CentOS Errata and Security Advisory CESA-2006:0603
The libtiff package contains a library of functions for manipulating TIFF
(Tagged Image File Format) files.
Tavis Ormandy of Google discovered a number of flaws in libtiff during a
security audit. An attacker could create a carefully crafted TIFF file in
such a way that it was possible to cause an application linked with libtiff
to crash or possibly execute arbitrary code. (CVE-2006-3459, CVE-2006-3460,
CVE-2006-3461, CVE-2006-3462, CVE-2006-3463, CVE-2006-3464, CVE-2006-3465)
All users are advised to upgrade to these updated packages, which contain
backported fixes for these issues.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2006-August/075267.html
https://lists.centos.org/pipermail/centos-announce/2006-August/075269.html
https://lists.centos.org/pipermail/centos-announce/2006-August/075272.html
https://lists.centos.org/pipermail/centos-announce/2006-August/075274.html
https://lists.centos.org/pipermail/centos-announce/2006-August/075275.html
https://lists.centos.org/pipermail/centos-announce/2006-August/075282.html
https://lists.centos.org/pipermail/centos-announce/2006-August/075283.html
Affected packages:
libtiff
libtiff-devel
Upstream details at:
https://access.redhat.com/errata/RHSA-2006:0603
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 4 | ia64 | libtiff | < 3.6.1-12 | libtiff-3.6.1-12.ia64.rpm |
CentOS | 4 | ia64 | libtiff-devel | < 3.6.1-12 | libtiff-devel-3.6.1-12.ia64.rpm |
CentOS | 4 | alpha | libtiff | < 3.6.1-12 | libtiff-3.6.1-12.alpha.rpm |
CentOS | 4 | alpha | libtiff-devel | < 3.6.1-12 | libtiff-devel-3.6.1-12.alpha.rpm |
CentOS | 3 | ia64 | libtiff | < 3.5.7-25.el3.4 | libtiff-3.5.7-25.el3.4.ia64.rpm |
CentOS | 3 | ia64 | libtiff-devel | < 3.5.7-25.el3.4 | libtiff-devel-3.5.7-25.el3.4.ia64.rpm |
CentOS | 4 | s390 | libtiff | < 3.6.1-12 | libtiff-3.6.1-12.s390.rpm |
CentOS | 4 | s390 | libtiff-devel | < 3.6.1-12 | libtiff-devel-3.6.1-12.s390.rpm |
CentOS | 4 | s390x | libtiff | < 3.6.1-12 | libtiff-3.6.1-12.s390x.rpm |
CentOS | 4 | s390x | libtiff-devel | < 3.6.1-12 | libtiff-devel-3.6.1-12.s390x.rpm |