Oval Definition:oval:com.redhat.rhsa:def:20120468
Revision Date:2012-04-10Version:634
Title:RHSA-2012:0468: libtiff security update (Important)
Description:The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files.

  • Two integer overflow flaws, leading to heap-based buffer overflows, were found in the way libtiff attempted to allocate space for a tile in a TIFF image file. An attacker could use these flaws to create a specially-crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. (CVE-2012-1173)

    All libtiff users should upgrade to these updated packages, which contain a backported patch to resolve these issues. All running applications linked against libtiff must be restarted for this update to take effect.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2012-1173
    CVE-2012-1173
    RHSA-2012:0468
    RHSA-2012:0468-02
    RHSA-2012:0468-02
    Platform(s):Red Hat Enterprise Linux 5
    Red Hat Enterprise Linux 6
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 6 is installed
  • AND
  • libtiff is earlier than 0:3.9.4-5.el6_2
  • AND libtiff is signed with Red Hat redhatrelease2 key
  • libtiff-devel is earlier than 0:3.9.4-5.el6_2
  • AND libtiff-devel is signed with Red Hat redhatrelease2 key
  • libtiff-static is earlier than 0:3.9.4-5.el6_2
  • AND libtiff-static is signed with Red Hat redhatrelease2 key
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND
  • libtiff is earlier than 0:3.8.2-14.el5_8
  • AND libtiff is signed with Red Hat redhatrelease2 key
  • libtiff-devel is earlier than 0:3.8.2-14.el5_8
  • AND libtiff-devel is signed with Red Hat redhatrelease2 key
    • BACK