96ca4a7186fd2a2b
libtiff-3.6.1-10.i386.rpm	SHA-256: 480a361154deaf39d20de5cea80dc18b13522299ca408f7b96ca4a7186fd2a2b
libtiff-devel-3.6.1-10.i386.rpm	SHA-256: 7ea1ecf53ac17750dc6fd38699b298c96c2b6245879f37769bdd20cd5029633f
libtiff-devel-3.6.1-10.i386.rpm	SHA-256: 7ea1ecf53ac17750dc6fd38699b298c96c2b6245879f37769bdd20cd5029633f

Red Hat Enterprise Linux Server 3

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux Server 2

SRPM
ia64
i386

Red Hat Enterprise Linux Workstation 4

SRPM
x86_64
libtiff-3.6.1-10.i386.rpm	SHA-256: 480a361154deaf39d20de5cea80dc18b13522299ca408f7b96ca4a7186fd2a2b
libtiff-3.6.1-10.x86_64.rpm	SHA-256: 76e4d89c875e8894691b05b66e4854e7d7d371a086a08af29270961ae2a92c4b
libtiff-devel-3.6.1-10.x86_64.rpm	SHA-256: c39b4c92d0b7bc38c636d6c747d2739edcd801c479ca79d3af7c2357599cd06c
ia64
libtiff-3.6.1-10.i386.rpm	SHA-256: 480a361154deaf39d20de5cea80dc18b13522299ca408f7b96ca4a7186fd2a2b
libtiff-3.6.1-10.ia64.rpm	SHA-256: 9d674480d1bd76b66a452d25abc219bd91795e5dc46ede6ea1ad136770d2ef28
libtiff-devel-3.6.1-10.ia64.rpm	SHA-256: 8786eecb1a9ebf6acfe103e20ebd11e7256e501d463107e9acd7d2a68858caaa
i386
libtiff-3.6.1-10.i386.rpm	SHA-256: 480a361154deaf39d20de5cea80dc18b13522299ca408f7b96ca4a7186fd2a2b
libtiff-devel-3.6.1-10.i386.rpm	SHA-256: 7ea1ecf53ac17750dc6fd38699b298c96c2b6245879f37769bdd20cd5029633f

Red Hat Enterprise Linux Workstation 3

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux Workstation 2

SRPM
ia64
i386

Red Hat Enterprise Linux Desktop 4

SRPM
x86_64
libtiff-3.6.1-10.i386.rpm	SHA-256: 480a361154deaf39d20de5cea80dc18b13522299ca408f7b96ca4a7186fd2a2b
libtiff-3.6.1-10.x86_64.rpm	SHA-256: 76e4d89c875e8894691b05b66e4854e7d7d371a086a08af29270961ae2a92c4b
libtiff-devel-3.6.1-10.x86_64.rpm	SHA-256: c39b4c92d0b7bc38c636d6c747d2739edcd801c479ca79d3af7c2357599cd06c
i386
libtiff-3.6.1-10.i386.rpm	SHA-256: 480a361154deaf39d20de5cea80dc18b13522299ca408f7b96ca4a7186fd2a2b
libtiff-devel-3.6.1-10.i386.rpm	SHA-256: 7ea1ecf53ac17750dc6fd38699b298c96c2b6245879f37769bdd20cd5029633f

Red Hat Enterprise Linux Desktop 3

SRPM
x86_64
i386

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
s390x
libtiff-3.6.1-10.s390.rpm	SHA-256: 7b1ebac0c8e9f541ebd5d7798f9c280e27b77c7847e47bde1909d86207704e6a
libtiff-3.6.1-10.s390x.rpm	SHA-256: 9e6da00724531a6132177f5407067b050531ab5dc1ef93ebf31040a13d40f12a
libtiff-devel-3.6.1-10.s390x.rpm	SHA-256: bd8da7a9bc04c6a610e3da1d8a8b19ebf563b80e1eb9d391944bd1ba93639097
s390
libtiff-3.6.1-10.s390.rpm	SHA-256: 7b1ebac0c8e9f541ebd5d7798f9c280e27b77c7847e47bde1909d86207704e6a
libtiff-devel-3.6.1-10.s390.rpm	SHA-256: 961d92daaa7a6ae39b9077721c05abfeb2ae6a59b2f669bbd90d5ee247662b05

Red Hat Enterprise Linux for IBM z Systems 3

SRPM
s390x
s390

Red Hat Enterprise Linux for Power, big endian 4

SRPM
ppc
libtiff-3.6.1-10.ppc.rpm	SHA-256: b10fecfe182d56af5995d3cd238989bbf56d1ae6c967f5dab32488e35393b9b1
libtiff-3.6.1-10.ppc64.rpm	SHA-256: 9ce65d02ed8dc688cfd0ff247864a123400bf37c3fd3cd0faa73a9207128221b
libtiff-devel-3.6.1-10.ppc.rpm	SHA-256: 43aefa028f8b4a35292de0c57e185da7154e44e19ed7595e8a38bf5a0cf6c39b

Red Hat Enterprise Linux for Power, big endian 3

SRPM
ppc

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation