Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Fedora Core 4: 2006-878 Critical: libtiff Image Flaws Leading To Crashes

fedora
Calendar Grey August 2, 2006
Dist Fedora Esm H88
Essential patch for Fedora Core 4's libjpeg fixes various vulnerabilities causing crashes and potential arbitrary code execution.
The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) files

Summary

The libtiff package contains a library of functions for manipulating

TIFF (Tagged Image File Format) image format files. TIFF is a widely

used file format for bitmapped images. TIFF files usually end in the

.tif extension and they are often quite large.

The libtiff package should be installed if you need to manipulate TIFF

format image files.

The libtiff package contains a library of functions for

manipulating TIFF (Tagged Image File Format) files.

Tavis Ormandy of Google discovered a number of flaws in

libtiff during a security audit. An attacker could create a

carefully crafted TIFF file in such a way that it was

possible to cause an application linked with libtiff to

crash or possibly execute arbitrary code. (CVE-2006-3459,

CVE-2006-3460, CVE-2006-3461, CVE-2006-3462, CVE-2006-3463,

CVE-2006-3464, CVE-2006-3465)

All users are advised to upgrade to these updated packages,

which contain backported fixes for these issues.

- Fix several vulnerabilities (CVE-2006-3460 CVE-2006-3461

CVE-2006-3462 CVE-2006-3463 CVE-2006-3464 CVE-2006-3465)

e25a0090188f4a25e04b23d9dabf8618dcd5560a SRPMS/libtiff-3.7.1-6.fc4.3.src.rpm

e25a0090188f4a25e04b23d9dabf8618dcd5560a noarch/libtiff-3.7.1-6.fc4.3.src.rpm

0d920d3854947dd1b5ea6035f6462763e252d6c4 ppc/libtiff-3.7.1-6.fc4.3.ppc.rpm

f39962656b7efcc8e657427ed2ef51df590aa216 ppc/libtiff-devel-3.7.1-6.fc4.3.ppc.rpm

5f7f56f8e3c0f504a2dc5960cb5d884e54f9c349 ppc/debug/libtiff-debuginfo-3.7.1-6.fc4.3.ppc.rpm

6e45b6be8f666e508e3de4b9c30aab09b57378a2 x86_64/libtiff-3.7.1-6.fc4.3.x86_64.rpm

cee15750ace41bfa7e5a3b22d3883010a837febd x86_64/libtiff-devel-3.7.1-6.fc4.3.x86_64.rpm

9d9f9b1ceb5db2ac47667644eb5bd43944d69ea7 x86_64/debug/libtiff-debuginfo-3.7.1-6.fc4.3.x86_64.rpm

12dcfb0c2a959d9da7f581b4c1b93aca0861567d i386/libtiff-3.7.1-6.fc4.3.i386.rpm

ad5847f0d6196a9782fc72e80a1b14fabfbffa93 i386/libtiff-devel-3.7.1-6.fc4.3.i386.rpm

6d158f79ae88e9e9fe44e776064bd108532b07f9 i386/debug/libtiff-debuginfo-3.7.1-6.fc4.3.i386.rpm

This update can be installed with the 'yum' update program. Use 'yum update

package-name' at the command line. For more information, refer to 'Managing

Software with yum,' available at .

Fedora-package-announce mailing list

Fedora-package-announce@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Topics%20covered

Topics Covered

security advisory fedora update critical code execution image decoding libtiff

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Name: libtiff
Version: 3.7.1
Release: 6.fc4.3
Summary: A library of functions for manipulating TIFF format image files.

Topics%20covered

Topics Covered

security advisory fedora update critical code execution image decoding libtiff

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here