- 发布:
- 2006-05-09
- 已更新:
- 2006-05-09
RHSA-2006:0425 - Security Advisory
概述
libtiff security update
类型/严重性
Security Advisory: Important
Red Hat Lightspeed patch analysis
识别并修复受此公告影响的系统。
标题
Updated libtiff packages that fix several security flaws are now available
for Red Hat Enterprise Linux.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
描述
The libtiff package contains a library of functions for manipulating TIFF
(Tagged Image File Format) image format files.
An integer overflow flaw was discovered in libtiff. An attacker could
create a carefully crafted TIFF file in such a way that it could cause an
application linked with libtiff to crash or possibly execute arbitrary
code. (CVE-2006-2025)
A double free flaw was discovered in libtiff. An attacker could create a
carefully crafted TIFF file in such a way that it could cause an
application linked with libtiff to crash or possibly execute arbitrary
code. (CVE-2006-2026)
Several denial of service flaws were discovered in libtiff. An attacker
could create a carefully crafted TIFF file in such a way that it could
cause an application linked with libtiff to crash. (CVE-2006-2024,
CVE-2006-2120)
All users are advised to upgrade to these updated packages, which contain
backported fixes for these issues.
解决方案
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.
受影响的产品
- Red Hat Enterprise Linux Server 4 x86_64
- Red Hat Enterprise Linux Server 4 ia64
- Red Hat Enterprise Linux Server 4 i386
- Red Hat Enterprise Linux Server 3 x86_64
- Red Hat Enterprise Linux Server 3 ia64
- Red Hat Enterprise Linux Server 3 i386
- Red Hat Enterprise Linux Server 2 ia64
- Red Hat Enterprise Linux Server 2 i386
- Red Hat Enterprise Linux Workstation 4 x86_64
- Red Hat Enterprise Linux Workstation 4 ia64
- Red Hat Enterprise Linux Workstation 4 i386
- Red Hat Enterprise Linux Workstation 3 x86_64
- Red Hat Enterprise Linux Workstation 3 ia64
- Red Hat Enterprise Linux Workstation 3 i386
- Red Hat Enterprise Linux Workstation 2 ia64
- Red Hat Enterprise Linux Workstation 2 i386
- Red Hat Enterprise Linux Desktop 4 x86_64
- Red Hat Enterprise Linux Desktop 4 i386
- Red Hat Enterprise Linux Desktop 3 x86_64
- Red Hat Enterprise Linux Desktop 3 i386
- Red Hat Enterprise Linux for IBM z Systems 4 s390x
- Red Hat Enterprise Linux for IBM z Systems 4 s390
- Red Hat Enterprise Linux for IBM z Systems 3 s390x
- Red Hat Enterprise Linux for IBM z Systems 3 s390
- Red Hat Enterprise Linux for Power, big endian 4 ppc
- Red Hat Enterprise Linux for Power, big endian 3 ppc
修复
- BZ - 189933 - CVE-2006-2024 multiple libtiff issues (CVE-2006-2025, CVE-2006-2026)
