Описание
ELSA-2008-0847: libtiff security and bug fix update (IMPORTANT)
[3.8.2-7.el5.2]
- Use -fno-strict-aliasing per rpmdiff recommendation
[3.8.2-7.el5.1]
- Fix LZW decoding vulnerabilities (CVE-2008-2327) Resolves: #458812
- Remove sgi2tiff.1 and tiffsv.1, since they are for programs we don't ship Resolves: #460120
Обновленные пакеты
Oracle Linux 5
Oracle Linux x86_64
libtiff
3.8.2-7.el5_2.2
libtiff-devel
3.8.2-7.el5_2.2
Oracle Linux i386
libtiff
3.8.2-7.el5_2.2
libtiff-devel
3.8.2-7.el5_2.2
Связанные CVE
Связанные уязвимости
Multiple buffer underflows in the (1) LZWDecode, (2) LZWDecodeCompat, and (3) LZWDecodeVector functions in tif_lzw.c in the LZW decoder in LibTIFF 3.8.2 and earlier allow context-dependent attackers to execute arbitrary code via a crafted TIFF file, related to improper handling of the CODE_CLEAR code.
Multiple buffer underflows in the (1) LZWDecode, (2) LZWDecodeCompat, and (3) LZWDecodeVector functions in tif_lzw.c in the LZW decoder in LibTIFF 3.8.2 and earlier allow context-dependent attackers to execute arbitrary code via a crafted TIFF file, related to improper handling of the CODE_CLEAR code.
Multiple buffer underflows in the (1) LZWDecode, (2) LZWDecodeCompat, and (3) LZWDecodeVector functions in tif_lzw.c in the LZW decoder in LibTIFF 3.8.2 and earlier allow context-dependent attackers to execute arbitrary code via a crafted TIFF file, related to improper handling of the CODE_CLEAR code.
Multiple buffer underflows in the (1) LZWDecode, (2) LZWDecodeCompat, ...
Multiple buffer underflows in the (1) LZWDecode, (2) LZWDecodeCompat, and (3) LZWDecodeVector functions in tif_lzw.c in the LZW decoder in LibTIFF 3.8.2 and earlier allow context-dependent attackers to execute arbitrary code via a crafted TIFF file, related to improper handling of the CODE_CLEAR code.