During a source code audit, Chris Evans discovered a number of integer overflow bugs that affect libtiff. teTeX contains an internal copy of libtiff. An attacker who has the ability to trick a user into opening a malicious TIFF file could cause the application linked to libtiff to crash or possibly execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2004-0886 and CAN-2004-0804 to these issues. Additionally, a number of buffer overflow bugs that affect libtiff have been found. teTeX contains an internal copy of libtiff. An attacker who has the ability to trick a user into opening a malicious TIFF file could cause the application linked to libtiff to crash or possibly execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0803 to this issue. These issues also affect RHEL2.1 The ideal fix for these issues will be to have teTeX use the system libtiff rather than it's internal version.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2005-354.html