ALSA-2024:2289

[ALSA-2024:2289] Moderate: libtiff security update

Type:

security

Severity:

moderate

Release date:

2024-05-07

Description:

The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files.

Security Fix(es):

* libtiff: infinite loop via a crafted TIFF file (CVE-2022-40090)
* libtiff: segmentation fault in Fax3Encode in libtiff/tif_fax3.c (CVE-2023-3618)
* libtiff: integer overflow in tiffcp.c (CVE-2023-40745)
* libtiff: potential integer overflow in raw2tiff.c (CVE-2023-41175)
* libtiff: heap-based buffer overflow in cpStripToTile() in tools/tiffcp.c (CVE-2023-6228)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	libtiff-4.4.0-12.el9.aarch64.rpm	2d1e04db9eaee4bfb58b48635b5e9ece4e6d0c77b25e759ce31472c1c63bd434
aarch64	libtiff-devel-4.4.0-12.el9.aarch64.rpm	adb20ff835702c0170e7265b65a3add13ab6c048434709adde7b2df6d9873c11
aarch64	libtiff-tools-4.4.0-12.el9.aarch64.rpm	ea2e9ca05c42e22560ac12a7caa9259f421a418574d4e9c6ccae54b194434252
i686	libtiff-4.4.0-12.el9.i686.rpm	64f39e556b634af0732928cbbf5d6bc98c68348889b792c1973be26385bc6cda
i686	libtiff-devel-4.4.0-12.el9.i686.rpm	d81b923babb293c1da7d83a13f4baf951555aacfacf795aac30d5c43f4490c90
ppc64le	libtiff-devel-4.4.0-12.el9.ppc64le.rpm	26c00046ed729cfb690e2eacae91fc411f9222e8c25ac48ee652fd73cdd966c2
ppc64le	libtiff-4.4.0-12.el9.ppc64le.rpm	6eb0031ab513ee2f34e77d0a140052ad5027966999701ccb2e3303451cbbadf3
ppc64le	libtiff-tools-4.4.0-12.el9.ppc64le.rpm	d2fef8a65b7b42bbfdb7ddf5e5da06ee9d15bbfff2bed16255785f623c4337bf
s390x	libtiff-devel-4.4.0-12.el9.s390x.rpm	062cbd864cef9021e9a2c706a4ab4cc32e7bd025d291031a497589da9f64596c
s390x	libtiff-tools-4.4.0-12.el9.s390x.rpm	3460f4be1c2bf1096dd75ab21d7ef2d158e9198481a15ea7eca2d5f3aa3adb7d
s390x	libtiff-4.4.0-12.el9.s390x.rpm	4ffb9a2dee15cf0e01150fec685200f1072ad120d8b6f66b208c95138067c229
x86_64	libtiff-devel-4.4.0-12.el9.x86_64.rpm	0db3ca28e241573b47c786aed25116f6bd0161ec74230bdc9e5a02afd9fa252d
x86_64	libtiff-4.4.0-12.el9.x86_64.rpm	81099cbdbfaa63a87097a1c4303b7498bb64424d46a87b6dd4971b427da154ef
x86_64	libtiff-tools-4.4.0-12.el9.x86_64.rpm	f11d6038e4780fc2e19b4e7f6868f36273cef7b76806c1638fabe0ac08edf2b9

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.