Red Hat: RHSA-2004:577-01 Critical: Libtiff Overflow and Crash Risk
Oct 22, 2004
•
LinuxSecurity Advisories
3 - 6 min read
Updated libtiff packages that fix various buffer and integer overflows are now available.
---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Updated libtiff packages
Advisory ID: RHSA-2004:577-01
Issue date: 2004-10-22
Updated on: 2004-10-22
Product: Red Hat Enterprise Linux
CVE Names: CAN-2004-0803 CAN-2004-0886 CAN-2004-0804
---------------------------------------------------------------------
1. Summary:
Updated libtiff packages that fix various buffer and integer overflows are
now available.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
3. Problem description:
The libtiff package contains a library of functions for manipulating TIFF
(Tagged Image File Format) image format files. TIFF is a widely used file
format for bitmapped images.
During a source code audit, Chris Evans discovered a number of integer
overflow bugs that affect libtiff. An attacker who has the ability to trick
a user into opening a malicious TIFF file could cause the application
linked to libtiff to crash or possibly execute arbitrary code. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
names CAN-2004-0886 and CAN-2004-0804 to these issues.
Additionally, a number of buffer overflow bugs that affect libtiff have
been found. An attacker who has the ability to trick a user into opening a
malicious TIFF file could cause the application linked to libtiff to crash
or possibly execute arbitrary code. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-0803 to
this issue.
All users are advised to upgrade to these errata packages, which contain
fixes for these issues.
4. Solution:
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:
https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/10/
5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info):
134847 - CAN-2004-0803 buffer overflows in libtiff
134850 - CAN-2004-0886 multiple integer overflows in libtiff
6. RPMs required:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1:
SRPMS:
81fdc07747655ddf15df50f3e091bd88 libtiff-3.5.5-17.src.rpm
i386:
3c3cfb6ea1d426f7dfaf3eba049b01fa libtiff-3.5.5-17.i386.rpm
bed65897ba0f56dd646cfe108d16ec53 libtiff-devel-3.5.5-17.i386.rpm
ia64:
2dd106332e7f94e7c1b68a259b697527 libtiff-3.5.5-17.ia64.rpm
f55c05ad31942a5c55e05afc3f1cffac libtiff-devel-3.5.5-17.ia64.rpm
Red Hat Linux Advanced Workstation 2.1:
SRPMS:
81fdc07747655ddf15df50f3e091bd88 libtiff-3.5.5-17.src.rpm
ia64:
2dd106332e7f94e7c1b68a259b697527 libtiff-3.5.5-17.ia64.rpm
f55c05ad31942a5c55e05afc3f1cffac libtiff-devel-3.5.5-17.ia64.rpm
Red Hat Enterprise Linux ES version 2.1:
SRPMS:
81fdc07747655ddf15df50f3e091bd88 libtiff-3.5.5-17.src.rpm
i386:
3c3cfb6ea1d426f7dfaf3eba049b01fa libtiff-3.5.5-17.i386.rpm
bed65897ba0f56dd646cfe108d16ec53 libtiff-devel-3.5.5-17.i386.rpm
Red Hat Enterprise Linux WS version 2.1:
SRPMS:
81fdc07747655ddf15df50f3e091bd88 libtiff-3.5.5-17.src.rpm
i386:
3c3cfb6ea1d426f7dfaf3eba049b01fa libtiff-3.5.5-17.i386.rpm
bed65897ba0f56dd646cfe108d16ec53 libtiff-devel-3.5.5-17.i386.rpm
Red Hat Enterprise Linux AS version 3:
