Issued:
2011-04-18
Updated:
2011-04-18

RHSA-2011:0452 - Security Advisory

Synopsis

Important: libtiff security update

Type/Severity

Security Advisory: Important

Topic

Updated libtiff packages that fix one security issue are now available for
Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.

Description

The libtiff packages contain a library of functions for manipulating Tagged
Image File Format (TIFF) files.

A heap-based buffer overflow flaw was found in the way libtiff processed
certain TIFF image files that were compressed with the JPEG compression
algorithm. An attacker could use this flaw to create a specially-crafted
TIFF file that, when opened, would cause an application linked against
libtiff to crash or, possibly, execute arbitrary code. (CVE-2009-5022)

All libtiff users should upgrade to these updated packages, which contain a
backported patch to resolve this issue. All running applications linked
against libtiff must be restarted for this update to take effect.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Affected Products

  • Red Hat Enterprise Linux Server 6 x86_64
  • Red Hat Enterprise Linux Server 6 i386
  • Red Hat Enterprise Linux Workstation 6 x86_64
  • Red Hat Enterprise Linux Workstation 6 i386
  • Red Hat Enterprise Linux Desktop 6 x86_64
  • Red Hat Enterprise Linux Desktop 6 i386
  • Red Hat Enterprise Linux for IBM z Systems 6 s390x
  • Red Hat Enterprise Linux for Power, big endian 6 ppc64
  • Red Hat Enterprise Linux for Scientific Computing 6 x86_64
  • Red Hat Enterprise Linux Server from RHUI 6 x86_64
  • Red Hat Enterprise Linux Server from RHUI 6 i386

Fixes

  • BZ - 695885 - CVE-2009-5022 libtiff ojpeg buffer overflow

CVEs

References

Red Hat Enterprise Linux Server 6

SRPM
libtiff-3.9.4-1.el6_0.3.src.rpm SHA-256: 6d55910246564baf0340fb23904bd2d1efa5eeb76953ebffa21eda3ea092c6f1
x86_64
libtiff-3.9.4-1.el6_0.3.i686.rpm SHA-256: 32c069f9efb32c81c7c829cebfd0ed27677f8d3bb95542249a77c66a8a7b8150
libtiff-3.9.4-1.el6_0.3.x86_64.rpm SHA-256: d60cc5770a6d4b74f293dfc9464eb1dcf2974be8d9b33c99433840269e3f6921
libtiff-debuginfo-3.9.4-1.el6_0.3.i686.rpm SHA-256: 0ce4a775c63103ae87b4b2f336497c44c76f1631cd85c3671e441a296355bab0
libtiff-debuginfo-3.9.4-1.el6_0.3.i686.rpm SHA-256: 0ce4a775c63103ae87b4b2f336497c44c76f1631cd85c3671e441a296355bab0
libtiff-debuginfo-3.9.4-1.el6_0.3.x86_64.rpm SHA-256: 6b8fa84fa633b6892e2f25fa24195002ddb61fc27fe814bd9d06fae6f5a8bf7d
libtiff-debuginfo-3.9.4-1.el6_0.3.x86_64.rpm SHA-256: 6b8fa84fa633b6892e2f25fa24195002ddb61fc27fe814bd9d06fae6f5a8bf7d
libtiff-devel-3.9.4-1.el6_0.3.i686.rpm SHA-256: 2c49920a070a619bf375d8e3ac8df8852afa0f5639b40406a5934288f3f8e16c
libtiff-devel-3.9.4-1.el6_0.3.x86_64.rpm SHA-256: fa3bb5930b7f2183475e34c62ae09acf33f2e023a8fa25a5fa180153460be3ff
libtiff-static-3.9.4-1.el6_0.3.x86_64.rpm SHA-256: 51a9863c58236cdbef95792254cd38ef10f7838c17043b163531c929f5f7fd4b
i386
libtiff-3.9.4-1.el6_0.3.i686.rpm SHA-256: 32c069f9efb32c81c7c829cebfd0ed27677f8d3bb95542249a77c66a8a7b8150
libtiff-debuginfo-3.9.4-1.el6_0.3.i686.rpm SHA-256: 0ce4a775c63103ae87b4b2f336497c44c76f1631cd85c3671e441a296355bab0
libtiff-debuginfo-3.9.4-1.el6_0.3.i686.rpm SHA-256: 0ce4a775c63103ae87b4b2f336497c44c76f1631cd85c3671e441a296355bab0
libtiff-devel-3.9.4-1.el6_0.3.i686.rpm SHA-256: 2c49920a070a619bf375d8e3ac8df8852afa0f5639b40406a5934288f3f8e16c
libtiff-static-3.9.4-1.el6_0.3.i686.rpm SHA-256: 16d37f020666bcd09db05a6c69e71dacbf7f8aa1417f60e6073270eab6e84fe8

