Oval Definition:oval:com.redhat.rhsa:def:20110318
Revision Date:2011-03-03Version:636
Title:RHSA-2011:0318: libtiff security update (Important)
Description:The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files.

  • A heap-based buffer overflow flaw was found in the way libtiff processed certain TIFF Internet Fax image files, compressed with the CCITT Group 4 compression algorithm. An attacker could use this flaw to create a specially-crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. (CVE-2011-0192)

    Red Hat would like to thank Apple Product Security for reporting this issue.

    All libtiff users should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running applications linked against libtiff must be restarted for this update to take effect.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2011-0192
    CVE-2011-0192
    RHSA-2011:0318
    RHSA-2011:0318-01
    RHSA-2011:0318-01
    Platform(s):Red Hat Enterprise Linux 4
    Red Hat Enterprise Linux 5
    Red Hat Enterprise Linux 6
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND
  • libtiff is earlier than 0:3.6.1-17.el4
  • AND libtiff is signed with Red Hat redhatrelease2 key
  • libtiff-devel is earlier than 0:3.6.1-17.el4
  • AND libtiff-devel is signed with Red Hat redhatrelease2 key
  • OR Package Information
  • Red Hat Enterprise Linux 6 is installed
  • AND
  • libtiff is earlier than 0:3.9.4-1.el6_0.1
  • AND libtiff is signed with Red Hat redhatrelease2 key
  • libtiff-devel is earlier than 0:3.9.4-1.el6_0.1
  • AND libtiff-devel is signed with Red Hat redhatrelease2 key
  • libtiff-static is earlier than 0:3.9.4-1.el6_0.1
  • AND libtiff-static is signed with Red Hat redhatrelease2 key
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND
  • libtiff is earlier than 0:3.8.2-7.el5_6.6
  • AND libtiff is signed with Red Hat redhatrelease2 key
  • libtiff-devel is earlier than 0:3.8.2-7.el5_6.6
  • AND libtiff-devel is signed with Red Hat redhatrelease2 key
    • Definition Synopsis
  • Release Information
  • Red Hat Enterprise Linux 6 Client is installed
  • OR Red Hat Enterprise Linux 6 Server is installed
  • OR Red Hat Enterprise Linux 6 Workstation is installed
  • OR Red Hat Enterprise Linux 6 ComputeNode is installed
  • AND
  • libtiff is earlier than 0:3.9.4-1.el6_0.1
  • AND libtiff is signed with Red Hat redhatrelease2 key
  • libtiff-devel is earlier than 0:3.9.4-1.el6_0.1
  • AND libtiff-devel is signed with Red Hat redhatrelease2 key
  • libtiff-static is earlier than 0:3.9.4-1.el6_0.1
  • AND libtiff-static is signed with Red Hat redhatrelease2 key
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND
  • libtiff is earlier than 0:3.6.1-17.el4
  • AND libtiff is signed with Red Hat master key
  • libtiff-devel is earlier than 0:3.6.1-17.el4
  • AND libtiff-devel is signed with Red Hat master key
    • BACK