Red Hat Product Errata RHSA-2025:4658 - Security Advisory
Issued:
2025-05-07
Updated:
2025-05-07

RHSA-2025:4658 - Security Advisory

Synopsis

Moderate: libtiff security update

Type/Severity

Security Advisory: Moderate

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for libtiff is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files.

Security Fix(es):

  • libtiff: Heap-based buffer overflow in tools/pal2rgb.c can lead to denial of service (CVE-2017-17095)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for ARM 64 8 aarch64
  • Red Hat CodeReady Linux Builder for x86_64 8 x86_64
  • Red Hat CodeReady Linux Builder for Power, little endian 8 ppc64le
  • Red Hat CodeReady Linux Builder for ARM 64 8 aarch64
  • Red Hat CodeReady Linux Builder for IBM z Systems 8 s390x

Fixes

  • BZ - 1524284 - CVE-2017-17095 libtiff: Heap-based buffer overflow in tools/pal2rgb.c can lead to denial of service

Red Hat Enterprise Linux for x86_64 8

SRPM
libtiff-4.0.9-34.el8_10.src.rpm SHA-256: 84e1c107d528cfff29c0cf00f948b7d944f34bbca22b0163b9d42dc83f6c0778
x86_64
libtiff-4.0.9-34.el8_10.i686.rpm SHA-256: c38dbcca0505c7acb6842514b3898962e88a3f27b3132c27ef2b6ef44a6e4cd9
libtiff-4.0.9-34.el8_10.x86_64.rpm SHA-256: 41c5d53c967c3d58f3c564f8dab320061461779c9c3350e6708d4003a950aeb7
libtiff-debuginfo-4.0.9-34.el8_10.i686.rpm SHA-256: 8ef01705e474c11ab6d8e354294f847b032535ca2af708daa0a83b11ae4cafd7
libtiff-debuginfo-4.0.9-34.el8_10.x86_64.rpm SHA-256: 30bc24c57545ffa9d7621122b98822c5f124f3dd129a7695c559b37867440e96
libtiff-debugsource-4.0.9-34.el8_10.i686.rpm SHA-256: 45cc38125164d9462a97426b66b0794cb7b82f42f73822aa138f5fda5b5a45c5
libtiff-debugsource-4.0.9-34.el8_10.x86_64.rpm SHA-256: 59673a0da1f8aa7728383a7d61a8eff91fc74fe3e22a83208f9a02c2934b198e
libtiff-devel-4.0.9-34.el8_10.i686.rpm SHA-256: 19b6956bdd560a532bc6ca685d1a70d428ab600b946fdd444cc92f00af3585ab
libtiff-devel-4.0.9-34.el8_10.x86_64.rpm SHA-256: 90e793ca6d75acb91e2c14dc0b44688e437cb44e532a5ee1d6a22e6602f143ae
libtiff-tools-debuginfo-4.0.9-34.el8_10.i686.rpm SHA-256: 14bf453bfa61ef4a0cf3ad452cb6bf2b946b6ded5758b15607d626eb88d8173b
libtiff-tools-debuginfo-4.0.9-34.el8_10.x86_64.rpm SHA-256: f35d7092c74e31eec314aa38982f67dce1a0f35d89ef725e102a39f157ce838b

Red Hat Enterprise Linux for IBM z Systems 8

SRPM
libtiff-4.0.9-34.el8_10.src.rpm SHA-256: 84e1c107d528cfff29c0cf00f948b7d944f34bbca22b0163b9d42dc83f6c0778
s390x
libtiff-4.0.9-34.el8_10.s390x.rpm SHA-256: fc5d9ae2206bf9f45fe0dd964875f496677a087418c0c3f1380262341b1d961a
libtiff-debuginfo-4.0.9-34.el8_10.s390x.rpm SHA-256: ae8269d973764e5776d4154001a89317c0dac36b4ad2fcc20b1714864f67e85d
libtiff-debugsource-4.0.9-34.el8_10.s390x.rpm SHA-256: 64b1b465b99745c65a6fff5b6e787f0ee5fdcf44f7f583c2eba84e827d6e1674
libtiff-devel-4.0.9-34.el8_10.s390x.rpm SHA-256: e5606383c69c945ffe8bebcda08b7194a920ac1a986b89487551aea1186f3ab5
libtiff-tools-debuginfo-4.0.9-34.el8_10.s390x.rpm SHA-256: 6920cd02da2d784d2ece15244b44a6fd9ca080bafd1800f104ea60e2f873b81a

Red Hat Enterprise Linux for Power, little endian 8

SRPM
libtiff-4.0.9-34.el8_10.src.rpm SHA-256: 84e1c107d528cfff29c0cf00f948b7d944f34bbca22b0163b9d42dc83f6c0778
ppc64le
libtiff-4.0.9-34.el8_10.ppc64le.rpm SHA-256: 8898664166c5f60675c7294dcee7579bb0cd2612abf09517455befd4294ba5fc
libtiff-debuginfo-4.0.9-34.el8_10.ppc64le.rpm SHA-256: 68689d55491da4fb4bdbd3817c9bbc51fdf06ea788c98654dd86edf692c8969e
libtiff-debugsource-4.0.9-34.el8_10.ppc64le.rpm SHA-256: 9a96b56accb7cea6f4499657fe6d93fff281a507c2c9e551a3e015ee090c4e63
libtiff-devel-4.0.9-34.el8_10.ppc64le.rpm SHA-256: 013cd953901c028b15925cd54be9981d2b2eefd5f4a8c3fa47a4c9bd89f8a273
libtiff-tools-debuginfo-4.0.9-34.el8_10.ppc64le.rpm SHA-256: 999572d272c5f70b2359e3e8e305d38515b23a5d351487ab0fb88bb25fe6617e

