Oval Definition:oval:com.redhat.rhsa:def:20170225
Revision Date:2017-02-01Version:638
Title:RHSA-2017:0225: libtiff security update (Moderate)
Description:The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files.

Security Fix(es):

  • Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processing specially crafted files. (CVE-2016-9533, CVE-2016-9534, CVE-2016-9535)

  • Multiple flaws have been discovered in various libtiff tools (tiff2pdf, tiffcrop, tiffcp, bmp2tiff). By tricking a user into processing a specially crafted file, a remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code with the privileges of the user running the libtiff tool. (CVE-2015-8870, CVE-2016-5652, CVE-2016-9540, CVE-2016-9537, CVE-2016-9536)
    • Family:unixClass:patch
    Status:Reference(s):CVE-2015-8870
    CVE-2016-5652
    CVE-2016-9533
    CVE-2016-9534
    CVE-2016-9535
    CVE-2016-9536
    CVE-2016-9537
    CVE-2016-9540
    RHSA-2017:0225
    RHSA-2017:0225-00
    RHSA-2017:0225-01
    RHSA-2017:0225-01
    Platform(s):Red Hat Enterprise Linux 6
    Red Hat Enterprise Linux 7
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 6 is installed
  • AND
  • libtiff is earlier than 0:3.9.4-21.el6_8
  • AND libtiff is signed with Red Hat redhatrelease2 key
  • libtiff-devel is earlier than 0:3.9.4-21.el6_8
  • AND libtiff-devel is signed with Red Hat redhatrelease2 key
  • libtiff-static is earlier than 0:3.9.4-21.el6_8
  • AND libtiff-static is signed with Red Hat redhatrelease2 key
  • OR Package Information
  • Red Hat Enterprise Linux 7 is installed
  • AND
  • libtiff is earlier than 0:4.0.3-27.el7_3
  • AND libtiff is signed with Red Hat redhatrelease2 key
  • libtiff-devel is earlier than 0:4.0.3-27.el7_3
  • AND libtiff-devel is signed with Red Hat redhatrelease2 key
  • libtiff-static is earlier than 0:4.0.3-27.el7_3
  • AND libtiff-static is signed with Red Hat redhatrelease2 key
  • libtiff-tools is earlier than 0:4.0.3-27.el7_3
  • AND libtiff-tools is signed with Red Hat redhatrelease2 key
    • Definition Synopsis
  • Release Information
  • Red Hat Enterprise Linux 6 Client is installed
  • OR Red Hat Enterprise Linux 6 Server is installed
  • OR Red Hat Enterprise Linux 6 Workstation is installed
  • OR Red Hat Enterprise Linux 6 ComputeNode is installed
  • AND
  • libtiff is earlier than 0:3.9.4-21.el6_8
  • AND libtiff is signed with Red Hat redhatrelease2 key
  • libtiff-devel is earlier than 0:3.9.4-21.el6_8
  • AND libtiff-devel is signed with Red Hat redhatrelease2 key
  • libtiff-static is earlier than 0:3.9.4-21.el6_8
  • AND libtiff-static is signed with Red Hat redhatrelease2 key
  • OR Package Information
  • Red Hat Enterprise Linux 7 Client is installed
  • OR Red Hat Enterprise Linux 7 Server is installed
  • OR Red Hat Enterprise Linux 7 Workstation is installed
  • OR Red Hat Enterprise Linux 7 ComputeNode is installed
  • AND
  • libtiff is earlier than 0:4.0.3-27.el7_3
  • AND libtiff is signed with Red Hat redhatrelease2 key
  • libtiff-devel is earlier than 0:4.0.3-27.el7_3
  • AND libtiff-devel is signed with Red Hat redhatrelease2 key
  • libtiff-static is earlier than 0:4.0.3-27.el7_3
  • AND libtiff-static is signed with Red Hat redhatrelease2 key
  • libtiff-tools is earlier than 0:4.0.3-27.el7_3
  • AND libtiff-tools is signed with Red Hat redhatrelease2 key
    • BACK