Red Hat Enterprise Linux Workstation 6

SRPM
libtiff-3.9.4-1.el6_0.3.src.rpm SHA-256: 6d55910246564baf0340fb23904bd2d1efa5eeb76953ebffa21eda3ea092c6f1
x86_64
libtiff-3.9.4-1.el6_0.3.i686.rpm SHA-256: 32c069f9efb32c81c7c829cebfd0ed27677f8d3bb95542249a77c66a8a7b8150
libtiff-3.9.4-1.el6_0.3.x86_64.rpm SHA-256: d60cc5770a6d4b74f293dfc9464eb1dcf2974be8d9b33c99433840269e3f6921
libtiff-debuginfo-3.9.4-1.el6_0.3.i686.rpm SHA-256: 0ce4a775c63103ae87b4b2f336497c44c76f1631cd85c3671e441a296355bab0
libtiff-debuginfo-3.9.4-1.el6_0.3.i686.rpm SHA-256: 0ce4a775c63103ae87b4b2f336497c44c76f1631cd85c3671e441a296355bab0
libtiff-debuginfo-3.9.4-1.el6_0.3.x86_64.rpm SHA-256: 6b8fa84fa633b6892e2f25fa24195002ddb61fc27fe814bd9d06fae6f5a8bf7d
libtiff-debuginfo-3.9.4-1.el6_0.3.x86_64.rpm SHA-256: 6b8fa84fa633b6892e2f25fa24195002ddb61fc27fe814bd9d06fae6f5a8bf7d
libtiff-devel-3.9.4-1.el6_0.3.i686.rpm SHA-256: 2c49920a070a619bf375d8e3ac8df8852afa0f5639b40406a5934288f3f8e16c
libtiff-devel-3.9.4-1.el6_0.3.x86_64.rpm SHA-256: fa3bb5930b7f2183475e34c62ae09acf33f2e023a8fa25a5fa180153460be3ff
libtiff-static-3.9.4-1.el6_0.3.x86_64.rpm SHA-256: 51a9863c58236cdbef95792254cd38ef10f7838c17043b163531c929f5f7fd4b
i386
libtiff-3.9.4-1.el6_0.3.i686.rpm SHA-256: 32c069f9efb32c81c7c829cebfd0ed27677f8d3bb95542249a77c66a8a7b8150
libtiff-debuginfo-3.9.4-1.el6_0.3.i686.rpm SHA-256: 0ce4a775c63103ae87b4b2f336497c44c76f1631cd85c3671e441a296355bab0
libtiff-debuginfo-3.9.4-1.el6_0.3.i686.rpm SHA-256: 0ce4a775c63103ae87b4b2f336497c44c76f1631cd85c3671e441a296355bab0
libtiff-devel-3.9.4-1.el6_0.3.i686.rpm SHA-256: 2c49920a070a619bf375d8e3ac8df8852afa0f5639b40406a5934288f3f8e16c
libtiff-static-3.9.4-1.el6_0.3.i686.rpm SHA-256: 16d37f020666bcd09db05a6c69e71dacbf7f8aa1417f60e6073270eab6e84fe8

