Lucene search

Rockylinux Product ErrataRLSA-2023:0095

HistoryJan 12, 2023 - 8:25 a.m.

libtiff security update

2023-01-1208:25:25

Rockylinux Product Errata

errata.rockylinux.org

libtiff

security update

rocky linux 8

dos

cve-2022-2056

cve-2022-2057

cve-2022-2058

cve-2022-2519

cve-2022-2867

cve-2022-2869

cve-2022-2953

cve-2022-2520

cve-2022-2521

cve-2022-2868

cvss

tiff files

vulnerability

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

0.003 Low

EPSS

Percentile

68.0%

JSON

An update is available for libtiff.
This update affects Rocky Linux 8.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files.

Security Fix(es):

LibTiff: DoS from Divide By Zero Error (CVE-2022-2056, CVE-2022-2057, CVE-2022-2058)
libtiff: Double free or corruption in rotateImage() function at tiffcrop.c (CVE-2022-2519)
libtiff: uint32_t underflow leads to out of bounds read and write in tiffcrop.c (CVE-2022-2867)
libtiff: tiffcrop.c has uint32_t underflow which leads to out of bounds read and write in extractContigSamples8bits() (CVE-2022-2869)
libtiff: tiffcrop: heap-buffer-overflow in extractImageSection in tiffcrop.c (CVE-2022-2953)
libtiff: Assertion fail in rotateImage() function at tiffcrop.c (CVE-2022-2520)
libtiff: Invalid pointer free operation in TIFFClose() at tif_close.c (CVE-2022-2521)
libtiff: Invalid crop_width and/or crop_length could cause an out-of-bounds read in reverseSamples16bits() (CVE-2022-2868)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
rocky8i686libtiff< 4.0.9-26.el8_7libtiff-0:4.0.9-26.el8_7.i686.rpm
rocky8x86_64libtiff< 4.0.9-26.el8_7libtiff-0:4.0.9-26.el8_7.x86_64.rpm
rocky8aarch64libtiff< 4.0.9-26.el8_7libtiff-0:4.0.9-26.el8_7.aarch64.rpm
rocky8aarch64libtiff-debuginfo< 4.0.9-26.el8_7libtiff-debuginfo-0:4.0.9-26.el8_7.aarch64.rpm
rocky8i686libtiff-debuginfo< 4.0.9-26.el8_7libtiff-debuginfo-0:4.0.9-26.el8_7.i686.rpm
rocky8x86_64libtiff-debuginfo< 4.0.9-26.el8_7libtiff-debuginfo-0:4.0.9-26.el8_7.x86_64.rpm
rocky8aarch64libtiff-debugsource< 4.0.9-26.el8_7libtiff-debugsource-0:4.0.9-26.el8_7.aarch64.rpm
rocky8i686libtiff-debugsource< 4.0.9-26.el8_7libtiff-debugsource-0:4.0.9-26.el8_7.i686.rpm
rocky8x86_64libtiff-debugsource< 4.0.9-26.el8_7libtiff-debugsource-0:4.0.9-26.el8_7.x86_64.rpm
rocky8aarch64libtiff-devel< 4.0.9-26.el8_7libtiff-devel-0:4.0.9-26.el8_7.aarch64.rpm

OS	Version	Architecture	Package	Version	Filename
rocky	8	i686	libtiff	< 4.0.9-26.el8_7	libtiff-0:4.0.9-26.el8_7.i686.rpm
rocky	8	x86_64	libtiff	< 4.0.9-26.el8_7	libtiff-0:4.0.9-26.el8_7.x86_64.rpm
rocky	8	aarch64	libtiff	< 4.0.9-26.el8_7	libtiff-0:4.0.9-26.el8_7.aarch64.rpm
rocky	8	aarch64	libtiff-debuginfo	< 4.0.9-26.el8_7	libtiff-debuginfo-0:4.0.9-26.el8_7.aarch64.rpm
rocky	8	i686	libtiff-debuginfo	< 4.0.9-26.el8_7	libtiff-debuginfo-0:4.0.9-26.el8_7.i686.rpm
rocky	8	x86_64	libtiff-debuginfo	< 4.0.9-26.el8_7	libtiff-debuginfo-0:4.0.9-26.el8_7.x86_64.rpm
rocky	8	aarch64	libtiff-debugsource	< 4.0.9-26.el8_7	libtiff-debugsource-0:4.0.9-26.el8_7.aarch64.rpm
rocky	8	i686	libtiff-debugsource	< 4.0.9-26.el8_7	libtiff-debugsource-0:4.0.9-26.el8_7.i686.rpm
rocky	8	x86_64	libtiff-debugsource	< 4.0.9-26.el8_7	libtiff-debugsource-0:4.0.9-26.el8_7.x86_64.rpm
rocky	8	aarch64	libtiff-devel	< 4.0.9-26.el8_7	libtiff-devel-0:4.0.9-26.el8_7.aarch64.rpm