__________________________________________________________ The U.S. Department of Energy Computer Incident Advisory Capability ___ __ __ _ ___ / | /_\ / \___ __|__ / \ \___ __________________________________________________________ INFORMATION BULLETIN libtiff Security Update [RHSA-2006:0425-5] May 9, 2006 18:00 GMT Number Q-191 [REVISED 30 May 2006] ______________________________________________________________________________ PROBLEM: An integer overflow and several denial of service flaws were discovered in libtiff. PLATFORM: Red Hat Desktop (v. 3, v.4) Red Hat Enterprise Linux AS (v. 2.1, v. 3, v. 4) Red Hat Enterprise Linux ES (v. 2.1, v. 3, v. 4) Red Hat Enterprise Linux WS (v. 2.1, v. 3, v. 4) Debian GNU/Linux 3.1 alias sarge DAMAGE: An attacker could cause an application linked with libtiff to crash or possibly execute arbitrary code. SOLUTION: Apply current patches. ______________________________________________________________________________ VULNERABILITY The risk is LOW - An attacker could cause an application linked ASSESSMENT: with libtiff to crash or possibly execute arbitrary code. ______________________________________________________________________________ LINKS: CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/q-191.shtml ORIGINAL BULLETIN: https://rhn.redhat.com/errata/RHSA-2006-0425.html ADDITIONAL LINK: Debian Security Advisory DSA-1078-1 http://www.debian.org/security/2006/dsa-1078 CVE: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2006-2024, CVE-2006-2025, CVE-2006-2026, CVE-2006-2120 ______________________________________________________________________________ REVISION HISTORY: 05/30/2006 - added a link to Debian Security Advisory DSA-1078-1 for Debian GNU/Linux 3.1 alias sarge. [***** Start RHSA-2006:0425-5 *****] Important: libtiff security update Advisory: RHSA-2006:0425-5 Type: Security Advisory Issued on: 2006-05-09 Last updated on: 2006-05-09 Affected Products: Red Hat Desktop (v. 3) Red Hat Desktop (v. 4) Red Hat Enterprise Linux AS (v. 2.1) Red Hat Enterprise Linux AS (v. 3) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux ES (v. 2.1) Red Hat Enterprise Linux ES (v. 3) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 2.1) Red Hat Enterprise Linux WS (v. 3) Red Hat Enterprise Linux WS (v. 4) Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor CVEs (cve.mitre.org): CVE-2006-2024 CVE-2006-2025 CVE-2006-2026 CVE-2006-2120 Details Updated libtiff packages that fix several security flaws are now available for Red Hat Enterprise Linux. This update has been rated as having important security impact by the Red Hat Security Response Team. The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. An integer overflow flaw was discovered in libtiff. An attacker could create a carefully crafted TIFF file in such a way that it could cause an application linked with libtiff to crash or possibly execute arbitrary code. (CVE-2006-2025) A double free flaw was discovered in libtiff. An attacker could create a carefully crafted TIFF file in such a way that it could cause an application linked with libtiff to crash or possibly execute arbitrary code. (CVE-2006-2026) Several denial of service flaws were discovered in libtiff. An attacker could create a carefully crafted TIFF file in such a way that it could cause an application linked with libtiff to crash. (CVE-2006-2024, CVE-2006-2120) All users are advised to upgrade to these updated packages, which contain backported fixes for these issues. Solution Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. Updated packages Red Hat Desktop (v. 3) -------------------------------------------------------------------------------- SRPMS: libtiff-3.5.7-25.el3.1.src.rpm 1490807b5d6fbda4ee076ea8f5680fee IA-32: libtiff-3.5.7-25.el3.1.i386.rpm 24db138a653e9c931fab2f6e78450c6f libtiff-devel-3.5.7-25.el3.1.i386.rpm cfaef3999623396ab3024ebe7e38335b x86_64: libtiff-3.5.7-25.el3.1.i386.rpm 24db138a653e9c931fab2f6e78450c6f libtiff-3.5.7-25.el3.1.x86_64.rpm 7f9c8bb211fbdb36a0d45f80b4ba3a91 libtiff-devel-3.5.7-25.el3.1.x86_64.rpm 26133072ae5ea80696b2fdf5241c3d99 Red Hat Desktop (v. 4) -------------------------------------------------------------------------------- SRPMS: libtiff-3.6.1-10.src.rpm f187e5faa4a9e9217decb8226ab1f320 IA-32: libtiff-3.6.1-10.i386.rpm 7ed5bd7e2376a403e733737ca8f258ab libtiff-devel-3.6.1-10.i386.rpm 65b8fe42255d336352887a472a5fb029 x86_64: libtiff-3.6.1-10.i386.rpm 7ed5bd7e2376a403e733737ca8f258ab libtiff-3.6.1-10.x86_64.rpm e390b83c9f71ffedab52f7e53fe09827 libtiff-devel-3.6.1-10.x86_64.rpm 562f7e95d243e4d69cbe123eb14bf947 Red Hat Enterprise Linux AS (v. 2.1) -------------------------------------------------------------------------------- SRPMS: libtiff-3.5.7-30.el2.1.src.rpm 87e92d44fcc7ce77758132833ad900cb IA-32: libtiff-3.5.7-30.el2.1.i386.rpm f551309d6c28a7116a54634908d57f9d libtiff-devel-3.5.7-30.el2.1.i386.rpm 64aa285808fcd3e1d5e52e9c9c84e712 IA-64: libtiff-3.5.7-30.el2.1.ia64.rpm 9274af2e436ec05555f326fc02293756 libtiff-devel-3.5.7-30.el2.1.ia64.rpm 93f02f4b82ab1e9a7d1e088cefc6bf82 Red Hat Enterprise Linux AS (v. 3) -------------------------------------------------------------------------------- SRPMS: libtiff-3.5.7-25.el3.1.src.rpm 1490807b5d6fbda4ee076ea8f5680fee IA-32: libtiff-3.5.7-25.el3.1.i386.rpm 24db138a653e9c931fab2f6e78450c6f libtiff-devel-3.5.7-25.el3.1.i386.rpm cfaef3999623396ab3024ebe7e38335b IA-64: libtiff-3.5.7-25.el3.1.i386.rpm 24db138a653e9c931fab2f6e78450c6f libtiff-3.5.7-25.el3.1.ia64.rpm dcd1eae2ccb0544c5c63643ef51be812 libtiff-devel-3.5.7-25.el3.1.ia64.rpm 091a246db5120a322b0bf562d0b44142 PPC: libtiff-3.5.7-25.el3.1.ppc.rpm 08d9bfb07060faabdc1eaf9f85557fd9 libtiff-3.5.7-25.el3.1.ppc64.rpm 9b6467e3e2ccc62833c17c103e94b3c9 libtiff-devel-3.5.7-25.el3.1.ppc.rpm e0b1e68eb2f3cf750ac5d690705735ea s390: libtiff-3.5.7-25.el3.1.s390.rpm b0c32ff31e6d57030137ceea7d62eb6b libtiff-devel-3.5.7-25.el3.1.s390.rpm 268f9aceccf4f4436f5b84253abbf340 s390x: libtiff-3.5.7-25.el3.1.s390.rpm b0c32ff31e6d57030137ceea7d62eb6b libtiff-3.5.7-25.el3.1.s390x.rpm 108dbc6bc9a7c923ec735c64bc52ec71 libtiff-devel-3.5.7-25.el3.1.s390x.rpm a35d361c5b96ecb2fd13d0455294d18a x86_64: libtiff-3.5.7-25.el3.1.i386.rpm 24db138a653e9c931fab2f6e78450c6f libtiff-3.5.7-25.el3.1.x86_64.rpm 7f9c8bb211fbdb36a0d45f80b4ba3a91 libtiff-devel-3.5.7-25.el3.1.x86_64.rpm 26133072ae5ea80696b2fdf5241c3d99 Red Hat Enterprise Linux AS (v. 4) -------------------------------------------------------------------------------- SRPMS: libtiff-3.6.1-10.src.rpm f187e5faa4a9e9217decb8226ab1f320 IA-32: libtiff-3.6.1-10.i386.rpm 7ed5bd7e2376a403e733737ca8f258ab libtiff-devel-3.6.1-10.i386.rpm 65b8fe42255d336352887a472a5fb029 IA-64: libtiff-3.6.1-10.i386.rpm 7ed5bd7e2376a403e733737ca8f258ab libtiff-3.6.1-10.ia64.rpm 7c3512460660ced6b5c37cc824bf4f8c libtiff-devel-3.6.1-10.ia64.rpm fe810c4f0117fff2a78dd12102e0fc5f PPC: libtiff-3.6.1-10.ppc.rpm 689acd25b3a5e061cfeba66ec7e4bb6b libtiff-3.6.1-10.ppc64.rpm 832b748b65e89e395e67a371a4853190 libtiff-devel-3.6.1-10.ppc.rpm 11f03497cc931183e82b9ad134e6014d s390: libtiff-3.6.1-10.s390.rpm e673fb7053252c168b2b107181c466c8 libtiff-devel-3.6.1-10.s390.rpm 2df1d55c020d38bbd9c7ffbbf5673404 s390x: libtiff-3.6.1-10.s390.rpm e673fb7053252c168b2b107181c466c8 libtiff-3.6.1-10.s390x.rpm 241d95f0cdb88ef26399bc7e6d5af764 libtiff-devel-3.6.1-10.s390x.rpm 03901241d37afb1c38835838076b34c1 