Important CentOS libtiff Update

Metadata

high
unknown
libtiff-3.8.2-15.el5_8.i386.rpm, libtiff-3.8.2-15.el5_8.src.rpm, libtiff-3.8.2-15.el5_8.x86_64.rpm, libtiff-3.9.4-6.el6_3.i686.rpm, libtiff-3.9.4-6.el6_3.src.rpm, libtiff-3.9.4-6.el6_3.x86_64.rpm, libtiff-devel-3.8.2-15.el5_8.i386.rpm, libtiff-devel-3.8.2-15.el5_8.x86_64.rpm, libtiff-devel-3.9.4-6.el6_3.i686.rpm, libtiff-devel-3.9.4-6.el6_3.x86_64.rpm, libtiff-static-3.9.4-6.el6_3.i686.rpm, libtiff-static-3.9.4-6.el6_3.x86_64.rpm
rhn.redhat.com, lists.centos.org, lists.centos.org
2012-07-03
2017-07-27 20:03
2017-07-27 19:03
2017-04-01 19:06
2017-01-05 20:10

Description


Updated libtiff packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 5 and 6.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

The libtiff packages contain a library of functions for manipulating Tagged
Image File Format (TIFF) files.

libtiff did not properly convert between signed and unsigned integer
values, leading to a buffer overflow. An attacker could use this flaw to
create a specially-crafted TIFF file that, when opened, would cause an
application linked against libtiff to crash or, possibly, execute arbitrary
code. (CVE-2012-2088)

Multiple integer overflow flaws, leading to heap-based buffer overflows,
were found in the tiff2pdf tool. An attacker could use these flaws to
create a specially-crafted TIFF file that would cause tiff2pdf to crash or,
possibly, execute arbitrary code. (CVE-2012-2113)

All libtiff users should upgrade to these updated packages, which contain
backported patches to resolve these issues. All running applications linked
against libtiff must be restarted for this update to take effect.
Please see https://www.redhat.com/footer/terms-of-use.html

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
5 libtiff libtiff-3.8.2-15.el5_8.i386.rpm
libtiff libtiff-3.8.2-15.el5_8.src.rpm
libtiff libtiff-3.8.2-15.el5_8.x86_64.rpm
libtiff-devel libtiff-devel-3.8.2-15.el5_8.i386.rpm
libtiff-devel libtiff-devel-3.8.2-15.el5_8.x86_64.rpm
6 libtiff libtiff-3.9.4-6.el6_3.i686.rpm
libtiff libtiff-3.9.4-6.el6_3.src.rpm
libtiff libtiff-3.9.4-6.el6_3.x86_64.rpm
libtiff-devel libtiff-devel-3.9.4-6.el6_3.i686.rpm
libtiff-devel libtiff-devel-3.9.4-6.el6_3.x86_64.rpm
libtiff-static libtiff-static-3.9.4-6.el6_3.i686.rpm
libtiff-static libtiff-static-3.9.4-6.el6_3.x86_64.rpm