Red Hat Product Errata RHSA-2023:0302 - Security Advisory

Issued:: 2023-01-23
Updated:: 2023-01-23

RHSA-2023:0302 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: libtiff security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for libtiff is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files.

Security Fix(es):

LibTiff: DoS from Divide By Zero Error (CVE-2022-2056, CVE-2022-2057, CVE-2022-2058)
libtiff: Double free or corruption in rotateImage() function at tiffcrop.c (CVE-2022-2519)
libtiff: tiffcrop: heap-buffer-overflow in extractImageSection in tiffcrop.c (CVE-2022-2953)
libtiff: Assertion fail in rotateImage() function at tiffcrop.c (CVE-2022-2520)
libtiff: Invalid pointer free operation in TIFFClose() at tif_close.c (CVE-2022-2521)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running applications linked against libtiff must be restarted for this update to take effect.

Affected Products

Red Hat Enterprise Linux for x86_64 9 x86_64
Red Hat Enterprise Linux for IBM z Systems 9 s390x
Red Hat Enterprise Linux for Power, little endian 9 ppc64le
Red Hat Enterprise Linux for ARM 64 9 aarch64
Red Hat CodeReady Linux Builder for x86_64 9 x86_64
Red Hat CodeReady Linux Builder for Power, little endian 9 ppc64le
Red Hat CodeReady Linux Builder for ARM 64 9 aarch64
Red Hat CodeReady Linux Builder for IBM z Systems 9 s390x

Fixes

BZ - 2103222 - LibTiff: DoS from Divide By Zero Error
BZ - 2122789 - CVE-2022-2519 libtiff: Double free or corruption in rotateImage() function at tiffcrop.c
BZ - 2122792 - CVE-2022-2520 libtiff: Assertion fail in rotateImage() function at tiffcrop.c
BZ - 2122799 - CVE-2022-2521 libtiff: Invalid pointer free operation in TIFFClose() at tif_close.c
BZ - 2134432 - CVE-2022-2953 libtiff: tiffcrop: heap-buffer-overflow in extractImageSection in tiffcrop.c

CVEs

References

https://access.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 9

SRPM
libtiff-4.4.0-5.el9_1.src.rpm	SHA-256: 3bfb11626a8bbdbab11d150f1b94ad1768d4bfcae812e3f50d0dd6427f168a8c
x86_64
libtiff-4.4.0-5.el9_1.i686.rpm	SHA-256: 6765e5d84fa5d55f66bd13eb975e4f9ead1883d63e5004b4eabb8bdb8bfca466
libtiff-4.4.0-5.el9_1.x86_64.rpm	SHA-256: b1353b7c803b31d55c78d3589ccfac1549e2c13ee7428fd805d934c4ed325d62
libtiff-debuginfo-4.4.0-5.el9_1.i686.rpm	SHA-256: 5be44aeeb9243bddc6c890b02da2f39c352d7617be5d680a7ad194c5ebcefd1a
libtiff-debuginfo-4.4.0-5.el9_1.x86_64.rpm	SHA-256: 688a21ce29fc92e6464dad2eec7c124e7b96cc6a9d5c6f702299b83cfd68e292
libtiff-debugsource-4.4.0-5.el9_1.i686.rpm	SHA-256: 636361c3e1f367a1908abcf609f47925bc5749d66d7e9e5c910747f3a7e573a6
libtiff-debugsource-4.4.0-5.el9_1.x86_64.rpm	SHA-256: 7ae7e95c73d6750b117b0a74dad85b2df0662d0ee43d95d83b203f8ff72fba94
libtiff-devel-4.4.0-5.el9_1.i686.rpm	SHA-256: bd54bc2abab90ff4e786cbe473b29610a0b1bea5dc8bcf65e4e99c76b7c9622b
libtiff-devel-4.4.0-5.el9_1.x86_64.rpm	SHA-256: 2f881fea5ad1d6e80254c287030be9d7f1506e7ca4f1d4d9ac6fdf5dc9532dac
libtiff-tools-debuginfo-4.4.0-5.el9_1.i686.rpm	SHA-256: 140158315f4256275a39ca0d1ecfc9546452d6b606fb192dd5966ca9fe814deb
libtiff-tools-debuginfo-4.4.0-5.el9_1.x86_64.rpm	SHA-256: 5b8596a6f5d92b3cca5457c724e42682003cc2934b6d60700bd6386c155ba399

