[ALSA-2023:0095] Moderate: libtiff security update
Type:
security
Severity:
moderate
Release date:
2023-03-13
Description:
The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Security Fix(es): * LibTiff: DoS from Divide By Zero Error (CVE-2022-2056, CVE-2022-2057, CVE-2022-2058) * libtiff: Double free or corruption in rotateImage() function at tiffcrop.c (CVE-2022-2519) * libtiff: uint32_t underflow leads to out of bounds read and write in tiffcrop.c (CVE-2022-2867) * libtiff: tiffcrop.c has uint32_t underflow which leads to out of bounds read and write in extractContigSamples8bits() (CVE-2022-2869) * libtiff: tiffcrop: heap-buffer-overflow in extractImageSection in tiffcrop.c (CVE-2022-2953) * libtiff: Assertion fail in rotateImage() function at tiffcrop.c (CVE-2022-2520) * libtiff: Invalid pointer free operation in TIFFClose() at tif_close.c (CVE-2022-2521) * libtiff: Invalid crop_width and/or crop_length could cause an out-of-bounds read in reverseSamples16bits() (CVE-2022-2868) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
Architecture Package Checksum
aarch64 libtiff-4.0.9-26.el8_7.aarch64.rpm 4eb4f4bd75288e88f5e04e91dabc0f00b68bde6fad8959e3b49c38f8e4857f8b
aarch64 libtiff-tools-4.0.9-26.el8_7.aarch64.rpm 6e6cce3d0900144e03f5428146bf9379535e97365294fd1f09c4afedbbc18a51
aarch64 libtiff-devel-4.0.9-26.el8_7.aarch64.rpm 98bf81e9d8a5e7e4e804a57986e1373989ee150aedc8dca7eabaa77651275c4e
i686 libtiff-devel-4.0.9-26.el8_7.i686.rpm 286a63fd88c81122cdf2e3fb893f3f4813e2d1e37290e81e0c5742bf23a8025e
i686 libtiff-4.0.9-26.el8_7.i686.rpm f86a88974bc3e3adad7074991da0ee674731545838f70ae330f23386cd649dda
ppc64le libtiff-4.0.9-26.el8_7.ppc64le.rpm 4701b4df8e3e346c33507e96ec68c3783785de7ecd1ad96d8cd68eceddf99b36
ppc64le libtiff-tools-4.0.9-26.el8_7.ppc64le.rpm 809804395ae993e9f67a359d8bef9f6a5028abddf49d4d098926aa1680c31c97
ppc64le libtiff-devel-4.0.9-26.el8_7.ppc64le.rpm b5997401df56ec8c7c3eb9c1c6d3075ccf6e3ba78215d4874b1eea46bdfc205e
s390x libtiff-tools-4.0.9-26.el8_7.s390x.rpm 52ad4ca7607541fa509736bf516757e874d192a6fc08f049d830a64ee3ee9af6
s390x libtiff-devel-4.0.9-26.el8_7.s390x.rpm 858a2e3ed32b5c000f66e591815995d670bb22bd0abf9c0e0febda9c552e3d3b
s390x libtiff-4.0.9-26.el8_7.s390x.rpm c6c88d0a5a25bb3e890cdda9f6c54d85f22ac75162aeea6f04bf8f49f122cf10
x86_64 libtiff-4.0.9-26.el8_7.x86_64.rpm 32898b924a9c105756b87d675d33a84a19611188790b50b51422f7f107376fad
x86_64 libtiff-tools-4.0.9-26.el8_7.x86_64.rpm 5b8f94e0153594c38be9aa3d74c2bb930f3e5e9314a44ae307d93d29d307caf3
x86_64 libtiff-devel-4.0.9-26.el8_7.x86_64.rpm a0acb43fc473b938a7c89ee342cc1585fe70f8cd07df1e649c72e00b165a8f32
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.