SRPMS:
63d28c10b3bd0c697395b236c675fc79 libtiff-3.5.7-20.1.src.rpm
i386:
818848dcbf461a6f37790579d8c80f0f libtiff-3.5.7-20.1.i386.rpm
41d907de858669e84d1a2c9bad3c5051 libtiff-devel-3.5.7-20.1.i386.rpm
ia64:
223bd77614b274ea88e82cc2b7179fc5 libtiff-3.5.7-20.1.ia64.rpm
818848dcbf461a6f37790579d8c80f0f libtiff-3.5.7-20.1.i386.rpm
f28363290fa144bdc459ff3804cdf5aa libtiff-devel-3.5.7-20.1.ia64.rpm
ppc:
10659dd13f97307f8066a4807f941264 libtiff-3.5.7-20.1.ppc.rpm
b439935cb94f59e804e51ec43bf1f990 libtiff-3.5.7-20.1.ppc64.rpm
baf93839e20c42f0a60690a19eabd883 libtiff-devel-3.5.7-20.1.ppc.rpm
s390:
1455a42e3976cae523bf87e3708ff35e libtiff-3.5.7-20.1.s390.rpm
8a4ba4c7c08f3c7774b1596ff10ba15a libtiff-devel-3.5.7-20.1.s390.rpm
s390x:
a3be3779774c347e96d761cbd97ff898 libtiff-3.5.7-20.1.s390x.rpm
1455a42e3976cae523bf87e3708ff35e libtiff-3.5.7-20.1.s390.rpm
bc686fba5bea3978cdfaa99134615e77 libtiff-devel-3.5.7-20.1.s390x.rpm
x86_64:
47246fe4da56c5bd5c75c35a50d7ad7c libtiff-3.5.7-20.1.x86_64.rpm
818848dcbf461a6f37790579d8c80f0f libtiff-3.5.7-20.1.i386.rpm
51458cc4571eff6f68fa528b19acbd68 libtiff-devel-3.5.7-20.1.x86_64.rpm
Red Hat Desktop version 3:
SRPMS:
63d28c10b3bd0c697395b236c675fc79 libtiff-3.5.7-20.1.src.rpm
i386:
818848dcbf461a6f37790579d8c80f0f libtiff-3.5.7-20.1.i386.rpm
41d907de858669e84d1a2c9bad3c5051 libtiff-devel-3.5.7-20.1.i386.rpm
x86_64:
47246fe4da56c5bd5c75c35a50d7ad7c libtiff-3.5.7-20.1.x86_64.rpm
818848dcbf461a6f37790579d8c80f0f libtiff-3.5.7-20.1.i386.rpm
51458cc4571eff6f68fa528b19acbd68 libtiff-devel-3.5.7-20.1.x86_64.rpm
Red Hat Enterprise Linux ES version 3:
SRPMS:
63d28c10b3bd0c697395b236c675fc79 libtiff-3.5.7-20.1.src.rpm
i386:
818848dcbf461a6f37790579d8c80f0f libtiff-3.5.7-20.1.i386.rpm
41d907de858669e84d1a2c9bad3c5051 libtiff-devel-3.5.7-20.1.i386.rpm
ia64:
223bd77614b274ea88e82cc2b7179fc5 libtiff-3.5.7-20.1.ia64.rpm
818848dcbf461a6f37790579d8c80f0f libtiff-3.5.7-20.1.i386.rpm
f28363290fa144bdc459ff3804cdf5aa libtiff-devel-3.5.7-20.1.ia64.rpm
x86_64:
47246fe4da56c5bd5c75c35a50d7ad7c libtiff-3.5.7-20.1.x86_64.rpm
818848dcbf461a6f37790579d8c80f0f libtiff-3.5.7-20.1.i386.rpm
51458cc4571eff6f68fa528b19acbd68 libtiff-devel-3.5.7-20.1.x86_64.rpm
Red Hat Enterprise Linux WS version 3:
SRPMS:
63d28c10b3bd0c697395b236c675fc79 libtiff-3.5.7-20.1.src.rpm
i386:
818848dcbf461a6f37790579d8c80f0f libtiff-3.5.7-20.1.i386.rpm
41d907de858669e84d1a2c9bad3c5051 libtiff-devel-3.5.7-20.1.i386.rpm
ia64:
223bd77614b274ea88e82cc2b7179fc5 libtiff-3.5.7-20.1.ia64.rpm
818848dcbf461a6f37790579d8c80f0f libtiff-3.5.7-20.1.i386.rpm
f28363290fa144bdc459ff3804cdf5aa libtiff-devel-3.5.7-20.1.ia64.rpm
x86_64:
47246fe4da56c5bd5c75c35a50d7ad7c libtiff-3.5.7-20.1.x86_64.rpm
818848dcbf461a6f37790579d8c80f0f libtiff-3.5.7-20.1.i386.rpm
51458cc4571eff6f68fa528b19acbd68 libtiff-devel-3.5.7-20.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
7. References:
CVE -CVE-2004-0803
CVE -CVE-2004-0886
CVE -CVE-2004-0804
8. Contact:
The Red Hat security contact is <This email address is being protected from spambots. You need JavaScript enabled to view it. >. More contact
details at
Copyright 2004 Red Hat, Inc.
