<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
</head>
<body bgcolor="#ffffff" text="#000000">
<tt>Oracle VM Security Advisory OVMSA-2009-0027<br>
<br>
The following updated rpms for Oracle VM 2.1 have been uploaded to the
Unbreakable Linux Network:<br>
<br>
i386:<br>
libtiff-3.8.2-7.el5_3.4.i386.rpm<br>
libtiff-devel-3.8.2-7.el5_3.4.i386.rpm<br>
<br>
<br>
SRPMS:<br>
<a class="moz-txt-link-freetext"
 href="http://oss.oracle.com/oraclevm/server/SRPMS-updates/libtiff-3.8.2-7.el5_3.4.src.rpm">http://oss.oracle.com/oraclevm/server/SRPMS-updates/libtiff-3.8.2-7.el5_3.4.src.rpm</a><br>
<br>
<br>
Description of changes:<br>
<br>
[3.8.2-7.el5.4]<br>
- Fix buffer overrun risks caused by unchecked integer overflow
(CVE-2009-2347)<br>
Resolves: #507725<br>
<br>
[3.8.2-7.el5.3]<br>
- Fix some more LZW decoding vulnerabilities (CVE-2009-2285)<br>
Resolves: #507725<br>
- Update upstream URL<br>
<br>
[3.8.2-7.el5.2]<br>
- Use -fno-strict-aliasing per rpmdiff recommendation<br>
<br>
[3.8.2-7.el5.1]<br>
- Fix LZW decoding vulnerabilities (CVE-2008-2327)<br>
Resolves: #458812<br>
- Remove sgi2tiff.1 and tiffsv.1, since they are for programs we don't
ship<br>
Resolves: #460120</tt><br>
<br>
<div class="moz-signature"><!-- This signature was generated by the MyDesktop Oracle Business Signature utility version 3.5.7 -->
</div>
</body>
</html>