x86_64: libtiff-3.6.1-10.i386.rpm 7ed5bd7e2376a403e733737ca8f258ab libtiff-3.6.1-10.x86_64.rpm e390b83c9f71ffedab52f7e53fe09827 libtiff-devel-3.6.1-10.x86_64.rpm 562f7e95d243e4d69cbe123eb14bf947 Red Hat Enterprise Linux ES (v. 2.1) -------------------------------------------------------------------------------- SRPMS: libtiff-3.5.7-30.el2.1.src.rpm 87e92d44fcc7ce77758132833ad900cb IA-32: libtiff-3.5.7-30.el2.1.i386.rpm f551309d6c28a7116a54634908d57f9d libtiff-devel-3.5.7-30.el2.1.i386.rpm 64aa285808fcd3e1d5e52e9c9c84e712 Red Hat Enterprise Linux ES (v. 3) -------------------------------------------------------------------------------- SRPMS: libtiff-3.5.7-25.el3.1.src.rpm 1490807b5d6fbda4ee076ea8f5680fee IA-32: libtiff-3.5.7-25.el3.1.i386.rpm 24db138a653e9c931fab2f6e78450c6f libtiff-devel-3.5.7-25.el3.1.i386.rpm cfaef3999623396ab3024ebe7e38335b IA-64: libtiff-3.5.7-25.el3.1.i386.rpm 24db138a653e9c931fab2f6e78450c6f libtiff-3.5.7-25.el3.1.ia64.rpm dcd1eae2ccb0544c5c63643ef51be812 libtiff-devel-3.5.7-25.el3.1.ia64.rpm 091a246db5120a322b0bf562d0b44142 x86_64: libtiff-3.5.7-25.el3.1.i386.rpm 24db138a653e9c931fab2f6e78450c6f libtiff-3.5.7-25.el3.1.x86_64.rpm 7f9c8bb211fbdb36a0d45f80b4ba3a91 libtiff-devel-3.5.7-25.el3.1.x86_64.rpm 26133072ae5ea80696b2fdf5241c3d99 Red Hat Enterprise Linux ES (v. 4) -------------------------------------------------------------------------------- SRPMS: libtiff-3.6.1-10.src.rpm f187e5faa4a9e9217decb8226ab1f320 IA-32: libtiff-3.6.1-10.i386.rpm 7ed5bd7e2376a403e733737ca8f258ab libtiff-devel-3.6.1-10.i386.rpm 65b8fe42255d336352887a472a5fb029 IA-64: libtiff-3.6.1-10.i386.rpm 7ed5bd7e2376a403e733737ca8f258ab libtiff-3.6.1-10.ia64.rpm 7c3512460660ced6b5c37cc824bf4f8c libtiff-devel-3.6.1-10.ia64.rpm fe810c4f0117fff2a78dd12102e0fc5f x86_64: libtiff-3.6.1-10.i386.rpm 7ed5bd7e2376a403e733737ca8f258ab libtiff-3.6.1-10.x86_64.rpm e390b83c9f71ffedab52f7e53fe09827 libtiff-devel-3.6.1-10.x86_64.rpm 562f7e95d243e4d69cbe123eb14bf947 Red Hat Enterprise Linux WS (v. 2.1) -------------------------------------------------------------------------------- SRPMS: libtiff-3.5.7-30.el2.1.src.rpm 87e92d44fcc7ce77758132833ad900cb IA-32: libtiff-3.5.7-30.el2.1.i386.rpm f551309d6c28a7116a54634908d57f9d libtiff-devel-3.5.7-30.el2.1.i386.rpm 64aa285808fcd3e1d5e52e9c9c84e712 Red Hat Enterprise Linux WS (v. 3) -------------------------------------------------------------------------------- SRPMS: libtiff-3.5.7-25.el3.1.src.rpm 1490807b5d6fbda4ee076ea8f5680fee IA-32: libtiff-3.5.7-25.el3.1.i386.rpm 24db138a653e9c931fab2f6e78450c6f libtiff-devel-3.5.7-25.el3.1.i386.rpm cfaef3999623396ab3024ebe7e38335b IA-64: libtiff-3.5.7-25.el3.1.i386.rpm 24db138a653e9c931fab2f6e78450c6f libtiff-3.5.7-25.el3.1.ia64.rpm dcd1eae2ccb0544c5c63643ef51be812 libtiff-devel-3.5.7-25.el3.1.ia64.rpm 091a246db5120a322b0bf562d0b44142 x86_64: libtiff-3.5.7-25.el3.1.i386.rpm 24db138a653e9c931fab2f6e78450c6f libtiff-3.5.7-25.el3.1.x86_64.rpm 7f9c8bb211fbdb36a0d45f80b4ba3a91 libtiff-devel-3.5.7-25.el3.1.x86_64.rpm 26133072ae5ea80696b2fdf5241c3d99 Red Hat Enterprise Linux WS (v. 4) -------------------------------------------------------------------------------- SRPMS: libtiff-3.6.1-10.src.rpm f187e5faa4a9e9217decb8226ab1f320 IA-32: libtiff-3.6.1-10.i386.rpm 7ed5bd7e2376a403e733737ca8f258ab libtiff-devel-3.6.1-10.i386.rpm 65b8fe42255d336352887a472a5fb029 IA-64: libtiff-3.6.1-10.i386.rpm 7ed5bd7e2376a403e733737ca8f258ab libtiff-3.6.1-10.ia64.rpm 7c3512460660ced6b5c37cc824bf4f8c libtiff-devel-3.6.1-10.ia64.rpm fe810c4f0117fff2a78dd12102e0fc5f x86_64: libtiff-3.6.1-10.i386.rpm 7ed5bd7e2376a403e733737ca8f258ab libtiff-3.6.1-10.x86_64.rpm e390b83c9f71ffedab52f7e53fe09827 