Red Hat Enterprise Linux for IBM z Systems 9

SRPM
libtiff-4.4.0-5.el9_1.src.rpm	SHA-256: 3bfb11626a8bbdbab11d150f1b94ad1768d4bfcae812e3f50d0dd6427f168a8c
s390x
libtiff-4.4.0-5.el9_1.s390x.rpm	SHA-256: b949f8aa452859160c580894b95c2f55f07113be2987f37d9c6a8caa0125d391
libtiff-debuginfo-4.4.0-5.el9_1.s390x.rpm	SHA-256: a6b749b5da7d71d1d5266ac07eebb3685d256c3d027d0527597fbe39d922562e
libtiff-debugsource-4.4.0-5.el9_1.s390x.rpm	SHA-256: 5bf45b0f3993c9e9c0e366ad32756a07dc972b4b97e25e08e9266f550334f007
libtiff-devel-4.4.0-5.el9_1.s390x.rpm	SHA-256: ea8fadba387191edf0f9f2dad63c26da2bb14357985de8d2c7431b085fa88faa
libtiff-tools-debuginfo-4.4.0-5.el9_1.s390x.rpm	SHA-256: eae00e6153268f3839a2b470b9b1a8ffc588a5b82a6f08d4396872ed787e156a

Red Hat Enterprise Linux for Power, little endian 9

SRPM
libtiff-4.4.0-5.el9_1.src.rpm	SHA-256: 3bfb11626a8bbdbab11d150f1b94ad1768d4bfcae812e3f50d0dd6427f168a8c
ppc64le
libtiff-4.4.0-5.el9_1.ppc64le.rpm	SHA-256: dc752205c80218baf6cdafec5aab63a1543b642505e89d092d81a4c66d78d5c7
libtiff-debuginfo-4.4.0-5.el9_1.ppc64le.rpm	SHA-256: 0b01721bbbd2806d335338d05ff92d74c5e3374e93acb53bbae7ec334f5eec9a
libtiff-debugsource-4.4.0-5.el9_1.ppc64le.rpm	SHA-256: 0f8321bd0d1b44e03d7f321c32c9488621ed5d84d8620e266fb4d02f3bbc112b
libtiff-devel-4.4.0-5.el9_1.ppc64le.rpm	SHA-256: 4d8090d0098cb7ee351ca4f521996f7b4d550b584eb62558147f5dc97ec131d2
libtiff-tools-debuginfo-4.4.0-5.el9_1.ppc64le.rpm	SHA-256: a9f3e42d33bbb6d40c4cac001e926aa8bb133399ed1b01d438f22fc4abf0836f

Red Hat Enterprise Linux for ARM 64 9

SRPM
libtiff-4.4.0-5.el9_1.src.rpm	SHA-256: 3bfb11626a8bbdbab11d150f1b94ad1768d4bfcae812e3f50d0dd6427f168a8c
aarch64
libtiff-4.4.0-5.el9_1.aarch64.rpm	SHA-256: b08212de5242a918286e609d6c6b2e7deb06bac49874208f21946214c6100451
libtiff-debuginfo-4.4.0-5.el9_1.aarch64.rpm	SHA-256: b34f6b03334a791aea9bccd3e47f12ed112c253d94a9dff083666e95dedca31a
libtiff-debugsource-4.4.0-5.el9_1.aarch64.rpm	SHA-256: c49ba3875d44430edcf593783438db2a1ffb9feb999cbac171bbb21425877f27
libtiff-devel-4.4.0-5.el9_1.aarch64.rpm	SHA-256: f717eb8960e5a98735ed1b11bc970c4bb66c850853680408642c9fe001846c28
libtiff-tools-debuginfo-4.4.0-5.el9_1.aarch64.rpm	SHA-256: 9a3c5059375200da4b9312221b3bd3c981261b472ea055580cbfc31d2753fbcd

