Explore top 10 tips to secure your open-source projects now. Read More
×
updated to 4.7.2, fixes security issues. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-cfbf964c2e 2026-07-18 00:26:14.273082+00:00 -------------------------------------------------------------------------------- Name : libtiff Product : Fedora 44 Version : 4.7.2 Release : 1.fc44 URL : http://www.simplesystems.org/libtiff/ Summary : Library of functions for manipulating TIFF format image files Description : The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. The libtiff package should be installed if you need to manipulate TIFF format image files. -------------------------------------------------------------------------------- Update Information: updated to 4.7.2, fixes security issues -------------------------------------------------------------------------------- ChangeLog: * Mon Jul 13 2026 Michal Hlavinka - 4.7.2-1 - updated to 4.7.2 (#2496751) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2450771 - CVE-2026-4775 libtiff: libtiff: Arbitrary code execution or denial of service via signed integer overflow in TIFF file processing [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2450771 [ 2 ] Bug #2494140 - CVE-2026-12912 libtiff: libtiff: Heap-based buffer overflow via crafted PixarLog-compressed TIFF image [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2494140 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-cfbf964c2e' at the command line. For more information, refer to the dnf documentation availableat http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-19150 http://linux.oracle.com/errata/ELSA-2026-19150.html The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network: x86_64: libtiff-4.6.0-8.el10_2.1.x86_64.rpm libtiff-devel-4.6.0-8.el10_2.1.x86_64.rpm libtiff-tools-4.6.0-8.el10_2.1.x86_64.rpm aarch64: libtiff-4.6.0-8.el10_2.1.aarch64.rpm libtiff-devel-4.6.0-8.el10_2.1.aarch64.rpm libtiff-tools-4.6.0-8.el10_2.1.aarch64.rpm SRPMS: http://oss.oracle.com/ol10/SRPMS-updates/libtiff-4.6.0-8.el10_2.1.src.rpm Related CVEs: CVE-2026-4775 Description of changes: [4.6.0-8.1] - fix CVE-2026-4775: signed integer overflow in putcontig8bitYCbCr44tile (RHEL-159310) _______________________________________________ El-errata mailing list
Security update. Publication date: 13 Jul 2026 URL: https://advisories.mageia.org/MGASA-2026-0246.html Type: security Affected Mageia releases: 10 CVE: CVE-2026-36849 Description: The updated packages fix a security vulnerability: Denial of Service via large SamplesPerPixel tag. (CVE-2026-36849) References: - https://bugs.mageia.org/show_bug.cgi?id=35718 - https://www.openwall.com/lists/oss-security/2026/06/17/1 - https://gitlab.com/libtiff/libtiff/-/work_items/781 - https://www.cve.org/CVERecord?id=CVE-2026-36849 SRPMS: - 10/core/libtiff-4.7.2-1.mga10 . A security update in Mageia addresses the denial of service risk found in libtiff due to a large SamplesPerPixel tag.. Mageia Security Update, libtiff Denial of Service, CVE-2026-36849 Issue. . Severity: Important. LinuxSecurity.com Team
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-19363 http://linux.oracle.com/errata/ELSA-2026-19363.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: libtiff-4.4.0-18.el9_8.i686.rpm libtiff-4.4.0-18.el9_8.x86_64.rpm libtiff-devel-4.4.0-18.el9_8.i686.rpm libtiff-devel-4.4.0-18.el9_8.x86_64.rpm libtiff-tools-4.4.0-18.el9_8.x86_64.rpm aarch64: libtiff-4.4.0-18.el9_8.aarch64.rpm libtiff-devel-4.4.0-18.el9_8.aarch64.rpm libtiff-tools-4.4.0-18.el9_8.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/libtiff-4.4.0-18.el9_8.src.rpm Related CVEs: CVE-2026-4775 Description of changes: [4.4.0-18] - rebuild [4.4.0-15.3] - fix CVE-2026-4775: signed integer overflow in putcontig8bitYCbCr44tile (RHEL-159331) _______________________________________________ El-errata mailing list
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-16055 http://linux.oracle.com/errata/ELSA-2026-16055.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: libtiff-4.0.9-37.el8_10.i686.rpm libtiff-4.0.9-37.el8_10.x86_64.rpm libtiff-devel-4.0.9-37.el8_10.i686.rpm libtiff-devel-4.0.9-37.el8_10.x86_64.rpm libtiff-tools-4.0.9-37.el8_10.x86_64.rpm aarch64: libtiff-4.0.9-37.el8_10.aarch64.rpm libtiff-devel-4.0.9-37.el8_10.aarch64.rpm libtiff-tools-4.0.9-37.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/libtiff-4.0.9-37.el8_10.src.rpm Related CVEs: CVE-2026-4775 Description of changes: [4.0.9-37] - fix CVE-2026-4775: signed integer overflow in putcontig8bitYCbCr44tile (RHEL-159316) _______________________________________________ El-errata mailing list
