Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Products & Services

    Products

    Support

    • Production Support
    • Development Support
    • Product Life Cycles

    Services

    • Consulting
    • Technical Account Management
    • Training & Certifications

    Documentation

    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    All Documentation

    Ecosystem Catalog

    • Red Hat Partner Ecosystem
    • Partner Resources
  • Tools

    Tools

    • Troubleshoot a product issue
    • Packages
    • Errata

    Customer Portal Labs

    • Configuration
    • Deployment
    • Security
    • Troubleshoot
    All labs

    Red Hat Insights

    Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

    Learn More
    Go to Insights
  • Security

    Red Hat Product Security Center

    Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

    Product Security Center

    Security Updates

    • Security Advisories
    • Red Hat CVE Database
    • Security Labs

    Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

    View Responses

    Resources

    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community

    Customer Portal Community

    • Discussions
    • Private Groups
    Community Activity

    Customer Events

    • Red Hat Convergence
    • Red Hat Summit

    Stories

    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2019:2053 - Security Advisory
Issued:
2019-08-06
Updated:
2019-08-06

RHSA-2019:2053 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: libtiff security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for libtiff is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files.

Security Fix(es):

  • libtiff: buffer overflow in gif2tiff (CVE-2016-3186)
  • libtiff: Heap-based buffer overflow in the cpSeparateBufToContigBuf function resulting in a denial of service or possibly code execution (CVE-2018-12900)
  • libtiff: Out-of-bounds write in tif_jbig.c (CVE-2018-18557)
  • libtiff: NULL pointer dereference in tif_print.c:TIFFPrintDirectory() causes a denial of service (CVE-2018-7456)
  • libtiff: heap-based buffer overflow in tif_lzw.c:LZWDecodeCompat() allows for denial of service (CVE-2018-8905)
  • libtiff: heap-based buffer over-read in TIFFWriteScanline function in tif_write.c (CVE-2018-10779)
  • libtiff: reachable assertion in TIFFWriteDirectorySec function in tif_dirwrite.c (CVE-2018-10963)
  • libtiff: Integer overflow in multiply_ms in tools/ppm2tiff.c (CVE-2018-17100)
  • libtiff: Two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c (CVE-2018-17101)
  • libtiff: tiff2bw tool failed memory allocation leads to crash (CVE-2018-18661)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running applications linked against libtiff must be restarted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux Server 7 x86_64
  • Red Hat Enterprise Linux Workstation 7 x86_64
  • Red Hat Enterprise Linux Desktop 7 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 7 s390x
  • Red Hat Enterprise Linux for Power, big endian 7 ppc64
  • Red Hat Enterprise Linux for Scientific Computing 7 x86_64
  • Red Hat Enterprise Linux for Power, little endian 7 ppc64le

Fixes

  • BZ - 1319503 - buffer overflow in gif2tiff
  • BZ - 1319666 - CVE-2016-3186 libtiff: buffer overflow in gif2tiff
  • BZ - 1556708 - CVE-2018-7456 libtiff: NULL pointer dereference in tif_print.c:TIFFPrintDirectory() causes a denial of service
  • BZ - 1559704 - CVE-2018-8905 libtiff: heap-based buffer overflow in tif_lzw.c:LZWDecodeCompat() allows for denial of service
  • BZ - 1577311 - CVE-2018-10779 libtiff: heap-based buffer over-read in TIFFWriteScanline function in tif_write.c
  • BZ - 1579058 - CVE-2018-10963 libtiff: reachable assertion in TIFFWriteDirectorySec function in tif_dirwrite.c
  • BZ - 1595575 - CVE-2018-12900 libtiff: Heap-based buffer overflow in the cpSeparateBufToContigBuf function resulting in a denial of service or possibly code execution
  • BZ - 1631069 - CVE-2018-17100 libtiff: Integer overflow in multiply_ms in tools/ppm2tiff.c
  • BZ - 1631078 - CVE-2018-17101 libtiff: Two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c
  • BZ - 1644229 - CVE-2018-18557 libtiff: Out-of-bounds write in tif_jbig.c
  • BZ - 1644448 - CVE-2018-18661 libtiff: tiff2bw tool failed memory allocation leads to crash

