ALSA-2022:8194

[ALSA-2022:8194] Moderate: libtiff security update

Type:

security

Severity:

moderate

Release date:

2022-11-18

Description:

The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files.

Security Fix(es):

* libtiff: Denial of Service via crafted TIFF file (CVE-2022-0561)
* libtiff: Null source pointer lead to Denial of Service via crafted TIFF file (CVE-2022-0562)
* libtiff: reachable assertion (CVE-2022-0865)
* libtiff: Out-of-bounds Read error in tiffcp (CVE-2022-0924)
* libtiff: stack-buffer-overflow in tiffcp.c in main() (CVE-2022-1355)
* libtiff: out-of-bounds read in _TIFFmemcpy() in tif_unix.c (CVE-2022-22844)
* libtiff: heap buffer overflow in extractImageSection (CVE-2022-0891)
* tiff: Null source pointer passed as an argument to memcpy in TIFFFetchNormalTag() in tif_dirread.c (CVE-2022-0908)
* tiff: Divide By Zero error in tiffcrop (CVE-2022-0909)
* libtiff: heap-buffer-overflow in TIFFReadRawDataStriped() in tiffinfo.c (CVE-2022-1354)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	libtiff-tools-4.4.0-2.el9.aarch64.rpm	1456434f7778d5d204c0c47f728f3e5078184488e837283ff60f427b38a80e37
aarch64	libtiff-devel-4.4.0-2.el9.aarch64.rpm	bb550f6578f822fa37f06d2aace4116102b08201f06f41caa9117b611d657b56
aarch64	libtiff-4.4.0-2.el9.aarch64.rpm	e549d8dba7d2422dfe7aa43caa33f3c35c0f57cb607c902d156b08973d7bbba8
i686	libtiff-4.4.0-2.el9.i686.rpm	73edb77eac7e0cd7b17ef7391d71830f3626fe46b45d6e80dd523bac0d5c1214
i686	libtiff-devel-4.4.0-2.el9.i686.rpm	cd4bc038da6d3d148844eb2d3f7eb43eb11a82fb77a310281660c5817311a502
ppc64le	libtiff-tools-4.4.0-2.el9.ppc64le.rpm	625af6cff44feb1f35c2bd16228c4880dc92a87940e8c28d47a0722bee8f3b0b
ppc64le	libtiff-devel-4.4.0-2.el9.ppc64le.rpm	778935ce20a110a5edf14c4baa66edb31c63cb02f33c1590e9a18b69839e5f2f
ppc64le	libtiff-4.4.0-2.el9.ppc64le.rpm	9715a3d18108e928578c8dac09502c0d6f30e306875f6769770590cf46c7bb7f
s390x	libtiff-tools-4.4.0-2.el9.s390x.rpm	0da0c47e9c61c8184b2b50d30593441ed8f22e6b5b1aea7a3a18a0aca46a7e2c
s390x	libtiff-devel-4.4.0-2.el9.s390x.rpm	6627af8ca3ef07089fa351246a3d244befc50cf1d028a311f012a44df5835020
s390x	libtiff-4.4.0-2.el9.s390x.rpm	7ffb35ce1cd24fe37f5d34f752d7b5791291a0277b659e88f634bbcda623e579
x86_64	libtiff-tools-4.4.0-2.el9.x86_64.rpm	27dd7628ffa2b60d97f526b0c16027e2f2b76b638c8cad04fd53e59580b49066
x86_64	libtiff-devel-4.4.0-2.el9.x86_64.rpm	27ffcbb49538d7b859fe61d7c0018c6f39892abcb5053aa0e4a5c501a6ec03f6
x86_64	libtiff-4.4.0-2.el9.x86_64.rpm	bb61a3b295aaff840a6d6ecfc2c34c60d1debcb3c14ab4ae44bc75b444ae99c8

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.