ALSA-2023:3711

[ALSA-2023:3711] Moderate: libtiff security update

Type:

security

Severity:

moderate

Release date:

2023-06-23

Description:

The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files.

Security Fix(es):

* libtiff: heap-based buffer overflow in processCropSelections() in tools/tiffcrop.c (CVE-2022-48281)
* libtiff: out-of-bounds read in extractContigSamplesShifted16bits() in tools/tiffcrop.c (CVE-2023-0795)
* libtiff: out-of-bounds read in extractContigSamplesShifted24bits() in tools/tiffcrop.c (CVE-2023-0796)
* libtiff: out-of-bounds read in _TIFFmemcpy() in libtiff/tif_unix.c when called by functions in tools/tiffcrop.c (CVE-2023-0797)
* libtiff: out-of-bounds read in extractContigSamplesShifted8bits() in tools/tiffcrop.c (CVE-2023-0798)
* libtiff: use-after-free in extractContigSamplesShifted32bits() in tools/tiffcrop.c (CVE-2023-0799)
* libtiff: out-of-bounds write in extractContigSamplesShifted16bits() in tools/tiffcrop.c (CVE-2023-0800)
* libtiff: out-of-bounds write in _TIFFmemcpy() in libtiff/tif_unix.c when called by functions in tools/tiffcrop.c (CVE-2023-0801)
* libtiff: out-of-bounds write in extractContigSamplesShifted32bits() in tools/tiffcrop.c (CVE-2023-0802)
* libtiff: out-of-bounds write in extractContigSamplesShifted16bits() in tools/tiffcrop.c (CVE-2023-0803)
* libtiff: out-of-bounds write in extractContigSamplesShifted24bits() in tools/tiffcrop.c (CVE-2023-0804)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	libtiff-tools-4.4.0-8.el9_2.aarch64.rpm	03bd37b719d0026f2a029fcd9a9513ec64c952de857160d394b2193cc17d2c10
aarch64	libtiff-4.4.0-8.el9_2.aarch64.rpm	5dc28f66b87b592c78a0d4d6a45ac927ec69de8a48d5c1b27e9d7c36f1aaa69c
aarch64	libtiff-devel-4.4.0-8.el9_2.aarch64.rpm	8d355f28687830212440ce530ba935c2759c7b5581b9f4b93a0034c7188be733
i686	libtiff-4.4.0-8.el9_2.i686.rpm	0944a63bcf08ca8b7e7af8264a53769d53e3b04068c5ac9d78665f545cde443d
i686	libtiff-devel-4.4.0-8.el9_2.i686.rpm	10a8407cc64b34eb6009fd8bd93718a12f844a68bdbc7968fc0bb4dd6c705482
ppc64le	libtiff-4.4.0-8.el9_2.ppc64le.rpm	7421ba546b3cc62c68b3c5bf1926ff85a85f224b7a977d10284a783cf6e41f0f
ppc64le	libtiff-devel-4.4.0-8.el9_2.ppc64le.rpm	78deda6165e47b5e7128a79a9763ca4316bc8911d69e22c5c66eda802fcf6502
ppc64le	libtiff-tools-4.4.0-8.el9_2.ppc64le.rpm	d46947ced82741ee8f5d4ee9afd16bfe8969b3301b1bbeded42aebde62a5e258
s390x	libtiff-tools-4.4.0-8.el9_2.s390x.rpm	3e67fa4aac3d27cd0a0081f6e4238da26ea15a5b2e055bef8e23cf0951b4ac43
s390x	libtiff-devel-4.4.0-8.el9_2.s390x.rpm	a91120978a4281883bc7051850da777b94093ddeab7062aa54246c2095f62273
s390x	libtiff-4.4.0-8.el9_2.s390x.rpm	eb0b491cb603deb7ccc0136c77d5b46e26c8c982a73be07d367e65d8b3bbe440
x86_64	libtiff-devel-4.4.0-8.el9_2.x86_64.rpm	14d571b910b87876f9476fe6ffa9711afd5a71cdb3e3c5528be1e780520a28e6
x86_64	libtiff-4.4.0-8.el9_2.x86_64.rpm	1bf3471710b1b89b2a1b468b0ea4656fd3ee1276aea72cee1ddb676e986d08ae
x86_64	libtiff-tools-4.4.0-8.el9_2.x86_64.rpm	9c837eef2d8c3b570c870b574fe1c694791c0eb46bc306ba1f13e03263ed3c95

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.