ALSA-2023:6575

[ALSA-2023:6575] Moderate: libtiff security update

Type:

security

Severity:

moderate

Release date:

2023-11-14

Description:

The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files.

Security Fix(es):

* libtiff: null pointer dereference in LZWDecode() in libtiff/tif_lzw.c (CVE-2023-2731)
* libtiff: tiffcrop: null pointer dereference in TIFFClose() (CVE-2023-3316)
* libtiff: memory leak in tiffcrop.c (CVE-2023-3576)
* libtiff: heap-based use after free via a crafted TIFF image in loadImage() in tiffcrop.c (CVE-2023-26965)
* libtiff: Buffer Overflow in uv_encode() (CVE-2023-26966)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	libtiff-4.4.0-10.el9.aarch64.rpm	38b2f52d9180e5f2966bf7766a0673ed16b141ae8c673a831fe805958c464579
aarch64	libtiff-tools-4.4.0-10.el9.aarch64.rpm	9f3994e38bd1cad1f8bcd9b55574014b8b68da27f1451f51a99dddd101b77241
aarch64	libtiff-devel-4.4.0-10.el9.aarch64.rpm	ed096a9ef0ccb916c7d0c62103557d730c2dfebf8af25bcbb0e381ef00c94460
i686	libtiff-devel-4.4.0-10.el9.i686.rpm	154c86411b9baa7bc6a7318c2046a93cb273e72b04b9abc1ed00366300fe58fe
i686	libtiff-4.4.0-10.el9.i686.rpm	6c2f2d72e298a686b8f1025b1f8c2c79ca8aaf30fca919b07a7f33acdfb318cf
ppc64le	libtiff-4.4.0-10.el9.ppc64le.rpm	165db794f0c07033f58bde4fd25726e3fa2c7f9f02938f6cffab0c7b1dc83313
ppc64le	libtiff-devel-4.4.0-10.el9.ppc64le.rpm	2bc003085bcfab656e5f110f1a822991bd74a1a1b5e58d5f3ec3d56c6cc019e9
ppc64le	libtiff-tools-4.4.0-10.el9.ppc64le.rpm	701e652e5726a0792870fe896c6f96c3dbcead4b49c150c3492d9f1e846980ec
s390x	libtiff-devel-4.4.0-10.el9.s390x.rpm	0e49b4a153be42a34b2f4ddb4a5c08f09b44d72f77cc335d024b225484d649c6
s390x	libtiff-4.4.0-10.el9.s390x.rpm	79e0ac0ed2c0bafeb955f97f8186aa681f4beb9c919897cbc28a7680084407fb
s390x	libtiff-tools-4.4.0-10.el9.s390x.rpm	aad426332f56b4bbe03da114aaf43eae2bcceff2fc50a4f5066156e980da1734
x86_64	libtiff-4.4.0-10.el9.x86_64.rpm	2896d3e8cab3609f2a982306c61665acc6b55d8dc8b34914358a07d08d946053
x86_64	libtiff-tools-4.4.0-10.el9.x86_64.rpm	d2fbbedd010390ebea64122194926858e263663a2722468796f890628c95788b
x86_64	libtiff-devel-4.4.0-10.el9.x86_64.rpm	d7b218db5589d1bce10cd8295a5683f3b39848b887390677fd751ba12a471039

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.