libtiff-4.0.9-27.el8
エラータID: AXSA:2023-5569:04
リリース日:
2023/05/26 Friday - 11:53
題名:
libtiff-4.0.9-27.el8
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- LibTIFF の libtiff/tif_unix.c の _TIFFmemcpy 関数には、
extractImageSection 関数から呼び出された場合に境界外書き込みが
発生する問題があるため、リモートの攻撃者により、巧妙に細工された
tiff ファイルを介して、サービス拒否攻撃を可能とする脆弱性が存在
します。(CVE-2022-3627)
- LibTIFF の libtiff/tif_getimage.c の TIFFReadRGBATileExt 関数
には、整数オーバーフローが発生する問題が存在します。
(CVE-2022-3970)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2022-3627
LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6860, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.
LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6860, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.
CVE-2022-3970
A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function TIFFReadRGBATileExt of the file libtiff/tif_getimage.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 227500897dfb07fb7d27f7aa570050e62617e3be. It is recommended to apply a patch to fix this issue. The identifier VDB-213549 was assigned to this vulnerability.
A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function TIFFReadRGBATileExt of the file libtiff/tif_getimage.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 227500897dfb07fb7d27f7aa570050e62617e3be. It is recommended to apply a patch to fix this issue. The identifier VDB-213549 was assigned to this vulnerability.
追加情報:
N/A
ダウンロード:
SRPMS
- libtiff-4.0.9-27.el8.src.rpm
MD5: eb369086804bf31f59e0f5b5525ec2e6
SHA-256: c59ed0cd4b32b20396ef51d4294c3cd9c8fd20f60de3610e88423ad16b665ef4
Size: 2.27 MB
Asianux Server 8 for x86_64
- libtiff-4.0.9-27.el8.i686.rpm
MD5: 840f3bacb16d7bfbfadfdfc401b390d2
SHA-256: 688f07aed52027eb9a4fb6fa351a1841b1de17f2726975b1b53c623e2397b4a8
Size: 202.61 kB - libtiff-4.0.9-27.el8.x86_64.rpm
MD5: 953acec6b8d5edc92a988c9841a3a16e
SHA-256: 86b1c0751ec674200bc587da61a61e0418cafb399c366bb3919ed2590cd95d82
Size: 187.93 kB - libtiff-devel-4.0.9-27.el8.i686.rpm
MD5: 4102f6b2ede429e77c35cb19e95f36af
SHA-256: b8defd615e1d2aa152ceac1b4b40ea22469147efd25549cba2916e4db8ee843d
Size: 511.01 kB - libtiff-devel-4.0.9-27.el8.x86_64.rpm
MD5: e2c33873c3ef7c32528160d9a97845fd
SHA-256: 708fed19ed4813037e4d18abd77c668a357557c1facc64f3d2bbbe44996dd6c8
Size: 510.99 kB - libtiff-tools-4.0.9-27.el8.x86_64.rpm
MD5: acb32fac2385f2a55d9b13f7c45be038
SHA-256: 01bb07226b019b6f3c06a6db7d95519fc5e6522a3e73d2c3bc4a1434e5ade0a5
Size: 254.04 kB
English