Updated libtiff packages that fix a security issue and a bug are now
available for Red Hat Enterprise Linux 5.
Multiple uses of uninitialized values were discovered in libtiff's
Lempel-Ziv-Welch (LZW) compression algorithm decoder. An attacker could
create a carefully crafted LZW-encoded TIFF file that would cause an
application linked with libtiff to crash or, possibly, execute arbitrary
This update has been rated as having important security impact by the Red
Hat Security Response Team.
Updated libtiff packages that fix various security issues and a bug are now
available for Red Hat Enterprise Linux 4.
A buffer overflow flaw was discovered in the tiff2pdf conversion program
distributed with libtiff. An attacker could create a TIFF file containing
UTF-8 characters that would, when converted to PDF format, cause tiff2pdf
to crash, or, possibly, execute arbitrary code.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
Updated libtiff packages that fix a security issue are now available for
Red Hat Enterprise Linux 2.1 and 3.Multiple uses of uninitialized values were discovered in libtiff's
Lempel-Ziv-Welch (LZW) compression algorithm decoder. An attacker could
create a carefully crafted LZW-encoded TIFF file that would cause an
application linked with libtiff to crash or, possibly, execute arbitrary
code. This update has been rated as having important security impact by the Red
Hat Security Response Team.
Updated openoffice.org packages that fix a security issue are now available
for Red Hat Enterprise Linux 5. A numeric truncation error was found in the OpenOffice.org memory
allocator. If a carefully crafted file was opened by a victim, an attacker
could use this flaw to crash OpenOffice.org or, possibly, execute arbitrary
code. This update has been rated as having important security impact by the Red
Hat Security Response Team.
Updated tomcat packages that fix several security issues are now available
for Red Hat Enterprise Linux 5. A cross-site scripting vulnerability was discovered in the
HttpServletResponse.sendError() method. A remote attacker could inject
arbitrary web script or HTML via forged HTTP headers.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
An updated ipsec-tools package that fixes two security issues is now
available for Red Hat Enterprise Linux 3, 4, and 5. Two denial of service flaws were found in the ipsec-tools racoon daemon. It was possible for a remote attacker to cause the racoon daemon to consume
all available memory.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
Updated kernel packages that fix several security issues and several bugs
are now available for Red Hat Enterprise MRG 1.0.
The possibility of a timeout value overflow was found in the Linux kernel
high-resolution timers functionality, hrtimer. This could allow a local
unprivileged user to execute arbitrary code, or cause a denial of service
(kernel panic).
This update has been rated as having important security impact by the Red
Hat Security Response Team.
To browse through our weekly Linux Advisory Watch newsletters,