CVEs

  • CVE-2016-3186
  • CVE-2018-7456
  • CVE-2018-8905
  • CVE-2018-10779
  • CVE-2018-10963
  • CVE-2018-12900
  • CVE-2018-17100
  • CVE-2018-17101
  • CVE-2018-18557
  • CVE-2018-18661

References

  • https://access.redhat.com/security/updates/classification/#moderate
  • https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html-single/7.7_release_notes/index
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 7

SRPM
libtiff-4.0.3-32.el7.src.rpm SHA-256: 6d9afb86f8c08811e48bae76ed7b9d2a8208e0a11412f6d157b513bb79aab5aa
x86_64
libtiff-4.0.3-32.el7.i686.rpm SHA-256: 2dc8edfdef514ac698102cd05259c2380fd18a67d7e4ab880bbbf3e341a95ffe
libtiff-4.0.3-32.el7.x86_64.rpm SHA-256: b289b1adcda215624be5c191046962b91e6efb924bbd7606ef8f68defee0f495
libtiff-debuginfo-4.0.3-32.el7.i686.rpm SHA-256: 106c519f1500cefd816d2eba335e19a924dc8bb40622ffbc7e7cc2a89b2d5ecc
libtiff-debuginfo-4.0.3-32.el7.i686.rpm SHA-256: 106c519f1500cefd816d2eba335e19a924dc8bb40622ffbc7e7cc2a89b2d5ecc
libtiff-debuginfo-4.0.3-32.el7.x86_64.rpm SHA-256: 7dfe528f7dfa481ce426cca7fdd7a3d01436afe39149fea51a876638d0779179
libtiff-debuginfo-4.0.3-32.el7.x86_64.rpm SHA-256: 7dfe528f7dfa481ce426cca7fdd7a3d01436afe39149fea51a876638d0779179
libtiff-devel-4.0.3-32.el7.i686.rpm SHA-256: fa0411d8f59afcfb69814cfc499d0d4d105713f68199dbfaaf70097e24470904
libtiff-devel-4.0.3-32.el7.x86_64.rpm SHA-256: b43b11555dff85cca2c7eed3d80dec2ec29641c6c6d9e4f448483700435d5ecd
libtiff-static-4.0.3-32.el7.i686.rpm SHA-256: 99f7f8f3172293a7891dea768cd2719c028f98e62c64dc3b943495e7c6c72c01
libtiff-static-4.0.3-32.el7.x86_64.rpm SHA-256: 490f7b944d43c5191faff2a4d8eb03c646e7462f5a85aad2f368ccc1d1b387ba
libtiff-tools-4.0.3-32.el7.x86_64.rpm SHA-256: ed3c2455e1e53ea164a7c658af2c4019345f2c7ec1bd56f9b6ad3da65b540ecf

Red Hat Enterprise Linux Workstation 7

SRPM
libtiff-4.0.3-32.el7.src.rpm SHA-256: 6d9afb86f8c08811e48bae76ed7b9d2a8208e0a11412f6d157b513bb79aab5aa
x86_64
libtiff-4.0.3-32.el7.i686.rpm SHA-256: 2dc8edfdef514ac698102cd05259c2380fd18a67d7e4ab880bbbf3e341a95ffe
libtiff-4.0.3-32.el7.x86_64.rpm SHA-256: b289b1adcda215624be5c191046962b91e6efb924bbd7606ef8f68defee0f495
libtiff-debuginfo-4.0.3-32.el7.i686.rpm SHA-256: 106c519f1500cefd816d2eba335e19a924dc8bb40622ffbc7e7cc2a89b2d5ecc
libtiff-debuginfo-4.0.3-32.el7.i686.rpm SHA-256: 106c519f1500cefd816d2eba335e19a924dc8bb40622ffbc7e7cc2a89b2d5ecc
libtiff-debuginfo-4.0.3-32.el7.x86_64.rpm SHA-256: 7dfe528f7dfa481ce426cca7fdd7a3d01436afe39149fea51a876638d0779179
libtiff-debuginfo-4.0.3-32.el7.x86_64.rpm SHA-256: 7dfe528f7dfa481ce426cca7fdd7a3d01436afe39149fea51a876638d0779179
libtiff-devel-4.0.3-32.el7.i686.rpm SHA-256: fa0411d8f59afcfb69814cfc499d0d4d105713f68199dbfaaf70097e24470904
libtiff-devel-4.0.3-32.el7.x86_64.rpm SHA-256: b43b11555dff85cca2c7eed3d80dec2ec29641c6c6d9e4f448483700435d5ecd
libtiff-static-4.0.3-32.el7.i686.rpm SHA-256: 99f7f8f3172293a7891dea768cd2719c028f98e62c64dc3b943495e7c6c72c01
libtiff-static-4.0.3-32.el7.x86_64.rpm SHA-256: 490f7b944d43c5191faff2a4d8eb03c646e7462f5a85aad2f368ccc1d1b387ba
libtiff-tools-4.0.3-32.el7.x86_64.rpm SHA-256: ed3c2455e1e53ea164a7c658af2c4019345f2c7ec1bd56f9b6ad3da65b540ecf

