New Search

RHSA-2008:0847 -- libtiff security and bug fix update (Important)

oval:org.mitre.oval:def:28973

Updated libtiff packages that fix a security issue and a bug are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Multiple uses of uninitialized values were discovered in libtiff's Lempel-Ziv-Welch (LZW) compression algorithm decoder. An attacker could create a carefully crafted LZW-encoded TIFF file that would cause an application linked with libtiff to crash or possibly execute arbitrary code. (CVE-2008-2327)

Family:
unix
Status:
ACCEPTED
Platform(s):
  • CentOS Linux 5
  • Red Hat Enterprise Linux 5
Class:
patch
Reference(s):
  • RHSA-2008:0847
  • CESA-2008:0847-CentOS 5
  • CVE-2008-2327
Product(s):
  • libtiff