Oval Definition:oval:com.redhat.rhsa:def:20230302
Revision Date:2023-01-23Version:635
Title:RHSA-2023:0302: libtiff security update (Moderate)
Description:The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files.

Security Fix(es):

  • LibTiff: DoS from Divide By Zero Error (CVE-2022-2056, CVE-2022-2057, CVE-2022-2058)

  • libtiff: Double free or corruption in rotateImage() function at tiffcrop.c (CVE-2022-2519)

  • libtiff: tiffcrop: heap-buffer-overflow in extractImageSection in tiffcrop.c (CVE-2022-2953)

  • libtiff: Assertion fail in rotateImage() function at tiffcrop.c (CVE-2022-2520)

  • libtiff: Invalid pointer free operation in TIFFClose() at tif_close.c (CVE-2022-2521)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2022-2056
    CVE-2022-2057
    CVE-2022-2058
    CVE-2022-2519
    CVE-2022-2520
    CVE-2022-2521
    CVE-2022-2953
    RHSA-2023:0302
    Platform(s):Red Hat Enterprise Linux 9
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 9 is installed
  • AND
  • libtiff is earlier than 0:4.4.0-5.el9_1
  • AND libtiff is signed with Red Hat redhatrelease2 key
  • libtiff-devel is earlier than 0:4.4.0-5.el9_1
  • AND libtiff-devel is signed with Red Hat redhatrelease2 key
  • libtiff-tools is earlier than 0:4.4.0-5.el9_1
  • AND libtiff-tools is signed with Red Hat redhatrelease2 key
    • BACK