Red Hat Enterprise Linux Desktop 7

SRPM
libtiff-4.0.3-32.el7.src.rpm SHA-256: 6d9afb86f8c08811e48bae76ed7b9d2a8208e0a11412f6d157b513bb79aab5aa
x86_64
libtiff-4.0.3-32.el7.i686.rpm SHA-256: 2dc8edfdef514ac698102cd05259c2380fd18a67d7e4ab880bbbf3e341a95ffe
libtiff-4.0.3-32.el7.x86_64.rpm SHA-256: b289b1adcda215624be5c191046962b91e6efb924bbd7606ef8f68defee0f495
libtiff-debuginfo-4.0.3-32.el7.i686.rpm SHA-256: 106c519f1500cefd816d2eba335e19a924dc8bb40622ffbc7e7cc2a89b2d5ecc
libtiff-debuginfo-4.0.3-32.el7.i686.rpm SHA-256: 106c519f1500cefd816d2eba335e19a924dc8bb40622ffbc7e7cc2a89b2d5ecc
libtiff-debuginfo-4.0.3-32.el7.x86_64.rpm SHA-256: 7dfe528f7dfa481ce426cca7fdd7a3d01436afe39149fea51a876638d0779179
libtiff-debuginfo-4.0.3-32.el7.x86_64.rpm SHA-256: 7dfe528f7dfa481ce426cca7fdd7a3d01436afe39149fea51a876638d0779179
libtiff-devel-4.0.3-32.el7.i686.rpm SHA-256: fa0411d8f59afcfb69814cfc499d0d4d105713f68199dbfaaf70097e24470904
libtiff-devel-4.0.3-32.el7.x86_64.rpm SHA-256: b43b11555dff85cca2c7eed3d80dec2ec29641c6c6d9e4f448483700435d5ecd
libtiff-static-4.0.3-32.el7.i686.rpm SHA-256: 99f7f8f3172293a7891dea768cd2719c028f98e62c64dc3b943495e7c6c72c01
libtiff-static-4.0.3-32.el7.x86_64.rpm SHA-256: 490f7b944d43c5191faff2a4d8eb03c646e7462f5a85aad2f368ccc1d1b387ba
libtiff-tools-4.0.3-32.el7.x86_64.rpm SHA-256: ed3c2455e1e53ea164a7c658af2c4019345f2c7ec1bd56f9b6ad3da65b540ecf

