Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Products & Services

    Products

    Support

    • Production Support
    • Development Support
    • Product Life Cycles

    Services

    • Consulting
    • Technical Account Management
    • Training & Certifications

    Documentation

    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    All Documentation

    Ecosystem Catalog

    • Red Hat Partner Ecosystem
    • Partner Resources
  • Tools

    Tools

    • Troubleshoot a product issue
    • Packages
    • Errata

    Customer Portal Labs

    • Configuration
    • Deployment
    • Security
    • Troubleshoot
    All labs

    Red Hat Insights

    Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

    Learn More
    Go to Insights
  • Security

    Red Hat Product Security Center

    Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

    Product Security Center

    Security Updates

    • Security Advisories
    • Red Hat CVE Database
    • Security Labs

    Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

    View Responses

    Resources

    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community

    Customer Portal Community

    • Discussions
    • Private Groups
    Community Activity

    Customer Events

    • Red Hat Convergence
    • Red Hat Summit

    Stories

    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
Or troubleshoot an issue.

Select Your Language

  • English
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Integration
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
  • Red Hat JBoss Data Virtualization
  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager
All Products
Red Hat Product Errata RHSA-2023:0095 - Security Advisory
Issued:
2023-01-12
Updated:
2023-01-12

RHSA-2023:0095 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: libtiff security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for libtiff is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files.

Security Fix(es):

  • LibTiff: DoS from Divide By Zero Error (CVE-2022-2056, CVE-2022-2057, CVE-2022-2058)
  • libtiff: Double free or corruption in rotateImage() function at tiffcrop.c (CVE-2022-2519)
  • libtiff: uint32_t underflow leads to out of bounds read and write in tiffcrop.c (CVE-2022-2867)
  • libtiff: tiffcrop.c has uint32_t underflow which leads to out of bounds read and write in extractContigSamples8bits() (CVE-2022-2869)
  • libtiff: tiffcrop: heap-buffer-overflow in extractImageSection in tiffcrop.c (CVE-2022-2953)
  • libtiff: Assertion fail in rotateImage() function at tiffcrop.c (CVE-2022-2520)
  • libtiff: Invalid pointer free operation in TIFFClose() at tif_close.c (CVE-2022-2521)
  • libtiff: Invalid crop_width and/or crop_length could cause an out-of-bounds read in reverseSamples16bits() (CVE-2022-2868)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running applications linked against libtiff must be restarted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for ARM 64 8 aarch64
  • Red Hat CodeReady Linux Builder for x86_64 8 x86_64
  • Red Hat CodeReady Linux Builder for Power, little endian 8 ppc64le
  • Red Hat CodeReady Linux Builder for ARM 64 8 aarch64
  • Red Hat CodeReady Linux Builder for IBM z Systems 8 s390x

Fixes

  • BZ - 2103222 - LibTiff: DoS from Divide By Zero Error
  • BZ - 2118847 - CVE-2022-2867 libtiff: uint32_t underflow leads to out of bounds read and write in tiffcrop.c
  • BZ - 2118863 - CVE-2022-2868 libtiff: Invalid crop_width and/or crop_length could cause an out-of-bounds read in reverseSamples16bits()
  • BZ - 2118869 - CVE-2022-2869 libtiff: tiffcrop.c has uint32_t underflow which leads to out of bounds read and write in extractContigSamples8bits()
  • BZ - 2122789 - CVE-2022-2519 libtiff: Double free or corruption in rotateImage() function at tiffcrop.c
  • BZ - 2122792 - CVE-2022-2520 libtiff: Assertion fail in rotateImage() function at tiffcrop.c
  • BZ - 2122799 - CVE-2022-2521 libtiff: Invalid pointer free operation in TIFFClose() at tif_close.c
  • BZ - 2134432 - CVE-2022-2953 libtiff: tiffcrop: heap-buffer-overflow in extractImageSection in tiffcrop.c

CVEs

  • CVE-2022-2056
  • CVE-2022-2057
  • CVE-2022-2058
  • CVE-2022-2519
  • CVE-2022-2520
  • CVE-2022-2521
  • CVE-2022-2867
  • CVE-2022-2868
  • CVE-2022-2869
  • CVE-2022-2953

References

  • https://access.redhat.com/security/updates/classification/#moderate
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 8

SRPM
libtiff-4.0.9-26.el8_7.src.rpm SHA-256: b30bc6ff282e17a5b02a2cdc4918a7e3a97bbecaf7ad86056e4cfdb8c91e43c3
x86_64
libtiff-4.0.9-26.el8_7.i686.rpm SHA-256: bf14f2197b7b9418972a54936db236563e45ee77f960cf711d9ad32b5e69af2c
libtiff-4.0.9-26.el8_7.x86_64.rpm SHA-256: 53eca0e2e9a93be9f1c31260e1e1b3210200fd153bc06e32db9d194d8ead4d94
libtiff-debuginfo-4.0.9-26.el8_7.i686.rpm SHA-256: 4be8be7c113aad3b073ca9f77874ae7cef1973940a7309db341f2708695f91ae
libtiff-debuginfo-4.0.9-26.el8_7.x86_64.rpm SHA-256: a02e70c6f1a1d74fcaf63cbc5593c07e89b711507eb0d2b2b05c4e1ecf793709
libtiff-debugsource-4.0.9-26.el8_7.i686.rpm SHA-256: e551d059289d42860ead3b78b872a6aedc062c3aa28afca69deafc5f00c1a80d
libtiff-debugsource-4.0.9-26.el8_7.x86_64.rpm SHA-256: 486dd78afd1e2b646ed35884180a164f88c2b5c6b05c46795b584e608463be65
libtiff-devel-4.0.9-26.el8_7.i686.rpm SHA-256: b2da98443e01d1eb29e7b5bec2651333c55a68fe3604ca76e9a6f24e62851438
libtiff-devel-4.0.9-26.el8_7.x86_64.rpm SHA-256: 9b616bf2d4de9e699e001476bac2b4ffee982e4aa24e19c70135766cf37fb029
libtiff-tools-debuginfo-4.0.9-26.el8_7.i686.rpm SHA-256: a74bb8c8e16ecb8570e62de8fa1aa7bf959c5a0c8bc94deccdeb032581de8358
libtiff-tools-debuginfo-4.0.9-26.el8_7.x86_64.rpm SHA-256: fa49e6ece7052934667b4f9b8ddcc9a6f031c06086c8b5a3d14c75fd09d653d3

Red Hat Enterprise Linux for IBM z Systems 8

SRPM
libtiff-4.0.9-26.el8_7.src.rpm SHA-256: b30bc6ff282e17a5b02a2cdc4918a7e3a97bbecaf7ad86056e4cfdb8c91e43c3
s390x
libtiff-4.0.9-26.el8_7.s390x.rpm SHA-256: 5e37d48166c755426ec777fd61179d8f75c8abf7a53af2560e3400eddbcd0fee
libtiff-debuginfo-4.0.9-26.el8_7.s390x.rpm SHA-256: 8694bf064f7225a406fde12ab8617e762f22c7873fd17c13a9d1b81f02caef83
libtiff-debugsource-4.0.9-26.el8_7.s390x.rpm SHA-256: 239483426bb5a79e5300c2a0ae257e767dc7d3fa5147400fa61368c4d278ef34
libtiff-devel-4.0.9-26.el8_7.s390x.rpm SHA-256: 29b52913615a2b329e07210b38ec13970e2f02a91d7e49eb9695dacbf2c113de
libtiff-tools-debuginfo-4.0.9-26.el8_7.s390x.rpm SHA-256: bdc3e0bcffcd09c244044aaccdd97d5389da9cbeb3822c3b6f7211facabe0b0b

Red Hat Enterprise Linux for Power, little endian 8

SRPM
libtiff-4.0.9-26.el8_7.src.rpm SHA-256: b30bc6ff282e17a5b02a2cdc4918a7e3a97bbecaf7ad86056e4cfdb8c91e43c3
ppc64le
libtiff-4.0.9-26.el8_7.ppc64le.rpm SHA-256: 19c7d99a5a6ee5e63856f0a65db8783331715e31e7ec05017e65df728db7a8e4
libtiff-debuginfo-4.0.9-26.el8_7.ppc64le.rpm SHA-256: cc382154256166321813b1022ba84dfbaabda45458c37367c43a885bb518500d
libtiff-debugsource-4.0.9-26.el8_7.ppc64le.rpm SHA-256: c5ce0c7627014dace34c96d441e9e2cf8c373165c05e9d3728ddd108be92b1c8
libtiff-devel-4.0.9-26.el8_7.ppc64le.rpm SHA-256: 78f61ddc363d3efe6bec0408853ccadd0d3009195d8320e7258b94e5e35a045a
libtiff-tools-debuginfo-4.0.9-26.el8_7.ppc64le.rpm SHA-256: cb9ef8c1a943b645778bac9b2869f87f2bc204d146beef04e4369e6e64d47393

