Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 584
Alerts This Week
Warning Icon 1 584

Scientific Linux: SLSA-2014:0223-1 Moderate: libtiff Buffer Overflow Threat

Scientific Large Esm H446
Moderate: libtiff security update
Date: Thu, 27 Feb 2014 20:17:25 +0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Moderate: libtiff on SL5.x i386/x86_64
MIME-Version: 1.0

Synopsis: Moderate: libtiff security update
Advisory ID: SLSA-2014:0223-1
Issue Date: 2014-02-27
CVE Numbers: CVE-2013-1961
 CVE-2013-1960
 CVE-2013-4231
 CVE-2013-4232
 CVE-2013-4243
 CVE-2013-4244
--

A heap-based buffer overflow and a use-after-free flaw were found in the
tiff2pdf tool. An attacker could use these flaws to create a specially
crafted TIFF file that would cause tiff2pdf to crash or, possibly, execute
arbitrary code. (CVE-2013-1960, CVE-2013-4232)

Multiple buffer overflow flaws were found in the gif2tiff tool. An
attacker could use these flaws to create a specially crafted GIF file that
could cause gif2tiff to crash or, possibly, execute arbitrary code.
(CVE-2013-4231, CVE-2013-4243, CVE-2013-4244)

Multiple buffer overflow flaws were found in the tiff2pdf tool. An
attacker could use these flaws to create a specially crafted TIFF file
that would cause tiff2pdf to crash. (CVE-2013-1961)

All running applications linked against libtiff must be restarted for this
update to take effect.
--

SL5
 x86_64
 libtiff-3.8.2-19.el5_10.i386.rpm
 libtiff-3.8.2-19.el5_10.x86_64.rpm
 libtiff-debuginfo-3.8.2-19.el5_10.i386.rpm
 libtiff-debuginfo-3.8.2-19.el5_10.x86_64.rpm
 libtiff-devel-3.8.2-19.el5_10.i386.rpm
 libtiff-devel-3.8.2-19.el5_10.x86_64.rpm
 i386
 libtiff-3.8.2-19.el5_10.i386.rpm
 libtiff-debuginfo-3.8.2-19.el5_10.i386.rpm
 libtiff-devel-3.8.2-19.el5_10.i386.rpm

- Scientific Linux Development Team