Scientific Linux Security Update : libtiff on SL4.x i386/x86_64

This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing one or more security
updates.

Description :

A heap-based buffer overflow flaw was found in the way libtiff
processed certain TIFF files encoded with a 4-bit run-length encoding
scheme from ThunderScan. An attacker could use this flaw to create a
specially crafted TIFF file that, when opened, would cause an
application linked against libtiff to crash or, possibly, execute
arbitrary code. (CVE-2011-1167)

This update also fixes the following bug :

- A prior libtiff update introduced a regression that
prevented certain TIFF Internet Fax image files,
compressed with the CCITT Group 4 compression algorithm,
from being read. (BZ#688825)

See also :

http://www.nessus.org/u?e21321d1
https://bugzilla.redhat.com/show_bug.cgi?id=688825

Solution :

Update the affected libtiff and / or libtiff-devel packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 60999 ()

Bugtraq ID:

CVE ID: CVE-2011-1167