Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Products & Services

    Products

    Support

    • Production Support
    • Development Support
    • Product Life Cycles

    Services

    • Consulting
    • Technical Account Management
    • Training & Certifications

    Documentation

    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    All Documentation

    Ecosystem Catalog

    • Red Hat Partner Ecosystem
    • Partner Resources
  • Tools

    Tools

    • Troubleshoot a product issue
    • Packages
    • Errata

    Customer Portal Labs

    • Configuration
    • Deployment
    • Security
    • Troubleshoot
    All labs

    Red Hat Insights

    Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

    Learn More
    Go to Insights
  • Security

    Red Hat Product Security Center

    Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

    Product Security Center

    Security Updates

    • Security Advisories
    • Red Hat CVE Database
    • Security Labs

    Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

    View Responses

    Resources

    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community

    Customer Portal Community

    • Discussions
    • Private Groups
    Community Activity

    Customer Events

    • Red Hat Convergence
    • Red Hat Summit

    Stories

    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
Or troubleshoot an issue.

Select Your Language

  • English
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Integration
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
  • Red Hat JBoss Data Virtualization
  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager
All Products
Red Hat Product Errata RHSA-2022:7585 - Security Advisory
Issued:
2022-11-08
Updated:
2022-11-08

RHSA-2022:7585 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: libtiff security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for libtiff is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files.

Security Fix(es):

  • libtiff: Denial of Service via crafted TIFF file (CVE-2022-0561)
  • libtiff: Null source pointer lead to Denial of Service via crafted TIFF file (CVE-2022-0562)
  • libtiff: reachable assertion (CVE-2022-0865)
  • libtiff: Out-of-bounds Read error in tiffcp (CVE-2022-0924)
  • libtiff: stack-buffer-overflow in tiffcp.c in main() (CVE-2022-1355)
  • libtiff: out-of-bounds read in _TIFFmemcpy() in tif_unix.c (CVE-2022-22844)
  • libtiff: heap buffer overflow in extractImageSection (CVE-2022-0891)
  • tiff: Null source pointer passed as an argument to memcpy in TIFFFetchNormalTag() in tif_dirread.c (CVE-2022-0908)
  • tiff: Divide By Zero error in tiffcrop (CVE-2022-0909)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes linked from the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running applications linked against libtiff must be restarted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for ARM 64 8 aarch64
  • Red Hat CodeReady Linux Builder for x86_64 8 x86_64
  • Red Hat CodeReady Linux Builder for Power, little endian 8 ppc64le
  • Red Hat CodeReady Linux Builder for ARM 64 8 aarch64
  • Red Hat CodeReady Linux Builder for IBM z Systems 8 s390x

Fixes

  • BZ - 2042603 - CVE-2022-22844 libtiff: out-of-bounds read in _TIFFmemcpy() in tif_unix.c
  • BZ - 2054494 - CVE-2022-0561 libtiff: Denial of Service via crafted TIFF file
  • BZ - 2054495 - CVE-2022-0562 libtiff: Null source pointer lead to Denial of Service via crafted TIFF file
  • BZ - 2064145 - CVE-2022-0908 tiff: Null source pointer passed as an argument to memcpy in TIFFFetchNormalTag() in tif_dirread.c
  • BZ - 2064146 - CVE-2022-0909 tiff: Divide By Zero error in tiffcrop
  • BZ - 2064148 - CVE-2022-0924 libtiff: Out-of-bounds Read error in tiffcp
  • BZ - 2064406 - CVE-2022-0865 libtiff: reachable assertion
  • BZ - 2064411 - CVE-2022-0891 libtiff: heap buffer overflow in extractImageSection
  • BZ - 2074415 - CVE-2022-1355 libtiff: stack-buffer-overflow in tiffcp.c in main()

CVEs

  • CVE-2022-0561
  • CVE-2022-0562
  • CVE-2022-0865
  • CVE-2022-0891
  • CVE-2022-0908
  • CVE-2022-0909
  • CVE-2022-0924
  • CVE-2022-1355
  • CVE-2022-22844

References

  • https://access.redhat.com/security/updates/classification/#moderate
  • https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 8

