Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Products & Services

    Products

    Support

    • Production Support
    • Development Support
    • Product Life Cycles

    Services

    • Consulting
    • Technical Account Management
    • Training & Certifications

    Documentation

    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    All Documentation

    Ecosystem Catalog

    • Red Hat Partner Ecosystem
    • Partner Resources
  • Tools

    Tools

    • Troubleshoot a product issue
    • Packages
    • Errata

    Customer Portal Labs

    • Configuration
    • Deployment
    • Security
    • Troubleshoot
    All labs

    Red Hat Insights

    Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

    Learn More
    Go to Insights
  • Security

    Red Hat Product Security Center

    Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

    Product Security Center

    Security Updates

    • Security Advisories
    • Red Hat CVE Database
    • Security Labs

    Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

    View Responses

    Resources

    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community

    Customer Portal Community

    • Discussions
    • Private Groups
    Community Activity

    Customer Events

    • Red Hat Convergence
    • Red Hat Summit

    Stories

    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
Or troubleshoot an issue.

Select Your Language

  • English
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Integration
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
  • Red Hat JBoss Data Virtualization
  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager
All Products
Red Hat Product Errata RHSA-2023:0302 - Security Advisory
Issued:
2023-01-23
Updated:
2023-01-23

RHSA-2023:0302 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: libtiff security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for libtiff is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files.

Security Fix(es):

  • LibTiff: DoS from Divide By Zero Error (CVE-2022-2056, CVE-2022-2057, CVE-2022-2058)
  • libtiff: Double free or corruption in rotateImage() function at tiffcrop.c (CVE-2022-2519)
  • libtiff: tiffcrop: heap-buffer-overflow in extractImageSection in tiffcrop.c (CVE-2022-2953)
  • libtiff: Assertion fail in rotateImage() function at tiffcrop.c (CVE-2022-2520)
  • libtiff: Invalid pointer free operation in TIFFClose() at tif_close.c (CVE-2022-2521)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running applications linked against libtiff must be restarted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux for x86_64 9 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 9 s390x
  • Red Hat Enterprise Linux for Power, little endian 9 ppc64le
  • Red Hat Enterprise Linux for ARM 64 9 aarch64
  • Red Hat CodeReady Linux Builder for x86_64 9 x86_64
  • Red Hat CodeReady Linux Builder for Power, little endian 9 ppc64le
  • Red Hat CodeReady Linux Builder for ARM 64 9 aarch64
  • Red Hat CodeReady Linux Builder for IBM z Systems 9 s390x

Fixes

  • BZ - 2103222 - LibTiff: DoS from Divide By Zero Error
  • BZ - 2122789 - CVE-2022-2519 libtiff: Double free or corruption in rotateImage() function at tiffcrop.c
  • BZ - 2122792 - CVE-2022-2520 libtiff: Assertion fail in rotateImage() function at tiffcrop.c
  • BZ - 2122799 - CVE-2022-2521 libtiff: Invalid pointer free operation in TIFFClose() at tif_close.c
  • BZ - 2134432 - CVE-2022-2953 libtiff: tiffcrop: heap-buffer-overflow in extractImageSection in tiffcrop.c

CVEs

  • CVE-2022-2056
  • CVE-2022-2057
  • CVE-2022-2058
  • CVE-2022-2519
  • CVE-2022-2520
  • CVE-2022-2521
  • CVE-2022-2953

References

  • https://access.redhat.com/security/updates/classification/#moderate
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 9

