ALSA-2022:7585

[ALSA-2022:7585] Moderate: libtiff security update

Type:

security

Severity:

moderate

Release date:

2022-11-14

Description:

The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files.

Security Fix(es):

* libtiff: Denial of Service via crafted TIFF file (CVE-2022-0561)
* libtiff: Null source pointer lead to Denial of Service via crafted TIFF file (CVE-2022-0562)
* libtiff: reachable assertion (CVE-2022-0865)
* libtiff: Out-of-bounds Read error in tiffcp (CVE-2022-0924)
* libtiff: stack-buffer-overflow in tiffcp.c in main() (CVE-2022-1355)
* libtiff: out-of-bounds read in _TIFFmemcpy() in tif_unix.c (CVE-2022-22844)
* libtiff: heap buffer overflow in extractImageSection (CVE-2022-0891)
* tiff: Null source pointer passed as an argument to memcpy in TIFFFetchNormalTag() in tif_dirread.c (CVE-2022-0908)
* tiff: Divide By Zero error in tiffcrop (CVE-2022-0909)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	libtiff-4.0.9-23.el8.aarch64.rpm	132e4eeedb6e4e3f021a71e782b3c5233ec4f98ec123855c8877411298b0ec34
aarch64	libtiff-tools-4.0.9-23.el8.aarch64.rpm	1521b140f3a590bf95ddfb0f3f89dace386a9f3ee57d219671fa3d7fc419f415
aarch64	libtiff-devel-4.0.9-23.el8.aarch64.rpm	f9268f7b1ece4d41d1f4fcac6d763242d473f9266d15850b1063e28deb75b519
i686	libtiff-devel-4.0.9-23.el8.i686.rpm	00ca87da82cd109a83469f42d8a41714e79aa5ce231639f59317a6873e7e3c02
i686	libtiff-4.0.9-23.el8.i686.rpm	d49f64b52af441a6c65bb78046df3542ed6f77507fbcdb510267a73ef0663b1e
ppc64le	libtiff-4.0.9-23.el8.ppc64le.rpm	4983b43939dde8a1425a75009b2abf9141605223021ae05b9d3ed2685339e2c3
ppc64le	libtiff-devel-4.0.9-23.el8.ppc64le.rpm	657cd1e58bf601eb0a6eea7e5bc1ee80609e8e2ed2f0d9c14e9bd378febaabe4
ppc64le	libtiff-tools-4.0.9-23.el8.ppc64le.rpm	8efcbaae6b1269a72651a5bed5cc4f36e75b6eaeae9fb711584233420cab03cf
s390x	libtiff-4.0.9-23.el8.s390x.rpm	10286efe88b206eb871008f9bd904ac8ea3119e386748ae1ecaf5db273d91e7c
s390x	libtiff-devel-4.0.9-23.el8.s390x.rpm	2feef590fccb0c2bc88ee556507938e194580b785cfca2439c0c43272794d659
s390x	libtiff-tools-4.0.9-23.el8.s390x.rpm	8391ea7ea01b560518327f247351ee9316c98e738b3f025edd3259862e7bbacb
x86_64	libtiff-4.0.9-23.el8.x86_64.rpm	902ff0c74ea72651bd0682fb317448e4c85c3387970836ef11ed1ab0e30b7f5a
x86_64	libtiff-tools-4.0.9-23.el8.x86_64.rpm	f4cd100292617ac1569d1b2bb9f6d4de4f0f47d6bf8fd5e9c98df9b24eac8af9
x86_64	libtiff-devel-4.0.9-23.el8.x86_64.rpm	fe03c365847e859303556569a0c7f80fe3b04eec4c2ee9509278b879001b9cef

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.