SRPM
libtiff-4.0.9-23.el8.src.rpm SHA-256: 1b85a408bdf28bc8727e0ea84e9a98b17486253fe9419f50b24e83fda1e6eac8
x86_64
libtiff-4.0.9-23.el8.i686.rpm SHA-256: 74c03e707dc77656108a7e12e3585fa159a9d245f00a2814e6844fea6287fb1e
libtiff-4.0.9-23.el8.x86_64.rpm SHA-256: cff1c23b5232b3a91c636b45bab2b987440dfa04f419c7150f4ca6cfa38044d1
libtiff-debuginfo-4.0.9-23.el8.i686.rpm SHA-256: 16851626469b5a8d67f90a4f1d0dd3a2a81364d8e9ae69ab61eb0d312c878471
libtiff-debuginfo-4.0.9-23.el8.x86_64.rpm SHA-256: 438aed5574fee47f0dfed112e595795ccce3e9695f6745d8164f86efae73bafa
libtiff-debugsource-4.0.9-23.el8.i686.rpm SHA-256: 5677930736c0f4f0bc4c1790f01b5d052627f7f9ec74f610180b94efc98aa783
libtiff-debugsource-4.0.9-23.el8.x86_64.rpm SHA-256: 8e2a931056186542d8a0d778c3ab9554fb80ff403c85131986cce30bd972b1e2
libtiff-devel-4.0.9-23.el8.i686.rpm SHA-256: cfa1b36117a6b3d452fb5e8394c9b5578b34e3deaa6b2dc95bd9f78bc2c095b9
libtiff-devel-4.0.9-23.el8.x86_64.rpm SHA-256: 03766956bd20da586d35117a64a737f5f003021bafcdf6337aebbf838b1a3169
libtiff-tools-debuginfo-4.0.9-23.el8.i686.rpm SHA-256: 6ab80f4641a6c1ddb40a29294d64adf0353e9526e3ae07060f9d13a65f19478d
libtiff-tools-debuginfo-4.0.9-23.el8.x86_64.rpm SHA-256: d1372c9a7c1095c3c41740027505daad8c72fd4b49a590f55969d923c909937f

Red Hat Enterprise Linux for IBM z Systems 8

SRPM
libtiff-4.0.9-23.el8.src.rpm SHA-256: 1b85a408bdf28bc8727e0ea84e9a98b17486253fe9419f50b24e83fda1e6eac8
s390x
libtiff-4.0.9-23.el8.s390x.rpm SHA-256: d684a65f71014e894f02d04d5800be6176f4ff48fd40a6bc4bd1bf0a02392c0b
libtiff-debuginfo-4.0.9-23.el8.s390x.rpm SHA-256: 528d4d7a39a3201119ac80d16ca9e9413b20496c368f6176f8f83fb8be903284
libtiff-debugsource-4.0.9-23.el8.s390x.rpm SHA-256: 022e4303783b6310ed161b63dd05740514971ba2afcab3d6f0348873fc3aaf01
libtiff-devel-4.0.9-23.el8.s390x.rpm SHA-256: e4f0a78ef0c24a840144e2fce85aadf0b03d5c49b2be4dbdba563391c09449a9
libtiff-tools-debuginfo-4.0.9-23.el8.s390x.rpm SHA-256: cbf46342c37a826d5ed3c29b31a38f28283d17f228bba3fd95e8f03e3ea003ac

Red Hat Enterprise Linux for Power, little endian 8

SRPM
libtiff-4.0.9-23.el8.src.rpm SHA-256: 1b85a408bdf28bc8727e0ea84e9a98b17486253fe9419f50b24e83fda1e6eac8
ppc64le
libtiff-4.0.9-23.el8.ppc64le.rpm SHA-256: 639e9f8c58f6c4e74b2046774cd3d5dfbc4ce9d9c8f337775213a8147976c9ac
libtiff-debuginfo-4.0.9-23.el8.ppc64le.rpm SHA-256: 37d42a1ba4c5d4bcd664eaf96504301b360b791ab8822e29149ae1bb4cc3baac
libtiff-debugsource-4.0.9-23.el8.ppc64le.rpm SHA-256: ec00f66a67e25146d9e58e3c3b33a483d148f1070e5816e89e32eb7cc83b79b7
libtiff-devel-4.0.9-23.el8.ppc64le.rpm SHA-256: 746cd8544ff1eee556ea536555978458e4496c86054d3f11f89834f82e182767
libtiff-tools-debuginfo-4.0.9-23.el8.ppc64le.rpm SHA-256: 7fe8d38a525c8fe724f2721d96388dc6adca35483b1a6fcc79b880c805c9ba94