SRPM
libtiff-4.4.0-5.el9_1.src.rpm SHA-256: 3bfb11626a8bbdbab11d150f1b94ad1768d4bfcae812e3f50d0dd6427f168a8c
x86_64
libtiff-4.4.0-5.el9_1.i686.rpm SHA-256: 6765e5d84fa5d55f66bd13eb975e4f9ead1883d63e5004b4eabb8bdb8bfca466
libtiff-4.4.0-5.el9_1.x86_64.rpm SHA-256: b1353b7c803b31d55c78d3589ccfac1549e2c13ee7428fd805d934c4ed325d62
libtiff-debuginfo-4.4.0-5.el9_1.i686.rpm SHA-256: 5be44aeeb9243bddc6c890b02da2f39c352d7617be5d680a7ad194c5ebcefd1a
libtiff-debuginfo-4.4.0-5.el9_1.x86_64.rpm SHA-256: 688a21ce29fc92e6464dad2eec7c124e7b96cc6a9d5c6f702299b83cfd68e292
libtiff-debugsource-4.4.0-5.el9_1.i686.rpm SHA-256: 636361c3e1f367a1908abcf609f47925bc5749d66d7e9e5c910747f3a7e573a6
libtiff-debugsource-4.4.0-5.el9_1.x86_64.rpm SHA-256: 7ae7e95c73d6750b117b0a74dad85b2df0662d0ee43d95d83b203f8ff72fba94
libtiff-devel-4.4.0-5.el9_1.i686.rpm SHA-256: bd54bc2abab90ff4e786cbe473b29610a0b1bea5dc8bcf65e4e99c76b7c9622b
libtiff-devel-4.4.0-5.el9_1.x86_64.rpm SHA-256: 2f881fea5ad1d6e80254c287030be9d7f1506e7ca4f1d4d9ac6fdf5dc9532dac
libtiff-tools-debuginfo-4.4.0-5.el9_1.i686.rpm SHA-256: 140158315f4256275a39ca0d1ecfc9546452d6b606fb192dd5966ca9fe814deb
libtiff-tools-debuginfo-4.4.0-5.el9_1.x86_64.rpm SHA-256: 5b8596a6f5d92b3cca5457c724e42682003cc2934b6d60700bd6386c155ba399

Red Hat Enterprise Linux for IBM z Systems 9

SRPM
libtiff-4.4.0-5.el9_1.src.rpm SHA-256: 3bfb11626a8bbdbab11d150f1b94ad1768d4bfcae812e3f50d0dd6427f168a8c
s390x
libtiff-4.4.0-5.el9_1.s390x.rpm SHA-256: b949f8aa452859160c580894b95c2f55f07113be2987f37d9c6a8caa0125d391
libtiff-debuginfo-4.4.0-5.el9_1.s390x.rpm SHA-256: a6b749b5da7d71d1d5266ac07eebb3685d256c3d027d0527597fbe39d922562e
libtiff-debugsource-4.4.0-5.el9_1.s390x.rpm SHA-256: 5bf45b0f3993c9e9c0e366ad32756a07dc972b4b97e25e08e9266f550334f007
libtiff-devel-4.4.0-5.el9_1.s390x.rpm SHA-256: ea8fadba387191edf0f9f2dad63c26da2bb14357985de8d2c7431b085fa88faa
libtiff-tools-debuginfo-4.4.0-5.el9_1.s390x.rpm SHA-256: eae00e6153268f3839a2b470b9b1a8ffc588a5b82a6f08d4396872ed787e156a

Red Hat Enterprise Linux for Power, little endian 9

SRPM
libtiff-4.4.0-5.el9_1.src.rpm SHA-256: 3bfb11626a8bbdbab11d150f1b94ad1768d4bfcae812e3f50d0dd6427f168a8c
ppc64le
libtiff-4.4.0-5.el9_1.ppc64le.rpm SHA-256: dc752205c80218baf6cdafec5aab63a1543b642505e89d092d81a4c66d78d5c7
libtiff-debuginfo-4.4.0-5.el9_1.ppc64le.rpm SHA-256: 0b01721bbbd2806d335338d05ff92d74c5e3374e93acb53bbae7ec334f5eec9a
libtiff-debugsource-4.4.0-5.el9_1.ppc64le.rpm SHA-256: 0f8321bd0d1b44e03d7f321c32c9488621ed5d84d8620e266fb4d02f3bbc112b
libtiff-devel-4.4.0-5.el9_1.ppc64le.rpm SHA-256: 4d8090d0098cb7ee351ca4f521996f7b4d550b584eb62558147f5dc97ec131d2
libtiff-tools-debuginfo-4.4.0-5.el9_1.ppc64le.rpm SHA-256: a9f3e42d33bbb6d40c4cac001e926aa8bb133399ed1b01d438f22fc4abf0836f

Red Hat Enterprise Linux for ARM 64 9

SRPM
libtiff-4.4.0-5.el9_1.src.rpm SHA-256: 3bfb11626a8bbdbab11d150f1b94ad1768d4bfcae812e3f50d0dd6427f168a8c
aarch64
libtiff-4.4.0-5.el9_1.aarch64.rpm SHA-256: b08212de5242a918286e609d6c6b2e7deb06bac49874208f21946214c6100451
libtiff-debuginfo-4.4.0-5.el9_1.aarch64.rpm SHA-256: b34f6b03334a791aea9bccd3e47f12ed112c253d94a9dff083666e95dedca31a
libtiff-debugsource-4.4.0-5.el9_1.aarch64.rpm SHA-256: c49ba3875d44430edcf593783438db2a1ffb9feb999cbac171bbb21425877f27
libtiff-devel-4.4.0-5.el9_1.aarch64.rpm SHA-256: f717eb8960e5a98735ed1b11bc970c4bb66c850853680408642c9fe001846c28
libtiff-tools-debuginfo-4.4.0-5.el9_1.aarch64.rpm SHA-256: 9a3c5059375200da4b9312221b3bd3c981261b472ea055580cbfc31d2753fbcd

Red Hat CodeReady Linux Builder for x86_64 9

SRPM
x86_64
libtiff-debuginfo-4.4.0-5.el9_1.x86_64.rpm SHA-256: 688a21ce29fc92e6464dad2eec7c124e7b96cc6a9d5c6f702299b83cfd68e292
libtiff-debugsource-4.4.0-5.el9_1.x86_64.rpm SHA-256: 7ae7e95c73d6750b117b0a74dad85b2df0662d0ee43d95d83b203f8ff72fba94
libtiff-tools-4.4.0-5.el9_1.x86_64.rpm SHA-256: b9dae6f09f1c236b7ba132a12db9c0134381f8e766bd041e021cbe4dfe9f9694
libtiff-tools-debuginfo-4.4.0-5.el9_1.x86_64.rpm SHA-256: 5b8596a6f5d92b3cca5457c724e42682003cc2934b6d60700bd6386c155ba399

Red Hat CodeReady Linux Builder for Power, little endian 9

SRPM
ppc64le
libtiff-debuginfo-4.4.0-5.el9_1.ppc64le.rpm SHA-256: 0b01721bbbd2806d335338d05ff92d74c5e3374e93acb53bbae7ec334f5eec9a
libtiff-debugsource-4.4.0-5.el9_1.ppc64le.rpm SHA-256: 0f8321bd0d1b44e03d7f321c32c9488621ed5d84d8620e266fb4d02f3bbc112b
libtiff-tools-4.4.0-5.el9_1.ppc64le.rpm SHA-256: 1bdc1524d7571ec2a1b81e4acadc28eb6fb5f9417b9e02135c530e64c7cf50d7
libtiff-tools-debuginfo-4.4.0-5.el9_1.ppc64le.rpm SHA-256: a9f3e42d33bbb6d40c4cac001e926aa8bb133399ed1b01d438f22fc4abf0836f

Red Hat CodeReady Linux Builder for ARM 64 9

SRPM
aarch64
libtiff-debuginfo-4.4.0-5.el9_1.aarch64.rpm SHA-256: b34f6b03334a791aea9bccd3e47f12ed112c253d94a9dff083666e95dedca31a
libtiff-debugsource-4.4.0-5.el9_1.aarch64.rpm SHA-256: c49ba3875d44430edcf593783438db2a1ffb9feb999cbac171bbb21425877f27
libtiff-tools-4.4.0-5.el9_1.aarch64.rpm SHA-256: 594481e49b3a86ba2d28047885aa09167a220c634122a443a6e636e6e519e7b0
libtiff-tools-debuginfo-4.4.0-5.el9_1.aarch64.rpm SHA-256: 9a3c5059375200da4b9312221b3bd3c981261b472ea055580cbfc31d2753fbcd

Red Hat CodeReady Linux Builder for IBM z Systems 9

SRPM
s390x
libtiff-debuginfo-4.4.0-5.el9_1.s390x.rpm SHA-256: a6b749b5da7d71d1d5266ac07eebb3685d256c3d027d0527597fbe39d922562e
libtiff-debugsource-4.4.0-5.el9_1.s390x.rpm SHA-256: 5bf45b0f3993c9e9c0e366ad32756a07dc972b4b97e25e08e9266f550334f007
libtiff-tools-4.4.0-5.el9_1.s390x.rpm SHA-256: b1e733636104bc86638b52a272035f20283ca3bc095ed3bda665396f51852b7a
libtiff-tools-debuginfo-4.4.0-5.el9_1.s390x.rpm SHA-256: eae00e6153268f3839a2b470b9b1a8ffc588a5b82a6f08d4396872ed787e156a

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
Copyright © 2023 Red Hat, Inc.
  • Privacy Statement
  • Customer Portal Terms of Use
  • All Policies and Guidelines
Red Hat Summit
Twitter