Red Hat Enterprise Linux for IBM z Systems 7

SRPM
libtiff-4.0.3-32.el7.src.rpm SHA-256: 6d9afb86f8c08811e48bae76ed7b9d2a8208e0a11412f6d157b513bb79aab5aa
s390x
libtiff-4.0.3-32.el7.s390.rpm SHA-256: f508ec1c88f132f817d012582bf12ae840366177061354c327154cb83e12dd2b
libtiff-4.0.3-32.el7.s390x.rpm SHA-256: b1737070016f4f3d64db90b50975de5373a059e4bc22cc2bfbb730b8e15ba440
libtiff-debuginfo-4.0.3-32.el7.s390.rpm SHA-256: 134b1af18d4b9ff1899aa0236542002b2d667882eef1b55c76dfb9c7581dfd52
libtiff-debuginfo-4.0.3-32.el7.s390.rpm SHA-256: 134b1af18d4b9ff1899aa0236542002b2d667882eef1b55c76dfb9c7581dfd52
libtiff-debuginfo-4.0.3-32.el7.s390x.rpm SHA-256: 314b13d3d3a91bf189fe1933b5fb9cf4558187321caab95fdd6bbe37584a8856
libtiff-debuginfo-4.0.3-32.el7.s390x.rpm SHA-256: 314b13d3d3a91bf189fe1933b5fb9cf4558187321caab95fdd6bbe37584a8856
libtiff-devel-4.0.3-32.el7.s390.rpm SHA-256: 2eb996350804e5f466021a24020f3dd6bc557d46d7aff2bb63494548b0117cab
libtiff-devel-4.0.3-32.el7.s390x.rpm SHA-256: 913d7c1438c44069f8bfc1451bb7a2baa2a404a8ddc7c254e45aa1605a43cc50
libtiff-static-4.0.3-32.el7.s390.rpm SHA-256: fc24f01ea9c79b6281ab5f9c81f1c370ae2d1ea25a225702d4b7be6ee0168df2
libtiff-static-4.0.3-32.el7.s390x.rpm SHA-256: 99389b1f60764366f414c09c8550379176111c588243d33ba52d7ab7efb7cb34
libtiff-tools-4.0.3-32.el7.s390x.rpm SHA-256: aee12120dbbe9ff898bf36951210b7635a19edd3aa8792925282d62cef688d09

Red Hat Enterprise Linux for Power, big endian 7

SRPM
libtiff-4.0.3-32.el7.src.rpm SHA-256: 6d9afb86f8c08811e48bae76ed7b9d2a8208e0a11412f6d157b513bb79aab5aa
ppc64
libtiff-4.0.3-32.el7.ppc.rpm SHA-256: 4fa5a9a7eed94b1817f763e962277404e46ce3c45a901c41835e3c369b0d3baa
libtiff-4.0.3-32.el7.ppc64.rpm SHA-256: 0c5e048bd5cb8f164914c89bd50b8c861a887a980099bb6cae38fefd356b8a95
libtiff-debuginfo-4.0.3-32.el7.ppc.rpm SHA-256: bc51c52c26bb8810337a67488c6587d58e449a047b64f912048f81df818e7e5a
libtiff-debuginfo-4.0.3-32.el7.ppc.rpm SHA-256: bc51c52c26bb8810337a67488c6587d58e449a047b64f912048f81df818e7e5a
libtiff-debuginfo-4.0.3-32.el7.ppc64.rpm SHA-256: 0c1d95f7199accebd747c5ce552f95a21db1571fdd8e4a933cd28ca09424bf82
libtiff-debuginfo-4.0.3-32.el7.ppc64.rpm SHA-256: 0c1d95f7199accebd747c5ce552f95a21db1571fdd8e4a933cd28ca09424bf82
libtiff-devel-4.0.3-32.el7.ppc.rpm SHA-256: aa217daf82b24a30709bc0f4d91804cc886a4223de20c1b27d9cd18192284ef8
libtiff-devel-4.0.3-32.el7.ppc64.rpm SHA-256: f88c3ffa85a2023e6ef6fc9d8b255e446e3012a17cbd79adb6b97fac9fa60ad6
libtiff-static-4.0.3-32.el7.ppc.rpm SHA-256: 113b1f61462a65de788420d4b35356fb7aac5d4fbe1cb51d634b247489241924
libtiff-static-4.0.3-32.el7.ppc64.rpm SHA-256: 57ee5b248feefa63a6b44a4aa9060f44df6d40cc4f17f1fae4ae911e417e3897
libtiff-tools-4.0.3-32.el7.ppc64.rpm SHA-256: f33f01ae01f2bbaebf0698b9ef1b1a69feed9ecd24ac1ddf931e6292aa7bad49

