ALSA-2023:0302

[ALSA-2023:0302] Moderate: libtiff security update

Type:

security

Severity:

moderate

Release date:

2023-03-13

Description:

The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files.

Security Fix(es):

* LibTiff: DoS from Divide By Zero Error (CVE-2022-2056, CVE-2022-2057, CVE-2022-2058)
* libtiff: Double free or corruption in rotateImage() function at tiffcrop.c (CVE-2022-2519)
* libtiff: tiffcrop: heap-buffer-overflow in extractImageSection in tiffcrop.c (CVE-2022-2953)
* libtiff: Assertion fail in rotateImage() function at tiffcrop.c (CVE-2022-2520)
* libtiff: Invalid pointer free operation in TIFFClose() at tif_close.c (CVE-2022-2521)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	libtiff-devel-4.4.0-5.el9_1.aarch64.rpm	1d4ce129378bb45f836e3063578596eccf8420e33050e8e649efca16663dd5cd
aarch64	libtiff-4.4.0-5.el9_1.aarch64.rpm	98625e6eaafd31d57628601af91a13a021f697b9e390e4fc9c8a66d10f4b3f99
aarch64	libtiff-tools-4.4.0-5.el9_1.aarch64.rpm	b9e520a1d90d0a1f5f32092c5a2b1a52420d5e1e5c3841bd788f6cf40319cc7e
i686	libtiff-devel-4.4.0-5.el9_1.i686.rpm	8e44488ae758325317bcb86ea672cfcbe81a64bcacdd7acff09d3ebf6e940596
i686	libtiff-4.4.0-5.el9_1.i686.rpm	96fc910832e3a04088a1213e3695002881c906e8a58484906d13f199a621856f
ppc64le	libtiff-tools-4.4.0-5.el9_1.ppc64le.rpm	2a6eb9f59c0eaafdef2b37c769b51353de3e4f3906e3d04435450a345bbc4ffe
ppc64le	libtiff-4.4.0-5.el9_1.ppc64le.rpm	2aef83c8945caecad5c04b930b325ade1af79c732b4bed93d878e1292706672b
ppc64le	libtiff-devel-4.4.0-5.el9_1.ppc64le.rpm	7a05b7b712ba7a6e88ad9cfbb31703830bc93dedaa39dbaf252ae133c3f62bff
s390x	libtiff-4.4.0-5.el9_1.s390x.rpm	c39e07d5bd978b073b5e0b814f4b1a5f1d11f542fb4947421581aff96df50b4c
s390x	libtiff-tools-4.4.0-5.el9_1.s390x.rpm	d3026e526a0afcf1c5291c20a4de6b1b176913b8a7cccfa0a205a1c9a3ad02d9
s390x	libtiff-devel-4.4.0-5.el9_1.s390x.rpm	e4ee1fffb695774e39ffbbed996c36e274c2be3e1df6d0ea0468163ad119c916
x86_64	libtiff-devel-4.4.0-5.el9_1.x86_64.rpm	a05a597f9a37c4d21bd6857d6c28fdccd2b5f7cccc08d5dcc1d64429f0879857
x86_64	libtiff-4.4.0-5.el9_1.x86_64.rpm	f07d90a02b459415757015fa2cc985c50132b4058555379f70dcc533ce6ef27a
x86_64	libtiff-tools-4.4.0-5.el9_1.x86_64.rpm	f3d5c153243cc2cce4d45acc7c98215ca9c39685bf9f1368545ab1b3bb75c854

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.