Red Hat Enterprise Linux Desktop 6

SRPM
libtiff-3.9.4-1.el6_0.3.src.rpm SHA-256: 6d55910246564baf0340fb23904bd2d1efa5eeb76953ebffa21eda3ea092c6f1
x86_64
libtiff-3.9.4-1.el6_0.3.i686.rpm SHA-256: 32c069f9efb32c81c7c829cebfd0ed27677f8d3bb95542249a77c66a8a7b8150
libtiff-3.9.4-1.el6_0.3.x86_64.rpm SHA-256: d60cc5770a6d4b74f293dfc9464eb1dcf2974be8d9b33c99433840269e3f6921
libtiff-debuginfo-3.9.4-1.el6_0.3.i686.rpm SHA-256: 0ce4a775c63103ae87b4b2f336497c44c76f1631cd85c3671e441a296355bab0
libtiff-debuginfo-3.9.4-1.el6_0.3.i686.rpm SHA-256: 0ce4a775c63103ae87b4b2f336497c44c76f1631cd85c3671e441a296355bab0
libtiff-debuginfo-3.9.4-1.el6_0.3.x86_64.rpm SHA-256: 6b8fa84fa633b6892e2f25fa24195002ddb61fc27fe814bd9d06fae6f5a8bf7d
libtiff-debuginfo-3.9.4-1.el6_0.3.x86_64.rpm SHA-256: 6b8fa84fa633b6892e2f25fa24195002ddb61fc27fe814bd9d06fae6f5a8bf7d
libtiff-devel-3.9.4-1.el6_0.3.i686.rpm SHA-256: 2c49920a070a619bf375d8e3ac8df8852afa0f5639b40406a5934288f3f8e16c
libtiff-devel-3.9.4-1.el6_0.3.x86_64.rpm SHA-256: fa3bb5930b7f2183475e34c62ae09acf33f2e023a8fa25a5fa180153460be3ff
libtiff-static-3.9.4-1.el6_0.3.x86_64.rpm SHA-256: 51a9863c58236cdbef95792254cd38ef10f7838c17043b163531c929f5f7fd4b
i386
libtiff-3.9.4-1.el6_0.3.i686.rpm SHA-256: 32c069f9efb32c81c7c829cebfd0ed27677f8d3bb95542249a77c66a8a7b8150
libtiff-debuginfo-3.9.4-1.el6_0.3.i686.rpm SHA-256: 0ce4a775c63103ae87b4b2f336497c44c76f1631cd85c3671e441a296355bab0
libtiff-debuginfo-3.9.4-1.el6_0.3.i686.rpm SHA-256: 0ce4a775c63103ae87b4b2f336497c44c76f1631cd85c3671e441a296355bab0
libtiff-devel-3.9.4-1.el6_0.3.i686.rpm SHA-256: 2c49920a070a619bf375d8e3ac8df8852afa0f5639b40406a5934288f3f8e16c
libtiff-static-3.9.4-1.el6_0.3.i686.rpm SHA-256: 16d37f020666bcd09db05a6c69e71dacbf7f8aa1417f60e6073270eab6e84fe8

Red Hat Enterprise Linux for IBM z Systems 6

SRPM
libtiff-3.9.4-1.el6_0.3.src.rpm SHA-256: 6d55910246564baf0340fb23904bd2d1efa5eeb76953ebffa21eda3ea092c6f1
s390x
libtiff-3.9.4-1.el6_0.3.s390.rpm SHA-256: ad7192435422a912b4fd95718571f2426a4bd0fa10f3e212a428da910824a8d7
libtiff-3.9.4-1.el6_0.3.s390x.rpm SHA-256: 9e45677751574e3e71517a7d26eaf0017b927306cd2ec4557fae3cf5fc7e7775
libtiff-debuginfo-3.9.4-1.el6_0.3.s390.rpm SHA-256: 521be46287028d8c4223fed663af8b2645331a27439c54f1f725d70b487112ee
libtiff-debuginfo-3.9.4-1.el6_0.3.s390.rpm SHA-256: 521be46287028d8c4223fed663af8b2645331a27439c54f1f725d70b487112ee
libtiff-debuginfo-3.9.4-1.el6_0.3.s390x.rpm SHA-256: ac09f40e23d7c4d76a4f1674575d610d5e6178422afb9d3e9abcd208c9a3d32a
libtiff-debuginfo-3.9.4-1.el6_0.3.s390x.rpm SHA-256: ac09f40e23d7c4d76a4f1674575d610d5e6178422afb9d3e9abcd208c9a3d32a
libtiff-devel-3.9.4-1.el6_0.3.s390.rpm SHA-256: 42a4c86be5df59126c31fdbf523c75ab0d857c5f718d72ac7fad4326b7eae38d
libtiff-devel-3.9.4-1.el6_0.3.s390x.rpm SHA-256: 106191b61ca0eb73403d0847192b36482bdc836824fbccccb5a3f999f21081fb
libtiff-static-3.9.4-1.el6_0.3.s390x.rpm SHA-256: 30114de8bad2342d92f9fe2b4c586a33e3cc38dbf5eae747c1058821883f8180