Important: libtiff security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:16055", "synopsis": "Important: libtiff security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for libtiff.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files.\n\nSecurity Fix(es):\n\n* libtiff: libtiff: Arbitrary code execution or denial of service via signed integer overflow in TIFF file processing (CVE-2026-4775)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2450768", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2450768", "description": ""}], "cves": [{"name": "CVE-2026-4775", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4775", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.8", "cwe": "CWE-190"}], "references": [], "publishedAt": "2026-05-13T06:00:58.478905Z", "rpms": {"Rocky Linux 8": {"nvras": ["libtiff-0:4.0.9-37.el8_10.aarch64.rpm", "libtiff-0:4.0.9-37.el8_10.i686.rpm", "libtiff-0:4.0.9-37.el8_10.src.rpm", "libtiff-0:4.0.9-37.el8_10.x86_64.rpm", "libtiff-debuginfo-0:4.0.9-37.el8_10.aarch64.rpm", "libtiff-debuginfo-0:4.0.9-37.el8_10.i686.rpm", "libtiff-debuginfo-0:4.0.9-37.el8_10.x86_64.rpm", "libtiff-debugsource-0:4.0.9-37.el8_10.aarch64.rpm", "libtiff-debugsource-0:4.0.9-37.el8_10.i686.rpm", "libtiff-debugsource-0:4.0.9-37.el8_10.x86_64.rpm", "libtiff-devel-0:4.0.9-37.el8_10.aarch64.rpm", "libtiff-devel-0:4.0.9-37.el8_10.i686.rpm","libtiff-devel-0:4.0.9-37.el8_10.x86_64.rpm", "libtiff-tools-0:4.0.9-37.el8_10.aarch64.rpm", "libtiff-tools-0:4.0.9-37.el8_10.x86_64.rpm", "libtiff-tools-debuginfo-0:4.0.9-37.el8_10.aarch64.rpm", "libtiff-tools-debuginfo-0:4.0.9-37.el8_10.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Rocky Linux 8 libtiff security update released for important issues, addressing arbitrary code execution and DoS threats.. libtiff security update, Rocky Linux 8 advisory, important security fixes. . Severity: Important. LinuxSecurity.com Team
MGASA-2026-0114 - Updated libtiff packages fix security vulnerability. MGASA-2026-0114 - Updated libtiff packages fix security vulnerability Publication date: 07 May 2026 URL: https://advisories.mageia.org/MGASA-2026-0114.html Type: security Affected Mageia releases: 9 CVE: CVE-2026-4775 Description: Arbitrary code execution or denial of service via signed integer overflow in tiff file processing. (CVE-2026-4775) References: - https://bugs.mageia.org/show_bug.cgi?id=35340 - https://lwn.net/Articles/1066930/ - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4775 SRPMS: - 9/core/libtiff-4.5.1-1.8.mga9 . Arbitrary code execution or denial of service vulnerability fixed in Mageia 9 libtiff update. Enhanced security measures.. Mageia Security Update, LibTiff Advisory, Denial of Service Mageia, Code Execution Vulnerability, Mageia 9 Fix. . Severity: Important. LinuxSecurity.com Team
Important: libtiff security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:12265", "synopsis": "Important: libtiff security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for libtiff.\nThis update affects Rocky Linux 10.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files.\n\nSecurity Fix(es):\n\n* libtiff: libtiff: Arbitrary code execution or denial of service via signed integer overflow in TIFF file processing (CVE-2026-4775)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 10"], "fixes": [{"ticket": "2450768", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2450768", "description": ""}], "cves": [{"name": "CVE-2026-4775", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4775", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.8", "cwe": "CWE-190"}], "references": [], "publishedAt": "2026-05-01T12:06:42.394267Z", "rpms": {"Rocky Linux 10": {"nvras": ["libtiff-0:4.6.0-6.el10_1.3.s390x.rpm", "libtiff-debugsource-0:4.6.0-6.el10_1.3.ppc64le.rpm", "libtiff-tools-debuginfo-0:4.6.0-6.el10_1.3.aarch64.rpm", "libtiff-devel-0:4.6.0-6.el10_1.3.x86_64.rpm", "libtiff-tools-0:4.6.0-6.el10_1.3.aarch64.rpm", "libtiff-tools-debuginfo-0:4.6.0-6.el10_1.3.x86_64.rpm", "libtiff-0:4.6.0-6.el10_1.3.aarch64.rpm", "libtiff-tools-0:4.6.0-6.el10_1.3.x86_64.rpm", "libtiff-tools-0:4.6.0-6.el10_1.3.ppc64le.rpm", "libtiff-devel-0:4.6.0-6.el10_1.3.s390x.rpm", "libtiff-tools-debuginfo-0:4.6.0-6.el10_1.3.ppc64le.rpm", "libtiff-0:4.6.0-6.el10_1.3.src.rpm","libtiff-tools-debuginfo-0:4.6.0-6.el10_1.3.s390x.rpm", "libtiff-debuginfo-0:4.6.0-6.el10_1.3.x86_64.rpm", "libtiff-debugsource-0:4.6.0-6.el10_1.3.s390x.rpm", "libtiff-0:4.6.0-6.el10_1.3.x86_64.rpm", "libtiff-0:4.6.0-6.el10_1.3.ppc64le.rpm", "libtiff-debuginfo-0:4.6.0-6.el10_1.3.s390x.rpm", "libtiff-debuginfo-0:4.6.0-6.el10_1.3.ppc64le.rpm", "libtiff-tools-0:4.6.0-6.el10_1.3.s390x.rpm", "libtiff-debugsource-0:4.6.0-6.el10_1.3.x86_64.rpm", "libtiff-debuginfo-0:4.6.0-6.el10_1.3.aarch64.rpm", "libtiff-devel-0:4.6.0-6.el10_1.3.aarch64.rpm", "libtiff-debugsource-0:4.6.0-6.el10_1.3.aarch64.rpm", "libtiff-devel-0:4.6.0-6.el10_1.3.ppc64le.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Update on Rocky Linux 10 libtiff impacting security with denial of service potential. Important fix needed.. Rocky Linux libtiff security update, denial of service exploit, important security patch. . Severity: Important. LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.