Red Hat CodeReady Linux Builder for x86_64 9

SRPM
x86_64
libtiff-debuginfo-4.4.0-5.el9_1.x86_64.rpm	SHA-256: 688a21ce29fc92e6464dad2eec7c124e7b96cc6a9d5c6f702299b83cfd68e292
libtiff-debugsource-4.4.0-5.el9_1.x86_64.rpm	SHA-256: 7ae7e95c73d6750b117b0a74dad85b2df0662d0ee43d95d83b203f8ff72fba94
libtiff-tools-4.4.0-5.el9_1.x86_64.rpm	SHA-256: b9dae6f09f1c236b7ba132a12db9c0134381f8e766bd041e021cbe4dfe9f9694
libtiff-tools-debuginfo-4.4.0-5.el9_1.x86_64.rpm	SHA-256: 5b8596a6f5d92b3cca5457c724e42682003cc2934b6d60700bd6386c155ba399

Red Hat CodeReady Linux Builder for Power, little endian 9

SRPM
ppc64le
libtiff-debuginfo-4.4.0-5.el9_1.ppc64le.rpm	SHA-256: 0b01721bbbd2806d335338d05ff92d74c5e3374e93acb53bbae7ec334f5eec9a
libtiff-debugsource-4.4.0-5.el9_1.ppc64le.rpm	SHA-256: 0f8321bd0d1b44e03d7f321c32c9488621ed5d84d8620e266fb4d02f3bbc112b
libtiff-tools-4.4.0-5.el9_1.ppc64le.rpm	SHA-256: 1bdc1524d7571ec2a1b81e4acadc28eb6fb5f9417b9e02135c530e64c7cf50d7
libtiff-tools-debuginfo-4.4.0-5.el9_1.ppc64le.rpm	SHA-256: a9f3e42d33bbb6d40c4cac001e926aa8bb133399ed1b01d438f22fc4abf0836f

Red Hat CodeReady Linux Builder for ARM 64 9

SRPM
aarch64
libtiff-debuginfo-4.4.0-5.el9_1.aarch64.rpm	SHA-256: b34f6b03334a791aea9bccd3e47f12ed112c253d94a9dff083666e95dedca31a
libtiff-debugsource-4.4.0-5.el9_1.aarch64.rpm	SHA-256: c49ba3875d44430edcf593783438db2a1ffb9feb999cbac171bbb21425877f27
libtiff-tools-4.4.0-5.el9_1.aarch64.rpm	SHA-256: 594481e49b3a86ba2d28047885aa09167a220c634122a443a6e636e6e519e7b0
libtiff-tools-debuginfo-4.4.0-5.el9_1.aarch64.rpm	SHA-256: 9a3c5059375200da4b9312221b3bd3c981261b472ea055580cbfc31d2753fbcd

Red Hat CodeReady Linux Builder for IBM z Systems 9

SRPM
s390x
libtiff-debuginfo-4.4.0-5.el9_1.s390x.rpm	SHA-256: a6b749b5da7d71d1d5266ac07eebb3685d256c3d027d0527597fbe39d922562e
libtiff-debugsource-4.4.0-5.el9_1.s390x.rpm	SHA-256: 5bf45b0f3993c9e9c0e366ad32756a07dc972b4b97e25e08e9266f550334f007
libtiff-tools-4.4.0-5.el9_1.s390x.rpm	SHA-256: b1e733636104bc86638b52a272035f20283ca3bc095ed3bda665396f51852b7a
libtiff-tools-debuginfo-4.4.0-5.el9_1.s390x.rpm	SHA-256: eae00e6153268f3839a2b470b9b1a8ffc588a5b82a6f08d4396872ed787e156a

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation