[SECURITY] Fedora Core 5 Update: libtiff-3.7.4-8

Matthias Clasen mclasen at redhat.com
Wed Aug 2 15:11:39 UTC 2006


---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2006-877
2006-08-02
---------------------------------------------------------------------

Product     : Fedora Core 5
Name        : libtiff
Version     : 3.7.4
Release     : 8
Summary     : Library of functions for manipulating TIFF format image files
Description :
The libtiff package contains a library of functions for manipulating
TIFF (Tagged Image File Format) image format files.  TIFF is a widely
used file format for bitmapped images.  TIFF files usually end in the
.tif extension and they are often quite large.

The libtiff package should be installed if you need to manipulate TIFF
format image files.

---------------------------------------------------------------------
Update Information:

The libtiff package contains a library of functions for
manipulating TIFF (Tagged Image File Format) files.

Tavis Ormandy of Google discovered a number of flaws in
libtiff during a security audit. An attacker could create a
carefully crafted TIFF file in such a way that it was
possible to cause an application linked with libtiff to
crash or possibly execute arbitrary code. (CVE-2006-3459,
CVE-2006-3460, CVE-2006-3461, CVE-2006-3462, CVE-2006-3463,
CVE-2006-3464, CVE-2006-3465)

All users are advised to upgrade to these updated packages,
which contain backported fixes for these issues. 
---------------------------------------------------------------------
* Mon Jul 24 2006 Matthias Clasen <mclasen at redhat.com>
- Fix several vulnerabilities (CVE-2006-3460 CVE-2006-3461
  CVE-2006-3462 CVE-2006-3463 CVE-2006-3464 CVE-2006-3465)

---------------------------------------------------------------------
This update can be downloaded from:
    http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

08e4a9a8f1d7e2eaf8dbe3ffcce73e34e3192205  SRPMS/libtiff-3.7.4-8.src.rpm
08e4a9a8f1d7e2eaf8dbe3ffcce73e34e3192205  noarch/libtiff-3.7.4-8.src.rpm
60f1c0c5b77d3ddd84c89db1a8043e17e260a951  ppc/libtiff-devel-3.7.4-8.ppc.rpm
c2ccb1082dd9a15b1967a0e98958fa1a33d6b09e  ppc/debug/libtiff-debuginfo-3.7.4-8.ppc.rpm
76eac08c94eec6695b5c92977dd504f77cf33002  ppc/libtiff-3.7.4-8.ppc.rpm
a5c9b6ac949b5b3726d9644dbcdc53ed83d4d0e5  x86_64/libtiff-devel-3.7.4-8.x86_64.rpm
6e27e7836a2bf1461c75a3090b449e918a76a639  x86_64/libtiff-3.7.4-8.x86_64.rpm
6a59ff695e3ed94accdd4ad03499798c28ec593e  x86_64/debug/libtiff-debuginfo-3.7.4-8.x86_64.rpm
80cfbbf532055db6817364af7f6692a404441a9e  i386/libtiff-devel-3.7.4-8.i386.rpm
0603b7d203d07e534d0b6796a78d22a8fa95c5a6  i386/libtiff-3.7.4-8.i386.rpm
dd1ba7e95e0d90a103c7adffabe224dc006bf01d  i386/debug/libtiff-debuginfo-3.7.4-8.i386.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.
---------------------------------------------------------------------




More information about the package-announce mailing list