Red Hat Enterprise Linux for Scientific Computing 7

SRPM
libtiff-4.0.3-32.el7.src.rpm SHA-256: 6d9afb86f8c08811e48bae76ed7b9d2a8208e0a11412f6d157b513bb79aab5aa
x86_64
libtiff-4.0.3-32.el7.i686.rpm SHA-256: 2dc8edfdef514ac698102cd05259c2380fd18a67d7e4ab880bbbf3e341a95ffe
libtiff-4.0.3-32.el7.x86_64.rpm SHA-256: b289b1adcda215624be5c191046962b91e6efb924bbd7606ef8f68defee0f495
libtiff-debuginfo-4.0.3-32.el7.i686.rpm SHA-256: 106c519f1500cefd816d2eba335e19a924dc8bb40622ffbc7e7cc2a89b2d5ecc
libtiff-debuginfo-4.0.3-32.el7.i686.rpm SHA-256: 106c519f1500cefd816d2eba335e19a924dc8bb40622ffbc7e7cc2a89b2d5ecc
libtiff-debuginfo-4.0.3-32.el7.x86_64.rpm SHA-256: 7dfe528f7dfa481ce426cca7fdd7a3d01436afe39149fea51a876638d0779179
libtiff-debuginfo-4.0.3-32.el7.x86_64.rpm SHA-256: 7dfe528f7dfa481ce426cca7fdd7a3d01436afe39149fea51a876638d0779179
libtiff-devel-4.0.3-32.el7.i686.rpm SHA-256: fa0411d8f59afcfb69814cfc499d0d4d105713f68199dbfaaf70097e24470904
libtiff-devel-4.0.3-32.el7.x86_64.rpm SHA-256: b43b11555dff85cca2c7eed3d80dec2ec29641c6c6d9e4f448483700435d5ecd
libtiff-static-4.0.3-32.el7.i686.rpm SHA-256: 99f7f8f3172293a7891dea768cd2719c028f98e62c64dc3b943495e7c6c72c01
libtiff-static-4.0.3-32.el7.x86_64.rpm SHA-256: 490f7b944d43c5191faff2a4d8eb03c646e7462f5a85aad2f368ccc1d1b387ba
libtiff-tools-4.0.3-32.el7.x86_64.rpm SHA-256: ed3c2455e1e53ea164a7c658af2c4019345f2c7ec1bd56f9b6ad3da65b540ecf

Red Hat Enterprise Linux for Power, little endian 7

SRPM
libtiff-4.0.3-32.el7.src.rpm SHA-256: 6d9afb86f8c08811e48bae76ed7b9d2a8208e0a11412f6d157b513bb79aab5aa
ppc64le
libtiff-4.0.3-32.el7.ppc64le.rpm SHA-256: 9f7389f09ef46679391046bde3c436434822aeaa689ff04eecae4d4329d71e64
libtiff-debuginfo-4.0.3-32.el7.ppc64le.rpm SHA-256: a7c24760dbdd5f26aff63c3505cbb203a4ec9a7440c6cc939604b0ebc981c1f7
libtiff-debuginfo-4.0.3-32.el7.ppc64le.rpm SHA-256: a7c24760dbdd5f26aff63c3505cbb203a4ec9a7440c6cc939604b0ebc981c1f7
libtiff-devel-4.0.3-32.el7.ppc64le.rpm SHA-256: a146cbaa82aad8ecc3969d2e60703db61a4d6e770cd5fb40224fe8165916a654
libtiff-static-4.0.3-32.el7.ppc64le.rpm SHA-256: 1f34f26c2c8c39d2fb89369a462f3119b879280d1e906035d7d366c91bd60a5d
libtiff-tools-4.0.3-32.el7.ppc64le.rpm SHA-256: 980a34402bec5406c3894980070c3088a75c0e209fe7d8dd79b2d91dd316efa2

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
2023
  • Privacy Statement
  • Terms of Use
  • All Policies and Guidelines
We've updated our <a href='http://www.redhat.com/en/about/privacy-policy' class='privacy-policy'>Privacy Statement</a> effective September 15, 2023.
Red Hat Summit Red Hat Summit
Twitter