Red Hat Enterprise Linux for ARM 64 8

SRPM
libtiff-4.0.9-26.el8_7.src.rpm SHA-256: b30bc6ff282e17a5b02a2cdc4918a7e3a97bbecaf7ad86056e4cfdb8c91e43c3
aarch64
libtiff-4.0.9-26.el8_7.aarch64.rpm SHA-256: 6dc88766d8bf2ef23c6396fdb51cfe49132ce26638bcc1edc25a676234655132
libtiff-debuginfo-4.0.9-26.el8_7.aarch64.rpm SHA-256: e4ddbba69dd50053c673172be5682309cc6b3019fb90e1ff52f1d69beaeaddad
libtiff-debugsource-4.0.9-26.el8_7.aarch64.rpm SHA-256: 5e2d90d127c31a1145eb349631a7d06ce8afe481a77490bea5d26fa23bfec69b
libtiff-devel-4.0.9-26.el8_7.aarch64.rpm SHA-256: 17c6fee8acf90bd96693b7056829f61d17818f265d4cdcaabd08a7ad088333d5
libtiff-tools-debuginfo-4.0.9-26.el8_7.aarch64.rpm SHA-256: 253fadbdab7268b9cc9222ecb7dc109cb0b0b285a18afca2dbfe1bb64d1e3992

Red Hat CodeReady Linux Builder for x86_64 8

SRPM
x86_64
libtiff-debuginfo-4.0.9-26.el8_7.x86_64.rpm SHA-256: a02e70c6f1a1d74fcaf63cbc5593c07e89b711507eb0d2b2b05c4e1ecf793709
libtiff-debugsource-4.0.9-26.el8_7.x86_64.rpm SHA-256: 486dd78afd1e2b646ed35884180a164f88c2b5c6b05c46795b584e608463be65
libtiff-tools-4.0.9-26.el8_7.x86_64.rpm SHA-256: 83f325b12aa18a52d2aec1508512788c8f66671ccef9b39a2d4b0c618e3fcd18
libtiff-tools-debuginfo-4.0.9-26.el8_7.x86_64.rpm SHA-256: fa49e6ece7052934667b4f9b8ddcc9a6f031c06086c8b5a3d14c75fd09d653d3

Red Hat CodeReady Linux Builder for Power, little endian 8

SRPM
ppc64le
libtiff-debuginfo-4.0.9-26.el8_7.ppc64le.rpm SHA-256: cc382154256166321813b1022ba84dfbaabda45458c37367c43a885bb518500d
libtiff-debugsource-4.0.9-26.el8_7.ppc64le.rpm SHA-256: c5ce0c7627014dace34c96d441e9e2cf8c373165c05e9d3728ddd108be92b1c8
libtiff-tools-4.0.9-26.el8_7.ppc64le.rpm SHA-256: c4b4a62a81efa696a9de0a85b3c8b8aee1059631491249f00fac550b5092b99f
libtiff-tools-debuginfo-4.0.9-26.el8_7.ppc64le.rpm SHA-256: cb9ef8c1a943b645778bac9b2869f87f2bc204d146beef04e4369e6e64d47393

Red Hat CodeReady Linux Builder for ARM 64 8

SRPM
aarch64
libtiff-debuginfo-4.0.9-26.el8_7.aarch64.rpm SHA-256: e4ddbba69dd50053c673172be5682309cc6b3019fb90e1ff52f1d69beaeaddad
libtiff-debugsource-4.0.9-26.el8_7.aarch64.rpm SHA-256: 5e2d90d127c31a1145eb349631a7d06ce8afe481a77490bea5d26fa23bfec69b
libtiff-tools-4.0.9-26.el8_7.aarch64.rpm SHA-256: 759d365a39c061545972bbad8c6a021b806e0e7c59dd4c6104dcc1842c097c73
libtiff-tools-debuginfo-4.0.9-26.el8_7.aarch64.rpm SHA-256: 253fadbdab7268b9cc9222ecb7dc109cb0b0b285a18afca2dbfe1bb64d1e3992

Red Hat CodeReady Linux Builder for IBM z Systems 8

SRPM
s390x
libtiff-debuginfo-4.0.9-26.el8_7.s390x.rpm SHA-256: 8694bf064f7225a406fde12ab8617e762f22c7873fd17c13a9d1b81f02caef83
libtiff-debugsource-4.0.9-26.el8_7.s390x.rpm SHA-256: 239483426bb5a79e5300c2a0ae257e767dc7d3fa5147400fa61368c4d278ef34
libtiff-tools-4.0.9-26.el8_7.s390x.rpm SHA-256: 4baf5b988d311faa87fe9656aabf76b9c4e1d8684a5ace42a96d1041efe478e8
libtiff-tools-debuginfo-4.0.9-26.el8_7.s390x.rpm SHA-256: bdc3e0bcffcd09c244044aaccdd97d5389da9cbeb3822c3b6f7211facabe0b0b

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
Copyright © 2023 Red Hat, Inc.
  • Privacy Statement
  • Customer Portal Terms of Use
  • All Policies and Guidelines
Red Hat Summit
Twitter