ALSA-2024:5079

[ALSA-2024:5079] Moderate: libtiff security update

Type:

security

Severity:

moderate

Release date:

2024-08-08

Description:

The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files.

Security Fix(es):

* libtiff: Heap-based buffer overflow in ChopUpSingleUncompressedStrip in tif_dirread.c (CVE-2018-15209)
* libtiff: Buffer Overflow via /libtiff/tools/tiffcrop.c (CVE-2023-25433)
* libtiff: heap-based buffer overflow in cpStripToTile() in tools/tiffcp.c (CVE-2023-6228)
* libtiff: Segment fault in libtiff  in TIFFReadRGBATileExt() leading to denial of service (CVE-2023-52356)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	libtiff-4.0.9-32.el8_10.aarch64.rpm	6fa455df5b3bf1f092cdf4aefd052fa567b3734b83e58a11257732ad93dcefd7
aarch64	libtiff-tools-4.0.9-32.el8_10.aarch64.rpm	c695837399047fcb79ec764f898b0f30baa5a1302857b85021d03ab5f1fce3ec
aarch64	libtiff-devel-4.0.9-32.el8_10.aarch64.rpm	c87b2179aa2eb27ee6a138daad635b5e437dc2780a02c0287b1941f0a7b4cda2
i686	libtiff-devel-4.0.9-32.el8_10.i686.rpm	3f2d88d3dbf7e3730946cda630da2f61a943810960a49187f892b633749620fb
i686	libtiff-4.0.9-32.el8_10.i686.rpm	d4cb97f9b6480e2e154a640684f4503b3729e5de761a8ee81f45ef469bea9fdc
ppc64le	libtiff-4.0.9-32.el8_10.ppc64le.rpm	1275003e9cf355c4fd727c1ee729295cc79d109cb9ad712012c8e221d58e3717
ppc64le	libtiff-tools-4.0.9-32.el8_10.ppc64le.rpm	52b09bb7529a896b35782d8ba75fd32bf4f40e4e5dbbe5e0d6113a5135c7844d
ppc64le	libtiff-devel-4.0.9-32.el8_10.ppc64le.rpm	5d0c2c952bd7bc533f35a4586cda7b90c8f6a4e06738834a0dfaefda856f1c80
s390x	libtiff-4.0.9-32.el8_10.s390x.rpm	4ad0ada3a26d00e5237c6f958aadbe786ae36499dabbe6f2eb97642b04fa4ee6
s390x	libtiff-tools-4.0.9-32.el8_10.s390x.rpm	9a8cfa3fe4772252313bc0d2d2c172482050483b860bf1b8d514c95f880b8c9b
s390x	libtiff-devel-4.0.9-32.el8_10.s390x.rpm	d2968bd1ecaaf326c73dc2b5eb075d55c5efe256626427370de4cca3b42746c8
x86_64	libtiff-devel-4.0.9-32.el8_10.x86_64.rpm	58f7b423c4b723bc2aa1d101e0597eb8b03bec2c1073159f025f726d7320104f
x86_64	libtiff-tools-4.0.9-32.el8_10.x86_64.rpm	e4878432f0d40bf78c6d95acd3e39e00c0f290c753335a19f0e2d37776f038a1
x86_64	libtiff-4.0.9-32.el8_10.x86_64.rpm	e86813b4730bc7d01049f4dc9cd816d39219b08213f94c0616f6c467f0e389d4

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.