- BZ - 189974 - CVE-2006-2120 libtiff DoS
Red Hat Enterprise Linux Server 4
| SRPM | |
|---|---|
| x86_64 | |
| libtiff-3.6.1-10.i386.rpm | SHA-256: 480a361154deaf39d20de5cea80dc18b13522299ca408f7b96ca4a7186fd2a2b |
| libtiff-3.6.1-10.i386.rpm | SHA-256: 480a361154deaf39d20de5cea80dc18b13522299ca408f7b96ca4a7186fd2a2b |
| libtiff-3.6.1-10.x86_64.rpm | SHA-256: 76e4d89c875e8894691b05b66e4854e7d7d371a086a08af29270961ae2a92c4b |
| libtiff-3.6.1-10.x86_64.rpm | SHA-256: 76e4d89c875e8894691b05b66e4854e7d7d371a086a08af29270961ae2a92c4b |
| libtiff-devel-3.6.1-10.x86_64.rpm | SHA-256: c39b4c92d0b7bc38c636d6c747d2739edcd801c479ca79d3af7c2357599cd06c |
| libtiff-devel-3.6.1-10.x86_64.rpm | SHA-256: c39b4c92d0b7bc38c636d6c747d2739edcd801c479ca79d3af7c2357599cd06c |
| ia64 | |
| libtiff-3.6.1-10.i386.rpm | SHA-256: 480a361154deaf39d20de5cea80dc18b13522299ca408f7b96ca4a7186fd2a2b |
| libtiff-3.6.1-10.i386.rpm | SHA-256: 480a361154deaf39d20de5cea80dc18b13522299ca408f7b96ca4a7186fd2a2b |
| libtiff-3.6.1-10.ia64.rpm | SHA-256: 9d674480d1bd76b66a452d25abc219bd91795e5dc46ede6ea1ad136770d2ef28 |
| libtiff-3.6.1-10.ia64.rpm | SHA-256: 9d674480d1bd76b66a452d25abc219bd91795e5dc46ede6ea1ad136770d2ef28 |
| libtiff-devel-3.6.1-10.ia64.rpm | SHA-256: 8786eecb1a9ebf6acfe103e20ebd11e7256e501d463107e9acd7d2a68858caaa |
| libtiff-devel-3.6.1-10.ia64.rpm | SHA-256: 8786eecb1a9ebf6acfe103e20ebd11e7256e501d463107e9acd7d2a68858caaa |
| i386 | |
| libtiff-3.6.1-10.i386.rpm | SHA-256: 480a361154deaf39d20de5cea80dc18b13522299ca408f7b96ca4a7186fd2a2b |
| libtiff-3.6.1-10.i386.rpm | SHA-256: 480a361154deaf39d20de5cea80dc18b13522299ca408f7b96ca4a7186fd2a2b |
| libtiff-devel-3.6.1-10.i386.rpm | SHA-256: 7ea1ecf53ac17750dc6fd38699b298c96c2b6245879f37769bdd20cd5029633f |
| libtiff-devel-3.6.1-10.i386.rpm | SHA-256: 7ea1ecf53ac17750dc6fd38699b298c96c2b6245879f37769bdd20cd5029633f |
Red Hat Enterprise Linux Server 3
| SRPM | |
|---|---|
| x86_64 | |
| ia64 | |
| i386 |
Red Hat Enterprise Linux Server 2
| SRPM | |
|---|---|
| ia64 | |
| i386 |
Red Hat Enterprise Linux Workstation 4
| SRPM | |
|---|---|
| x86_64 | |
| libtiff-3.6.1-10.i386.rpm | SHA-256: 480a361154deaf39d20de5cea80dc18b13522299ca408f7b96ca4a7186fd2a2b |
| libtiff-3.6.1-10.x86_64.rpm | SHA-256: 76e4d89c875e8894691b05b66e4854e7d7d371a086a08af29270961ae2a92c4b |
| libtiff-devel-3.6.1-10.x86_64.rpm | SHA-256: c39b4c92d0b7bc38c636d6c747d2739edcd801c479ca79d3af7c2357599cd06c |
| ia64 | |
| libtiff-3.6.1-10.i386.rpm | SHA-256: 480a361154deaf39d20de5cea80dc18b13522299ca408f7b96ca4a7186fd2a2b |