Red Hat Enterprise Linux for ARM 64 8

SRPM
libtiff-4.0.9-34.el8_10.src.rpm SHA-256: 84e1c107d528cfff29c0cf00f948b7d944f34bbca22b0163b9d42dc83f6c0778
aarch64
libtiff-4.0.9-34.el8_10.aarch64.rpm SHA-256: 49eca17f6107f74d152e85e86c3433d1311bc2e5aae60d077c43de96afc20ea1
libtiff-debuginfo-4.0.9-34.el8_10.aarch64.rpm SHA-256: 76f07fc9eb4f9a68cffab99275efe416a41541cdc462dbc57151e7ec4a0ad74b
libtiff-debugsource-4.0.9-34.el8_10.aarch64.rpm SHA-256: 7b2d0946f63b7e5d904b16a001b74eb35e7b94f1b360cc5d4168e7c08dfb7517
libtiff-devel-4.0.9-34.el8_10.aarch64.rpm SHA-256: 703c37b9d3c5d77e1a7bb723f045306049389c831d4d9281c48fe21950a6cf88
libtiff-tools-debuginfo-4.0.9-34.el8_10.aarch64.rpm SHA-256: bc34e2351be1ac18bc1422d5560a2b3a81a6078b65ab69fc8f0851a4daf59179

Red Hat CodeReady Linux Builder for x86_64 8

SRPM
x86_64
libtiff-debuginfo-4.0.9-34.el8_10.x86_64.rpm SHA-256: 30bc24c57545ffa9d7621122b98822c5f124f3dd129a7695c559b37867440e96
libtiff-debugsource-4.0.9-34.el8_10.x86_64.rpm SHA-256: 59673a0da1f8aa7728383a7d61a8eff91fc74fe3e22a83208f9a02c2934b198e
libtiff-tools-4.0.9-34.el8_10.x86_64.rpm SHA-256: d625c03d6da42407f3a8adea881c6b13a7df8b15bf43c3951e4733e8d1618d9a
libtiff-tools-debuginfo-4.0.9-34.el8_10.x86_64.rpm SHA-256: f35d7092c74e31eec314aa38982f67dce1a0f35d89ef725e102a39f157ce838b

Red Hat CodeReady Linux Builder for Power, little endian 8

SRPM
ppc64le
libtiff-debuginfo-4.0.9-34.el8_10.ppc64le.rpm SHA-256: 68689d55491da4fb4bdbd3817c9bbc51fdf06ea788c98654dd86edf692c8969e
libtiff-debugsource-4.0.9-34.el8_10.ppc64le.rpm SHA-256: 9a96b56accb7cea6f4499657fe6d93fff281a507c2c9e551a3e015ee090c4e63
libtiff-tools-4.0.9-34.el8_10.ppc64le.rpm SHA-256: bae0a33d787033e75eb993488916b23adc82a76040712e84c30a186248414179
libtiff-tools-debuginfo-4.0.9-34.el8_10.ppc64le.rpm SHA-256: 999572d272c5f70b2359e3e8e305d38515b23a5d351487ab0fb88bb25fe6617e

Red Hat CodeReady Linux Builder for ARM 64 8

SRPM
aarch64
libtiff-debuginfo-4.0.9-34.el8_10.aarch64.rpm SHA-256: 76f07fc9eb4f9a68cffab99275efe416a41541cdc462dbc57151e7ec4a0ad74b
libtiff-debugsource-4.0.9-34.el8_10.aarch64.rpm SHA-256: 7b2d0946f63b7e5d904b16a001b74eb35e7b94f1b360cc5d4168e7c08dfb7517
libtiff-tools-4.0.9-34.el8_10.aarch64.rpm SHA-256: d0b244e91a8c6868f40761d952f8de3c747e0b486149aece42cb9032aeb57ad8
libtiff-tools-debuginfo-4.0.9-34.el8_10.aarch64.rpm SHA-256: bc34e2351be1ac18bc1422d5560a2b3a81a6078b65ab69fc8f0851a4daf59179

Red Hat CodeReady Linux Builder for IBM z Systems 8

SRPM
s390x
libtiff-debuginfo-4.0.9-34.el8_10.s390x.rpm SHA-256: ae8269d973764e5776d4154001a89317c0dac36b4ad2fcc20b1714864f67e85d
libtiff-debugsource-4.0.9-34.el8_10.s390x.rpm SHA-256: 64b1b465b99745c65a6fff5b6e787f0ee5fdcf44f7f583c2eba84e827d6e1674
libtiff-tools-4.0.9-34.el8_10.s390x.rpm SHA-256: 8bdd37a13cab1c1540098e9c321477e1b90b1062e3673c74610858019c785b50
libtiff-tools-debuginfo-4.0.9-34.el8_10.s390x.rpm SHA-256: 6920cd02da2d784d2ece15244b44a6fd9ca080bafd1800f104ea60e2f873b81a

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.