Red Hat Enterprise Linux for Power, big endian 6

SRPM
libtiff-3.9.4-1.el6_0.3.src.rpm SHA-256: 6d55910246564baf0340fb23904bd2d1efa5eeb76953ebffa21eda3ea092c6f1
ppc64
libtiff-3.9.4-1.el6_0.3.ppc.rpm SHA-256: a4a7121d124eccc73a9ad785bba8a5583d3ca0f1f84d13627add2d4f66414d6c
libtiff-3.9.4-1.el6_0.3.ppc64.rpm SHA-256: d6728e77a045b2bb5833b84092cb7d9ff5d3cbdee03c47bce5d5fb2fd70c3d17
libtiff-debuginfo-3.9.4-1.el6_0.3.ppc.rpm SHA-256: 264b3eae93deef8d8a31ef2f8b96d30c543e4c517bbc11b5efcd5b39b6ed6218
libtiff-debuginfo-3.9.4-1.el6_0.3.ppc.rpm SHA-256: 264b3eae93deef8d8a31ef2f8b96d30c543e4c517bbc11b5efcd5b39b6ed6218
libtiff-debuginfo-3.9.4-1.el6_0.3.ppc64.rpm SHA-256: 5740c6250da533967a689060153d44ce628e1b8456ac2c973bf50189c40af2ba
libtiff-debuginfo-3.9.4-1.el6_0.3.ppc64.rpm SHA-256: 5740c6250da533967a689060153d44ce628e1b8456ac2c973bf50189c40af2ba
libtiff-devel-3.9.4-1.el6_0.3.ppc.rpm SHA-256: 09bf68c2858d14be0457e39470a1c42e2fcdf10a4fd55cc93b1a735d2c0c1e06
libtiff-devel-3.9.4-1.el6_0.3.ppc64.rpm SHA-256: 421e01b894d1b7c5df7fbed8e58318f17c9047a2d8eba84b015e55ce5318ab72
libtiff-static-3.9.4-1.el6_0.3.ppc64.rpm SHA-256: ce1de07abb8c48277cf15a0fb27a9e6e351e2c641aff4cb73945f78c0b299e6b

Red Hat Enterprise Linux for Scientific Computing 6

SRPM
libtiff-3.9.4-1.el6_0.3.src.rpm SHA-256: 6d55910246564baf0340fb23904bd2d1efa5eeb76953ebffa21eda3ea092c6f1
x86_64
libtiff-3.9.4-1.el6_0.3.i686.rpm SHA-256: 32c069f9efb32c81c7c829cebfd0ed27677f8d3bb95542249a77c66a8a7b8150
libtiff-3.9.4-1.el6_0.3.x86_64.rpm SHA-256: d60cc5770a6d4b74f293dfc9464eb1dcf2974be8d9b33c99433840269e3f6921
libtiff-debuginfo-3.9.4-1.el6_0.3.i686.rpm SHA-256: 0ce4a775c63103ae87b4b2f336497c44c76f1631cd85c3671e441a296355bab0
libtiff-debuginfo-3.9.4-1.el6_0.3.i686.rpm SHA-256: 0ce4a775c63103ae87b4b2f336497c44c76f1631cd85c3671e441a296355bab0
libtiff-debuginfo-3.9.4-1.el6_0.3.x86_64.rpm SHA-256: 6b8fa84fa633b6892e2f25fa24195002ddb61fc27fe814bd9d06fae6f5a8bf7d
libtiff-debuginfo-3.9.4-1.el6_0.3.x86_64.rpm SHA-256: 6b8fa84fa633b6892e2f25fa24195002ddb61fc27fe814bd9d06fae6f5a8bf7d
libtiff-devel-3.9.4-1.el6_0.3.i686.rpm SHA-256: 2c49920a070a619bf375d8e3ac8df8852afa0f5639b40406a5934288f3f8e16c
libtiff-devel-3.9.4-1.el6_0.3.x86_64.rpm SHA-256: fa3bb5930b7f2183475e34c62ae09acf33f2e023a8fa25a5fa180153460be3ff
libtiff-static-3.9.4-1.el6_0.3.x86_64.rpm SHA-256: 51a9863c58236cdbef95792254cd38ef10f7838c17043b163531c929f5f7fd4b