Red Hat Enterprise Linux for ARM 64 8

SRPM
libtiff-4.0.9-23.el8.src.rpm SHA-256: 1b85a408bdf28bc8727e0ea84e9a98b17486253fe9419f50b24e83fda1e6eac8
aarch64
libtiff-4.0.9-23.el8.aarch64.rpm SHA-256: 1d723f5155f792acda186c304c3569ee791a7f3d66e57ef37c7dae1ec8e20673
libtiff-debuginfo-4.0.9-23.el8.aarch64.rpm SHA-256: 0cdf7a504d015df2eca412f28ffa032adaec340c0af92ad4afee3a1b4d049dbe
libtiff-debugsource-4.0.9-23.el8.aarch64.rpm SHA-256: d3a77c79ec69ae852f5e404fdda4dec2372bc1c66bee85c787bcc1ad24e6ff0f
libtiff-devel-4.0.9-23.el8.aarch64.rpm SHA-256: e4c87c5d0ecd15e85fe1d0c4b7d9c7736a497ba8ce48e4ee5f371a17550656dc
libtiff-tools-debuginfo-4.0.9-23.el8.aarch64.rpm SHA-256: fc6698d1fc96a872a3bcebb8e0a4ab48e512082e1cde0d8eb386d4a0a67177f2

Red Hat CodeReady Linux Builder for x86_64 8

SRPM
x86_64
libtiff-debuginfo-4.0.9-23.el8.x86_64.rpm SHA-256: 438aed5574fee47f0dfed112e595795ccce3e9695f6745d8164f86efae73bafa
libtiff-debugsource-4.0.9-23.el8.x86_64.rpm SHA-256: 8e2a931056186542d8a0d778c3ab9554fb80ff403c85131986cce30bd972b1e2
libtiff-tools-4.0.9-23.el8.x86_64.rpm SHA-256: f4fae231efa0c252df230225439c3ca1f32d735b56797c03ba82fa33dc7177d3
libtiff-tools-debuginfo-4.0.9-23.el8.x86_64.rpm SHA-256: d1372c9a7c1095c3c41740027505daad8c72fd4b49a590f55969d923c909937f

Red Hat CodeReady Linux Builder for Power, little endian 8

SRPM
ppc64le
libtiff-debuginfo-4.0.9-23.el8.ppc64le.rpm SHA-256: 37d42a1ba4c5d4bcd664eaf96504301b360b791ab8822e29149ae1bb4cc3baac
libtiff-debugsource-4.0.9-23.el8.ppc64le.rpm SHA-256: ec00f66a67e25146d9e58e3c3b33a483d148f1070e5816e89e32eb7cc83b79b7
libtiff-tools-4.0.9-23.el8.ppc64le.rpm SHA-256: 078eb5462998bf6fc2cff619a87859f47f2cc8543b0492e06adc81df01e0ff71
libtiff-tools-debuginfo-4.0.9-23.el8.ppc64le.rpm SHA-256: 7fe8d38a525c8fe724f2721d96388dc6adca35483b1a6fcc79b880c805c9ba94

Red Hat CodeReady Linux Builder for ARM 64 8

SRPM
aarch64
libtiff-debuginfo-4.0.9-23.el8.aarch64.rpm SHA-256: 0cdf7a504d015df2eca412f28ffa032adaec340c0af92ad4afee3a1b4d049dbe
libtiff-debugsource-4.0.9-23.el8.aarch64.rpm SHA-256: d3a77c79ec69ae852f5e404fdda4dec2372bc1c66bee85c787bcc1ad24e6ff0f
libtiff-tools-4.0.9-23.el8.aarch64.rpm SHA-256: 068c8d29a616fee554967a9dca9796034f784fa07385cd491736fa3e654519d0
libtiff-tools-debuginfo-4.0.9-23.el8.aarch64.rpm SHA-256: fc6698d1fc96a872a3bcebb8e0a4ab48e512082e1cde0d8eb386d4a0a67177f2

Red Hat CodeReady Linux Builder for IBM z Systems 8

SRPM
s390x
libtiff-debuginfo-4.0.9-23.el8.s390x.rpm SHA-256: 528d4d7a39a3201119ac80d16ca9e9413b20496c368f6176f8f83fb8be903284
libtiff-debugsource-4.0.9-23.el8.s390x.rpm SHA-256: 022e4303783b6310ed161b63dd05740514971ba2afcab3d6f0348873fc3aaf01
libtiff-tools-4.0.9-23.el8.s390x.rpm SHA-256: 36c6fabad5cb6028b7f47e2d6a2758ee607d5a75ec4ded28e7e765064b74cb64
libtiff-tools-debuginfo-4.0.9-23.el8.s390x.rpm SHA-256: cbf46342c37a826d5ed3c29b31a38f28283d17f228bba3fd95e8f03e3ea003ac

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
Copyright © 2023 Red Hat, Inc.
  • Privacy Statement
  • Customer Portal Terms of Use
  • All Policies and Guidelines
Red Hat Summit
Twitter