PREVIOUS
NEXT
Red Hat: RHSA-2004:577-01 Critical: Libtiff Overflow and Crash Risk
red hat
October 22, 2004
Updated libtiff packages that fix various buffer and integer overflows are now available.
Solution
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:
https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/10/
5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info):
134847 - CAN-2004-0803 buffer overflows in libtiff
134850 - CAN-2004-0886 multiple integer overflows in libtiff
6. RPMs required:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1:
SRPMS:
81fdc07747655ddf15df50f3e091bd88 libtiff-3.5.5-17.src.rpm
i386:
3c3cfb6ea1d426f7dfaf3eba049b01fa libtiff-3.5.5-17.i386.rpm
bed65897ba0f56dd646cfe108d16ec53 libtiff-devel-3.5.5-17.i386.rpm
ia64:
2dd106332e7f94e7c1b68a259b697527 libtiff-3.5.5-17.ia64.rpm
f55c05ad31942a5c55e05afc3f1cffac libtiff-devel-3.5.5-17.ia64.rpm
Red Hat Linux Advanced Workstation 2.1:
SRPMS:
81fdc07747655ddf15df50f3e091bd88 libtiff-3.5.5-17.src.rpm
ia64:
2dd106332e7f94e7c1b68a259b697527 libtiff-3.5.5-17.ia64.rpm
f55c05ad31942a5c55e05afc3f1cffac libtiff-devel-3.5.5-17.ia64.rpm
Red Hat Enterprise Linux ES version 2.1:
SRPMS:
81fdc07747655ddf15df50f3e091bd88 libtiff-3.5.5-17.src.rpm
i386:
3c3cfb6ea1d426f7dfaf3eba049b01fa libtiff-3.5.5-17.i386.rpm
bed65897ba0f56dd646cfe108d16ec53 libtiff-devel-3.5.5-17.i386.rpm
Red Hat Enterprise Linux WS version 2.1:
SRPMS:
81fdc07747655ddf15df50f3e091bd88 libtiff-3.5.5-17.src.rpm
i386:
3c3cfb6ea1d426f7dfaf3eba049b01fa libtiff-3.5.5-17.i386.rpm
bed65897ba0f56dd646cfe108d16ec53 libtiff-devel-3.5.5-17.i386.rpm
Red Hat Enterprise Linux AS version 3:
SRPMS:
63d28c10b3bd0c697395b236c675fc79 libtiff-3.5.7-20.1.src.rpm
i386:
818848dcbf461a6f37790579d8c80f0f libtiff-3.5.7-20.1.i386.rpm
41d907de858669e84d1a2c9bad3c5051 libtiff-devel-3.5.7-20.1.i386.rpm
ia64:
223bd77614b274ea88e82cc2b7179fc5 libtiff-3.5.7-20.1.ia64.rpm
818848dcbf461a6f37790579d8c80f0f libtiff-3.5.7-20.1.i386.rpm
f28363290fa144bdc459ff3804cdf5aa libtiff-devel-3.5.7-20.1.ia64.rpm
ppc:
10659dd13f97307f8066a4807f941264 libtiff-3.5.7-20.1.ppc.rpm
b439935cb94f59e804e51ec43bf1f990 libtiff-3.5.7-20.1.ppc64.rpm
baf93839e20c42f0a60690a19eabd883 libtiff-devel-3.5.7-20.1.ppc.rpm
s390:
1455a42e3976cae523bf87e3708ff35e libtiff-3.5.7-20.1.s390.rpm
8a4ba4c7c08f3c7774b1596ff10ba15a libtiff-devel-3.5.7-20.1.s390.rpm
s390x:
a3be3779774c347e96d761cbd97ff898 libtiff-3.5.7-20.1.s390x.rpm
1455a42e3976cae523bf87e3708ff35e libtiff-3.5.7-20.1.s390.rpm
