-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   Red Hat Security Advisory

Synopsis:          Moderate: libtiff security update
Advisory ID:       RHSA-2023:3827-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3827
Issue date:        2023-06-27
CVE Names:         CVE-2022-48281 
====================================================================
1. Summary:

An update for libtiff is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux CRB (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

The libtiff packages contain a library of functions for manipulating Tagged
Image File Format (TIFF) files.

Security Fix(es):

* libtiff: heap-based buffer overflow in processCropSelections() in
tools/tiffcrop.c (CVE-2022-48281)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running applications linked against libtiff must be restarted for this
update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2163606 - CVE-2022-48281 libtiff: heap-based buffer overflow in processCropSelections() in tools/tiffcrop.c

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:
libtiff-4.0.9-28.el8_8.src.rpm

aarch64:
libtiff-4.0.9-28.el8_8.aarch64.rpm
libtiff-debuginfo-4.0.9-28.el8_8.aarch64.rpm
libtiff-debugsource-4.0.9-28.el8_8.aarch64.rpm
libtiff-devel-4.0.9-28.el8_8.aarch64.rpm
libtiff-tools-debuginfo-4.0.9-28.el8_8.aarch64.rpm

ppc64le:
libtiff-4.0.9-28.el8_8.ppc64le.rpm
libtiff-debuginfo-4.0.9-28.el8_8.ppc64le.rpm
libtiff-debugsource-4.0.9-28.el8_8.ppc64le.rpm
libtiff-devel-4.0.9-28.el8_8.ppc64le.rpm
libtiff-tools-debuginfo-4.0.9-28.el8_8.ppc64le.rpm

s390x:
libtiff-4.0.9-28.el8_8.s390x.rpm
libtiff-debuginfo-4.0.9-28.el8_8.s390x.rpm
libtiff-debugsource-4.0.9-28.el8_8.s390x.rpm
libtiff-devel-4.0.9-28.el8_8.s390x.rpm
libtiff-tools-debuginfo-4.0.9-28.el8_8.s390x.rpm

x86_64:
libtiff-4.0.9-28.el8_8.i686.rpm
libtiff-4.0.9-28.el8_8.x86_64.rpm
libtiff-debuginfo-4.0.9-28.el8_8.i686.rpm
libtiff-debuginfo-4.0.9-28.el8_8.x86_64.rpm
libtiff-debugsource-4.0.9-28.el8_8.i686.rpm
libtiff-debugsource-4.0.9-28.el8_8.x86_64.rpm
libtiff-devel-4.0.9-28.el8_8.i686.rpm
libtiff-devel-4.0.9-28.el8_8.x86_64.rpm
libtiff-tools-debuginfo-4.0.9-28.el8_8.i686.rpm
libtiff-tools-debuginfo-4.0.9-28.el8_8.x86_64.rpm

Red Hat Enterprise Linux CRB (v. 8):

aarch64:
libtiff-debuginfo-4.0.9-28.el8_8.aarch64.rpm
libtiff-debugsource-4.0.9-28.el8_8.aarch64.rpm
libtiff-tools-4.0.9-28.el8_8.aarch64.rpm
libtiff-tools-debuginfo-4.0.9-28.el8_8.aarch64.rpm

ppc64le:
libtiff-debuginfo-4.0.9-28.el8_8.ppc64le.rpm
libtiff-debugsource-4.0.9-28.el8_8.ppc64le.rpm
libtiff-tools-4.0.9-28.el8_8.ppc64le.rpm
libtiff-tools-debuginfo-4.0.9-28.el8_8.ppc64le.rpm

s390x:
libtiff-debuginfo-4.0.9-28.el8_8.s390x.rpm
libtiff-debugsource-4.0.9-28.el8_8.s390x.rpm
libtiff-tools-4.0.9-28.el8_8.s390x.rpm
libtiff-tools-debuginfo-4.0.9-28.el8_8.s390x.rpm

x86_64:
libtiff-debuginfo-4.0.9-28.el8_8.x86_64.rpm
libtiff-debugsource-4.0.9-28.el8_8.x86_64.rpm
libtiff-tools-4.0.9-28.el8_8.x86_64.rpm
libtiff-tools-debuginfo-4.0.9-28.el8_8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-48281
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBZJsFX9zjgjWX9erEAQisbA//US4QEisUA8oT1J/PP3yAnSZJzM9N1JiI
i8Oim1Jundgf1Hs3nCooyp+eGutt6zOnMMYq9D3hSP1oJmSkgr424Pqv8YVcD3BJ
mZ5QEQpAptQuaM3xzUQoG1V8lB9ELY8I8YejYUW6HHUNjPL/dIaYpvm+/c/IG4F4
wCJ6lM3xEsDyP4n2tU1ebjvT2tkQ/f+KYgUk9GbDznN9GxbpBhVNr+b6lDk0ctYJ
+0/MkctLAGIg5or21Nkc/3mekshuGZRRbPx04HKWaQxh2od7Q/2szM13UrIqEUXn
UGDGQKSSz1OKePl9Xk4tk8CcIFtcKC7jdd+CTLEHdI0dLre7snDXYmT/7MeHZpXb
KYdmcu0Fd7NWOhUZLByTsxWn7R5iDvau6stnzHXL3t2bpEjMmmtvVF94OvYiUKPu
+1Z0XUrfPHUijChX1/KWDFkKj8ICp4KAFdpJZl9MidDSLDfmA4JHDFdAoOgvTLrN
PVnRIQKDrjaBvM7QDGh0NTxr8nOWXhMjuFWJsrq1fRkRalHRVCXXyH1UbH4bd5ad
nlLCV2BOHs9PvUuUGHcQykBCpYRtuJnqeTyxmLGEwUX9NgBRsUm9rB2oOhKhvYle
tMOqZrnZZXoc5PDx70ha5Eud+yNrhSnD9UaUzVkt0wiUTB6sGIEtJ+wcHz6StTxa
/aXH4axTr3E=eBG6
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2023-3827:01 Moderate: libtiff security update

An update for libtiff is now available for Red Hat Enterprise Linux 8

Summary

The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files.
Security Fix(es):
* libtiff: heap-based buffer overflow in processCropSelections() in tools/tiffcrop.c (CVE-2022-48281)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Summary

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running applications linked against libtiff must be restarted for this update to take effect.

References

https://access.redhat.com/security/cve/CVE-2022-48281 https://access.redhat.com/security/updates/classification/#moderate

Package List

Red Hat Enterprise Linux AppStream (v. 8):
Source: libtiff-4.0.9-28.el8_8.src.rpm
aarch64: libtiff-4.0.9-28.el8_8.aarch64.rpm libtiff-debuginfo-4.0.9-28.el8_8.aarch64.rpm libtiff-debugsource-4.0.9-28.el8_8.aarch64.rpm libtiff-devel-4.0.9-28.el8_8.aarch64.rpm libtiff-tools-debuginfo-4.0.9-28.el8_8.aarch64.rpm
ppc64le: libtiff-4.0.9-28.el8_8.ppc64le.rpm libtiff-debuginfo-4.0.9-28.el8_8.ppc64le.rpm libtiff-debugsource-4.0.9-28.el8_8.ppc64le.rpm libtiff-devel-4.0.9-28.el8_8.ppc64le.rpm libtiff-tools-debuginfo-4.0.9-28.el8_8.ppc64le.rpm
s390x: libtiff-4.0.9-28.el8_8.s390x.rpm libtiff-debuginfo-4.0.9-28.el8_8.s390x.rpm libtiff-debugsource-4.0.9-28.el8_8.s390x.rpm libtiff-devel-4.0.9-28.el8_8.s390x.rpm libtiff-tools-debuginfo-4.0.9-28.el8_8.s390x.rpm
x86_64: libtiff-4.0.9-28.el8_8.i686.rpm libtiff-4.0.9-28.el8_8.x86_64.rpm libtiff-debuginfo-4.0.9-28.el8_8.i686.rpm libtiff-debuginfo-4.0.9-28.el8_8.x86_64.rpm libtiff-debugsource-4.0.9-28.el8_8.i686.rpm libtiff-debugsource-4.0.9-28.el8_8.x86_64.rpm libtiff-devel-4.0.9-28.el8_8.i686.rpm libtiff-devel-4.0.9-28.el8_8.x86_64.rpm libtiff-tools-debuginfo-4.0.9-28.el8_8.i686.rpm libtiff-tools-debuginfo-4.0.9-28.el8_8.x86_64.rpm
Red Hat Enterprise Linux CRB (v. 8):
aarch64: libtiff-debuginfo-4.0.9-28.el8_8.aarch64.rpm libtiff-debugsource-4.0.9-28.el8_8.aarch64.rpm libtiff-tools-4.0.9-28.el8_8.aarch64.rpm libtiff-tools-debuginfo-4.0.9-28.el8_8.aarch64.rpm
ppc64le: libtiff-debuginfo-4.0.9-28.el8_8.ppc64le.rpm libtiff-debugsource-4.0.9-28.el8_8.ppc64le.rpm libtiff-tools-4.0.9-28.el8_8.ppc64le.rpm libtiff-tools-debuginfo-4.0.9-28.el8_8.ppc64le.rpm
s390x: libtiff-debuginfo-4.0.9-28.el8_8.s390x.rpm libtiff-debugsource-4.0.9-28.el8_8.s390x.rpm libtiff-tools-4.0.9-28.el8_8.s390x.rpm libtiff-tools-debuginfo-4.0.9-28.el8_8.s390x.rpm
x86_64: libtiff-debuginfo-4.0.9-28.el8_8.x86_64.rpm libtiff-debugsource-4.0.9-28.el8_8.x86_64.rpm libtiff-tools-4.0.9-28.el8_8.x86_64.rpm libtiff-tools-debuginfo-4.0.9-28.el8_8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

Severity

Advisory ID: RHSA-2023:3827-01

Product: Red Hat Enterprise Linux

Advisory URL: https://access.redhat.com/errata/RHSA-2023:3827

Issued Date: : 2023-06-27

CVE Names: CVE-2022-48281

Topic

An update for libtiff is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topic

Relevant Releases Architectures

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64

Red Hat Enterprise Linux CRB (v. 8) - aarch64, ppc64le, s390x, x86_64

Bugs Fixed

2163606 - CVE-2022-48281 libtiff: heap-based buffer overflow in processCropSelections() in tools/tiffcrop.c

Related News

Fighting Back Against Hadooken Malware by Strengthening WebLogic Security

Fighting Back Against Hadooken Malware by Strengthening WebLogic Security

2 - 4 min read

Sep 16, 2024

Cybercriminals have been relentlessly attacking the digital landscape, aiming to exploit vulnerabilities in well-known systems. One such exploit is

CISA Sounds Alarm on Newly Exploited Vulnerabilities: Is Your System at Risk?

CISA Sounds Alarm on Newly Exploited Vulnerabilities: Is Your System at Risk?

3 - 5 min read

Sep 15, 2024

CISA regularly publishes updates regarding vulnerabilities that present severe threats to global cybersecurity. Recently, CISA added three

Defending Against Remote Code Execution in Google Chrome: A Critical Update

Defending Against Remote Code Execution in Google Chrome: A Critical Update

2 - 3 min read

Sep 15, 2024

Google Chrome, a widely used web browser, serves millions of internet users by connecting them to the online world. Unfortunately, severe

Navigating the Linux Kernel

Navigating the Linux Kernel's Latest DMA Security Vulnerability

2 - 4 min read

Sep 10, 2024

The Linux operating system, widely acclaimed for its robustness and security , recently received widespread media attention due to a significant

Staying a Step Ahead of Adversaries: Mitigating Chromium

Staying a Step Ahead of Adversaries: Mitigating Chromium's Security Flaws on Linux

2 - 4 min read

Sep 04, 2024

Google Chrome, one of the world's most widely used web browsers, has recently been scrutinized due to the discovery of multiple Chromium

Unmasking Cicada3301: Examining the Threat of the New Rust-Based Ransomware

Unmasking Cicada3301: Examining the Threat of the New Rust-Based Ransomware

2 - 4 min read

Sep 03, 2024

Ransomware has long been a severe threat to organizations and admins alike. Recently, cybersecurity researchers discovered a new variant called

Buffer Overflow Exploits in Linux: Origins, Impact, and Countermeasures

Buffer Overflow Exploits in Linux: Origins, Impact, and Countermeasures

3 - 6 min read

Sep 02, 2024

Buffer overflow vulnerabilities have long been one of the biggest headaches in computer security, especially on Linux operating systems that power

8 Expert-Recommended Security Practices to Fortify Your Linux Systems

8 Expert-Recommended Security Practices to Fortify Your Linux Systems

4 - 8 min read

Aug 30, 2024

As a Linux admin or an infosec professional, you understand how the security landscape changes due to evolving threats, newly discovered

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

News

Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Advisories

Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
HOWTOs

Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Features

Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
About Us

Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Powered By

Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.

© 2024 Guardian Digital, Inc All Rights Reserved