Lucene search

K
centosCentOS ProjectCESA-2011:0318
HistoryMar 03, 2011 - 3:27 a.m.

libtiff security update

2011-03-0303:27:08
CentOS Project
lists.centos.org
71

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.048

Percentile

92.7%

CentOS Errata and Security Advisory CESA-2011:0318

The libtiff packages contain a library of functions for manipulating Tagged
Image File Format (TIFF) files.

A heap-based buffer overflow flaw was found in the way libtiff processed
certain TIFF Internet Fax image files, compressed with the CCITT Group 4
compression algorithm. An attacker could use this flaw to create a
specially-crafted TIFF file that, when opened, would cause an application
linked against libtiff to crash or, possibly, execute arbitrary code.
(CVE-2011-0192)

Red Hat would like to thank Apple Product Security for reporting this
issue.

All libtiff users should upgrade to these updated packages, which contain a
backported patch to resolve this issue. All running applications linked
against libtiff must be restarted for this update to take effect.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2011-April/079523.html
https://lists.centos.org/pipermail/centos-announce/2011-April/079524.html
https://lists.centos.org/pipermail/centos-announce/2011-March/079418.html
https://lists.centos.org/pipermail/centos-announce/2011-March/079419.html

Affected packages:
libtiff
libtiff-devel

Upstream details at:
https://access.redhat.com/errata/RHSA-2011:0318

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.048

Percentile

92.7%