AlmaLinux 2324 Published by

A libtiff security update has been released for AlmaLinux 9.



ALSA-2023:3711 Moderate: libtiff security update


Type:
security

Severity:
moderate

Release date:
2023-06-23

Description
Security Fix(es):
* libtiff: heap-based buffer overflow in processCropSelections() in tools/tiffcrop.c (CVE-2022-48281)
* libtiff: out-of-bounds read in extractContigSamplesShifted16bits() in tools/tiffcrop.c (CVE-2023-0795)
* libtiff: out-of-bounds read in extractContigSamplesShifted24bits() in tools/tiffcrop.c (CVE-2023-0796)
* libtiff: out-of-bounds read in _TIFFmemcpy() in libtiff/tif_unix.c when called by functions in tools/tiffcrop.c (CVE-2023-0797)
* libtiff: out-of-bounds read in extractContigSamplesShifted8bits() in tools/tiffcrop.c (CVE-2023-0798)
* libtiff: use-after-free in extractContigSamplesShifted32bits() in tools/tiffcrop.c (CVE-2023-0799)
* libtiff: out-of-bounds write in extractContigSamplesShifted16bits() in tools/tiffcrop.c (CVE-2023-0800)
* libtiff: out-of-bounds write in _TIFFmemcpy() in libtiff/tif_unix.c when called by functions in tools/tiffcrop.c (CVE-2023-0801)
* libtiff: out-of-bounds write in extractContigSamplesShifted32bits() in tools/tiffcrop.c (CVE-2023-0802)
* libtiff: out-of-bounds write in extractContigSamplesShifted16bits() in tools/tiffcrop.c (CVE-2023-0803)
* libtiff: out-of-bounds write in extractContigSamplesShifted24bits() in tools/tiffcrop.c (CVE-2023-0804)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:
CVE-2022-48281
CVE-2023-0795
CVE-2023-0796
CVE-2023-0797
CVE-2023-0798
CVE-2023-0799
CVE-2023-0800
CVE-2023-0801
CVE-2023-0802
CVE-2023-0803
CVE-2023-0804
RHSA-2023:3711
ALSA-2023:3711

Updates packages:
libtiff-tools-4.4.0-8.el9_2.aarch64.rpm
libtiff-4.4.0-8.el9_2.i686.rpm
libtiff-devel-4.4.0-8.el9_2.i686.rpm
libtiff-devel-4.4.0-8.el9_2.x86_64.rpm
libtiff-4.4.0-8.el9_2.x86_64.rpm
libtiff-tools-4.4.0-8.el9_2.s390x.rpm
libtiff-4.4.0-8.el9_2.aarch64.rpm
libtiff-4.4.0-8.el9_2.ppc64le.rpm
libtiff-devel-4.4.0-8.el9_2.ppc64le.rpm
libtiff-devel-4.4.0-8.el9_2.aarch64.rpm
libtiff-tools-4.4.0-8.el9_2.x86_64.rpm
libtiff-devel-4.4.0-8.el9_2.s390x.rpm
libtiff-tools-4.4.0-8.el9_2.ppc64le.rpm
libtiff-4.4.0-8.el9_2.s390x.rpm

Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.

  ALSA-2023:3711 Moderate: libtiff security update