Red Hat Enterprise Linux Server from RHUI 6

SRPM
libtiff-3.9.4-1.el6_0.3.src.rpm SHA-256: 6d55910246564baf0340fb23904bd2d1efa5eeb76953ebffa21eda3ea092c6f1
x86_64
libtiff-3.9.4-1.el6_0.3.i686.rpm SHA-256: 32c069f9efb32c81c7c829cebfd0ed27677f8d3bb95542249a77c66a8a7b8150
libtiff-3.9.4-1.el6_0.3.x86_64.rpm SHA-256: d60cc5770a6d4b74f293dfc9464eb1dcf2974be8d9b33c99433840269e3f6921
libtiff-debuginfo-3.9.4-1.el6_0.3.i686.rpm SHA-256: 0ce4a775c63103ae87b4b2f336497c44c76f1631cd85c3671e441a296355bab0
libtiff-debuginfo-3.9.4-1.el6_0.3.i686.rpm SHA-256: 0ce4a775c63103ae87b4b2f336497c44c76f1631cd85c3671e441a296355bab0
libtiff-debuginfo-3.9.4-1.el6_0.3.x86_64.rpm SHA-256: 6b8fa84fa633b6892e2f25fa24195002ddb61fc27fe814bd9d06fae6f5a8bf7d
libtiff-debuginfo-3.9.4-1.el6_0.3.x86_64.rpm SHA-256: 6b8fa84fa633b6892e2f25fa24195002ddb61fc27fe814bd9d06fae6f5a8bf7d
libtiff-devel-3.9.4-1.el6_0.3.i686.rpm SHA-256: 2c49920a070a619bf375d8e3ac8df8852afa0f5639b40406a5934288f3f8e16c
libtiff-devel-3.9.4-1.el6_0.3.x86_64.rpm SHA-256: fa3bb5930b7f2183475e34c62ae09acf33f2e023a8fa25a5fa180153460be3ff
libtiff-static-3.9.4-1.el6_0.3.x86_64.rpm SHA-256: 51a9863c58236cdbef95792254cd38ef10f7838c17043b163531c929f5f7fd4b
i386
libtiff-3.9.4-1.el6_0.3.i686.rpm SHA-256: 32c069f9efb32c81c7c829cebfd0ed27677f8d3bb95542249a77c66a8a7b8150
libtiff-debuginfo-3.9.4-1.el6_0.3.i686.rpm SHA-256: 0ce4a775c63103ae87b4b2f336497c44c76f1631cd85c3671e441a296355bab0
libtiff-debuginfo-3.9.4-1.el6_0.3.i686.rpm SHA-256: 0ce4a775c63103ae87b4b2f336497c44c76f1631cd85c3671e441a296355bab0
libtiff-devel-3.9.4-1.el6_0.3.i686.rpm SHA-256: 2c49920a070a619bf375d8e3ac8df8852afa0f5639b40406a5934288f3f8e16c
libtiff-static-3.9.4-1.el6_0.3.i686.rpm SHA-256: 16d37f020666bcd09db05a6c69e71dacbf7f8aa1417f60e6073270eab6e84fe8

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.