SciLinux: CVE-2011-1167 Critical: libtiff Buffer Overflow Issue

Mar 29, 2011 •

LinuxSecurity Advisories

1 - 2 min read

Scientific Large Esm H500

Topics Covered

security advisory security update buffer overflow critical libtiff Scientific Linux i386/x86_64

Important: libtiff security and bug fix update

Date: Tue, 29 Mar 2011 17:11:05 -0500
Reply-To: Connie Sieh 
Sender: Security Errata for Scientific Linux

From: Connie Sieh 
Subject: Security ERRATA Important: libtiff on SL4.x i386/x86_64
Comments: To: scientific 
MIME-Version: 1.0

This ERRATA for SL 4.x i386/x86_64 is now available from:

-------------------------------------------------------------------------
Synopsis: Important: libtiff security and bug fix update
Issue date: 2011-03-29
CVE Names: CVE-2011-1167

A heap-based buffer overflow flaw was found in the way libtiff processed
certain TIFF files encoded with a 4-bit run-length encoding scheme from
ThunderScan. An attacker could use this flaw to create a specially-crafted
TIFF file that, when opened, would cause an application linked against
libtiff to crash or, possibly, execute arbitrary code. (CVE-2011-1167)

This update also fixes the following bug:

* A prior libtiff update introduced a regression that prevented
certain TIFF Internet Fax image files, compressed with the CCITT Group 4
compression algorithm, from being read. (BZ#688825)

----------------------------------------------------------------------------
SL 4.x

SRPMS:

 	libtiff-3.6.1-18.el4.src.rpm

i386:

 	libtiff-3.6.1-18.el4.i386.rpm
 	libtiff-devel-3.6.1-18.el4.i386.rpm

x86_64:

 	libtiff-3.6.1-18.el4.i386.rpm
 	libtiff-3.6.1-18.el4.x86_64.rpm
 	libtiff-devel-3.6.1-18.el4.x86_64.rpm

-Connie Sieh
-Troy Dawson

Powered By

Linux Security Footer

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Your message here