Oval Definition:oval:com.redhat.rhsa:def:20110452
Revision Date:2011-04-18Version:636
Title:RHSA-2011:0452: libtiff security update (Important)
Description:The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files.

  • A heap-based buffer overflow flaw was found in the way libtiff processed certain TIFF image files that were compressed with the JPEG compression algorithm. An attacker could use this flaw to create a specially-crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. (CVE-2009-5022)

    All libtiff users should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running applications linked against libtiff must be restarted for this update to take effect.
  • Family:unixClass:patch
    Status:Reference(s):CVE-2009-5022
    CVE-2009-5022
    RHSA-2011:0452
    RHSA-2011:0452-01
    RHSA-2011:0452-01
    Platform(s):Red Hat Enterprise Linux 6
    Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 6 is installed
  • AND
  • libtiff is earlier than 0:3.9.4-1.el6_0.3
  • AND libtiff is signed with Red Hat redhatrelease2 key
  • libtiff-devel is earlier than 0:3.9.4-1.el6_0.3
  • AND libtiff-devel is signed with Red Hat redhatrelease2 key
  • libtiff-static is earlier than 0:3.9.4-1.el6_0.3
  • AND libtiff-static is signed with Red Hat redhatrelease2 key
  • BACK