Lucene search

Rockylinux Product ErrataRLSA-2023:0302

HistoryJan 23, 2023 - 2:29 p.m.

libtiff security update

2023-01-2314:29:57

Rockylinux Product Errata

errata.rockylinux.org

libtiff

security update

rocky linux 9

vulnerability

cvss score

tiff files

dos

heap-buffer-overflow

assertion fail

invalid pointer free operation

cve list

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.005

Percentile

76.5%

JSON

An update is available for libtiff.
This update affects Rocky Linux 9.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files.

Security Fix(es):

LibTiff: DoS from Divide By Zero Error (CVE-2022-2056, CVE-2022-2057, CVE-2022-2058)
libtiff: Double free or corruption in rotateImage() function at tiffcrop.c (CVE-2022-2519)
libtiff: tiffcrop: heap-buffer-overflow in extractImageSection in tiffcrop.c (CVE-2022-2953)
libtiff: Assertion fail in rotateImage() function at tiffcrop.c (CVE-2022-2520)
libtiff: Invalid pointer free operation in TIFFClose() at tif_close.c (CVE-2022-2521)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
rocky9x86_64libtiff< 4.4.0-5.el9_1libtiff-0:4.4.0-5.el9_1.x86_64.rpm
rocky9aarch64libtiff< 4.4.0-5.el9_1libtiff-0:4.4.0-5.el9_1.aarch64.rpm
rocky9i686libtiff< 4.4.0-5.el9_1libtiff-0:4.4.0-5.el9_1.i686.rpm
rocky9ppc64lelibtiff< 4.4.0-5.el9_1libtiff-0:4.4.0-5.el9_1.ppc64le.rpm
rocky9s390xlibtiff< 4.4.0-5.el9_1libtiff-0:4.4.0-5.el9_1.s390x.rpm
rocky9aarch64libtiff-debuginfo< 4.4.0-5.el9_1libtiff-debuginfo-0:4.4.0-5.el9_1.aarch64.rpm
rocky9ppc64lelibtiff-debuginfo< 4.4.0-5.el9_1libtiff-debuginfo-0:4.4.0-5.el9_1.ppc64le.rpm
rocky9s390xlibtiff-debuginfo< 4.4.0-5.el9_1libtiff-debuginfo-0:4.4.0-5.el9_1.s390x.rpm
rocky9x86_64libtiff-debuginfo< 4.4.0-5.el9_1libtiff-debuginfo-0:4.4.0-5.el9_1.x86_64.rpm
rocky9aarch64libtiff-debugsource< 4.4.0-5.el9_1libtiff-debugsource-0:4.4.0-5.el9_1.aarch64.rpm

OS	Version	Architecture	Package	Version	Filename
rocky	9	x86_64	libtiff	< 4.4.0-5.el9_1	libtiff-0:4.4.0-5.el9_1.x86_64.rpm
rocky	9	aarch64	libtiff	< 4.4.0-5.el9_1	libtiff-0:4.4.0-5.el9_1.aarch64.rpm
rocky	9	i686	libtiff	< 4.4.0-5.el9_1	libtiff-0:4.4.0-5.el9_1.i686.rpm
rocky	9	ppc64le	libtiff	< 4.4.0-5.el9_1	libtiff-0:4.4.0-5.el9_1.ppc64le.rpm
rocky	9	s390x	libtiff	< 4.4.0-5.el9_1	libtiff-0:4.4.0-5.el9_1.s390x.rpm
rocky	9	aarch64	libtiff-debuginfo	< 4.4.0-5.el9_1	libtiff-debuginfo-0:4.4.0-5.el9_1.aarch64.rpm
rocky	9	ppc64le	libtiff-debuginfo	< 4.4.0-5.el9_1	libtiff-debuginfo-0:4.4.0-5.el9_1.ppc64le.rpm
rocky	9	s390x	libtiff-debuginfo	< 4.4.0-5.el9_1	libtiff-debuginfo-0:4.4.0-5.el9_1.s390x.rpm
rocky	9	x86_64	libtiff-debuginfo	< 4.4.0-5.el9_1	libtiff-debuginfo-0:4.4.0-5.el9_1.x86_64.rpm
rocky	9	aarch64	libtiff-debugsource	< 4.4.0-5.el9_1	libtiff-debugsource-0:4.4.0-5.el9_1.aarch64.rpm