bc686fba5bea3978cdfaa99134615e77 libtiff-devel-3.5.7-20.1.s390x.rpm
x86_64:
47246fe4da56c5bd5c75c35a50d7ad7c libtiff-3.5.7-20.1.x86_64.rpm
818848dcbf461a6f37790579d8c80f0f libtiff-3.5.7-20.1.i386.rpm
51458cc4571eff6f68fa528b19acbd68 libtiff-devel-3.5.7-20.1.x86_64.rpm
Red Hat Desktop version 3:
SRPMS:
63d28c10b3bd0c697395b236c675fc79 libtiff-3.5.7-20.1.src.rpm
i386:
818848dcbf461a6f37790579d8c80f0f libtiff-3.5.7-20.1.i386.rpm
41d907de858669e84d1a2c9bad3c5051 libtiff-devel-3.5.7-20.1.i386.rpm
x86_64:
47246fe4da56c5bd5c75c35a50d7ad7c libtiff-3.5.7-20.1.x86_64.rpm
818848dcbf461a6f37790579d8c80f0f libtiff-3.5.7-20.1.i386.rpm
51458cc4571eff6f68fa528b19acbd68 libtiff-devel-3.5.7-20.1.x86_64.rpm
Red Hat Enterprise Linux ES version 3:
SRPMS:
63d28c10b3bd0c697395b236c675fc79 libtiff-3.5.7-20.1.src.rpm
i386:
818848dcbf461a6f37790579d8c80f0f libtiff-3.5.7-20.1.i386.rpm
41d907de858669e84d1a2c9bad3c5051 libtiff-devel-3.5.7-20.1.i386.rpm
ia64:
223bd77614b274ea88e82cc2b7179fc5 libtiff-3.5.7-20.1.ia64.rpm
818848dcbf461a6f37790579d8c80f0f libtiff-3.5.7-20.1.i386.rpm
f28363290fa144bdc459ff3804cdf5aa libtiff-devel-3.5.7-20.1.ia64.rpm
x86_64:
47246fe4da56c5bd5c75c35a50d7ad7c libtiff-3.5.7-20.1.x86_64.rpm
818848dcbf461a6f37790579d8c80f0f libtiff-3.5.7-20.1.i386.rpm
51458cc4571eff6f68fa528b19acbd68 libtiff-devel-3.5.7-20.1.x86_64.rpm
Red Hat Enterprise Linux WS version 3:
SRPMS:
63d28c10b3bd0c697395b236c675fc79 libtiff-3.5.7-20.1.src.rpm
i386:
818848dcbf461a6f37790579d8c80f0f libtiff-3.5.7-20.1.i386.rpm
41d907de858669e84d1a2c9bad3c5051 libtiff-devel-3.5.7-20.1.i386.rpm
ia64:
223bd77614b274ea88e82cc2b7179fc5 libtiff-3.5.7-20.1.ia64.rpm
818848dcbf461a6f37790579d8c80f0f libtiff-3.5.7-20.1.i386.rpm
f28363290fa144bdc459ff3804cdf5aa libtiff-devel-3.5.7-20.1.ia64.rpm
x86_64:
47246fe4da56c5bd5c75c35a50d7ad7c libtiff-3.5.7-20.1.x86_64.rpm
818848dcbf461a6f37790579d8c80f0f libtiff-3.5.7-20.1.i386.rpm
51458cc4571eff6f68fa528b19acbd68 libtiff-devel-3.5.7-20.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
Summary
Package List
Severity
critical
Lowest
Low
Medium
High
Critical
Advisory ID: RHSA-2004:577-01
Issue date: 2004-10-22
Updated on: 2004-10-22
Product: Red Hat Enterprise Linux
Topic
Updated libtiff packages that fix various buffer and integer overflows arenow available.
Relevant Releases Architectures
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Bugs Fixed
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!