libtiff-devel-3.6.1-10.x86_64.rpm 562f7e95d243e4d69cbe123eb14bf947 Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor -------------------------------------------------------------------------------- SRPMS: libtiff-3.5.7-30.el2.1.src.rpm 87e92d44fcc7ce77758132833ad900cb IA-64: libtiff-3.5.7-30.el2.1.ia64.rpm 9274af2e436ec05555f326fc02293756 libtiff-devel-3.5.7-30.el2.1.ia64.rpm 93f02f4b82ab1e9a7d1e088cefc6bf82 (The unlinked packages above are only available from the Red Hat Network) Bugs fixed (see bugzilla for more information) 189933 - CVE-2006-2024 multiple libtiff issues (CVE-2006-2025, CVE-2006-2026) 189974 - CVE-2006-2120 libtiff DoS References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2024 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2025 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2026 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2120 http://www.redhat.com/security/updates/classification/#important -------------------------------------------------------------------------------- These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from: https://www.redhat.com/security/team/key/#package The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/ [***** End RHSA-2006:0425-5 *****] _______________________________________________________________________________ CIAC wishes to acknowledge the contributions of Red Hat for the information contained in this bulletin. _______________________________________________________________________________ CIAC, the Computer Incident Advisory Capability, is the computer security incident response team for the U.S. Department of Energy (DOE) and the emergency backup response team for the National Institutes of Health (NIH). CIAC is located at the Lawrence Livermore National Laboratory in Livermore, California. CIAC is also a founding member of FIRST, the Forum of Incident Response and Security Teams, a global organization established to foster cooperation and coordination among computer security teams worldwide. CIAC services are available to DOE, DOE contractors, and the NIH. CIAC can be contacted at: Voice: +1 925-422-8193 (7x24) FAX: +1 925-423-8002 STU-III: +1 925-423-2604 E-mail: ciac@ciac.org Previous CIAC notices, anti-virus software, and other information are available from the CIAC Computer Security Archive. World Wide Web: http://www.ciac.org/ Anonymous FTP: ftp.ciac.org PLEASE NOTE: Many users outside of the DOE, ESnet, and NIH computing communities receive CIAC bulletins. If you are not part of these communities, please contact your agency's response team to report incidents. Your agency's team will coordinate with CIAC. The Forum of Incident Response and Security Teams (FIRST) is a world-wide organization. A list of FIRST member organizations and their constituencies can be obtained via WWW at http://www.first.org/. This document was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor the University of California nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation or favoring by the United States Government or the University of California. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or the University of California, and shall not be used for advertising or product endorsement purposes. LAST 10 CIAC BULLETINS ISSUED (Previous bulletins available from CIAC) Q-181: J2SE 5.0 Release 4 Q-182: Thunderbird Security Update Q-183: gdm Q-184: Privileged Applications Linked to libpkcs11(eLIB) Which Obtain Password Entities Using getpwnam(3C) Q-185: Open VPN Q-186: Scan Engine Multiple Vulnerabilities Q-187: Cisco Unity Express Q-188: Vulnerabilities in Ethereal Q-189: xorg-x11 Security Update Q-190: cgiirc -- Buffer Overflows