| libtiff-3.6.1-10.ia64.rpm | SHA-256: 9d674480d1bd76b66a452d25abc219bd91795e5dc46ede6ea1ad136770d2ef28 |
| libtiff-devel-3.6.1-10.ia64.rpm | SHA-256: 8786eecb1a9ebf6acfe103e20ebd11e7256e501d463107e9acd7d2a68858caaa |
| i386 | |
| libtiff-3.6.1-10.i386.rpm | SHA-256: 480a361154deaf39d20de5cea80dc18b13522299ca408f7b96ca4a7186fd2a2b |
| libtiff-devel-3.6.1-10.i386.rpm | SHA-256: 7ea1ecf53ac17750dc6fd38699b298c96c2b6245879f37769bdd20cd5029633f |
Red Hat Enterprise Linux Workstation 3
| SRPM | |
|---|---|
| x86_64 | |
| ia64 | |
| i386 |
Red Hat Enterprise Linux Workstation 2
| SRPM | |
|---|---|
| ia64 | |
| i386 |
Red Hat Enterprise Linux Desktop 4
| SRPM | |
|---|---|
| x86_64 | |
| libtiff-3.6.1-10.i386.rpm | SHA-256: 480a361154deaf39d20de5cea80dc18b13522299ca408f7b96ca4a7186fd2a2b |
| libtiff-3.6.1-10.x86_64.rpm | SHA-256: 76e4d89c875e8894691b05b66e4854e7d7d371a086a08af29270961ae2a92c4b |
| libtiff-devel-3.6.1-10.x86_64.rpm | SHA-256: c39b4c92d0b7bc38c636d6c747d2739edcd801c479ca79d3af7c2357599cd06c |
| i386 | |
| libtiff-3.6.1-10.i386.rpm | SHA-256: 480a361154deaf39d20de5cea80dc18b13522299ca408f7b96ca4a7186fd2a2b |
| libtiff-devel-3.6.1-10.i386.rpm | SHA-256: 7ea1ecf53ac17750dc6fd38699b298c96c2b6245879f37769bdd20cd5029633f |
Red Hat Enterprise Linux Desktop 3
| SRPM | |
|---|---|
| x86_64 | |
| i386 |
Red Hat Enterprise Linux for IBM z Systems 4
| SRPM | |
|---|---|
| s390x | |
| libtiff-3.6.1-10.s390.rpm | SHA-256: 7b1ebac0c8e9f541ebd5d7798f9c280e27b77c7847e47bde1909d86207704e6a |
| libtiff-3.6.1-10.s390x.rpm | SHA-256: 9e6da00724531a6132177f5407067b050531ab5dc1ef93ebf31040a13d40f12a |
| libtiff-devel-3.6.1-10.s390x.rpm | SHA-256: bd8da7a9bc04c6a610e3da1d8a8b19ebf563b80e1eb9d391944bd1ba93639097 |
| s390 | |
| libtiff-3.6.1-10.s390.rpm | SHA-256: 7b1ebac0c8e9f541ebd5d7798f9c280e27b77c7847e47bde1909d86207704e6a |
| libtiff-devel-3.6.1-10.s390.rpm | SHA-256: 961d92daaa7a6ae39b9077721c05abfeb2ae6a59b2f669bbd90d5ee247662b05 |
Red Hat Enterprise Linux for IBM z Systems 3
| SRPM | |
|---|---|
| s390x | |
| s390 |
Red Hat Enterprise Linux for Power, big endian 4
| SRPM | |
|---|---|
| ppc | |
| libtiff-3.6.1-10.ppc.rpm | SHA-256: b10fecfe182d56af5995d3cd238989bbf56d1ae6c967f5dab32488e35393b9b1 |
| libtiff-3.6.1-10.ppc64.rpm | SHA-256: 9ce65d02ed8dc688cfd0ff247864a123400bf37c3fd3cd0faa73a9207128221b |
| libtiff-devel-3.6.1-10.ppc.rpm | SHA-256: 43aefa028f8b4a35292de0c57e185da7154e44e19ed7595e8a38bf5a0cf6c39b |
Red Hat Enterprise Linux for Power, big endian 3
| SRPM | |
|---|---|
| ppc |
Red Hat 安全团队联络方式为 secalert@redhat.com。 更多联络细节请参考 https://access.redhat.com/security/team/contact/。
