CentOS Update For Libtiff CESA-2008:0863 Centos3 I386 Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Multiple uses of uninitialized values were discovered in libtiff's Lempel-Ziv-Welch (LZW) compression algorithm decoder. An attacker could create a carefully crafted LZW-encoded TIFF file that would cause an application linked with libtiff to crash or, possibly, execute arbitrary code. (CVE-2008-2327) Red Hat would like to thank Drew Yao of the Apple Product Security team for reporting this issue. All libtiff users are advised to upgrade to these updated packages, which contain backported patches to resolve this issue.

Affected

libtiff on CentOS 3

References

http://lists.centos.org/pipermail/centos-announce/2008-August/015220.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-2327

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

CentOS Security Advisory CESA-2009:1339 (rgmanager)
CentOS Security Advisory CESA-2009:1455 (kernel)
CentOS Security Advisory CESA-2009:0308 (cups)
CentOS Security Advisory CESA-2009:0341 (curl)
CentOS Security Advisory CESA-2009:1180 (bind)

CentOS Update for libtiff CESA-2008:0863 centos3 i386

Take action and discover your vulnerabilities