libtiff-4.0.9-36.el8_10

エラータID: AXSA:2025-11085:07

リリース日: 
2025/11/12 Wednesday - 14:56
題名: 
libtiff-4.0.9-36.el8_10
影響のあるチャネル: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

以下項目について対処しました。

[Security Fix]
- libtiff には、メモリ領域の解放後利用の問題があるため、ローカル
の攻撃者により、情報の漏洩、データ破壊、およびサービス拒否攻撃を
可能とする脆弱性が存在します。(CVE-2025-8176)

解決策: 

パッケージをアップデートしてください。

CVE: 
CVE-2025-8176
A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as critical. This vulnerability affects the function get_histogram of the file tools/tiffmedian.c. The manipulation leads to use after free. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as fe10872e53efba9cc36c66ac4ab3b41a839d5172. It is recommended to apply a patch to fix this issue.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. libtiff-4.0.9-36.el8_10.src.rpm
    MD5: 64f888157169339caf9113fae5da4239
    SHA-256: 0f9b81db85f0bcdd4a9fcade7de35feb83f80c9b981989abe8091462fabcaa75
    Size: 2.28 MB

Asianux Server 8 for x86_64
  1. libtiff-4.0.9-36.el8_10.i686.rpm
    MD5: ac558f97f039eda679162b0862aefd4a
    SHA-256: 31fed375acf1fd0072e6dd83b7045618d6854aa0273b52d5bc6939a25f2c53d6
    Size: 204.41 kB
  2. libtiff-4.0.9-36.el8_10.x86_64.rpm
    MD5: 5bd1496e4c6ee0dc5e014e6f995dca93
    SHA-256: 48378adf2496f0c5098681b45982fb9c07422eca15196348b8062ed6eaaa998a
    Size: 189.76 kB
  3. libtiff-devel-4.0.9-36.el8_10.i686.rpm
    MD5: 019b30ce91ace6f7434074d8ed413651
    SHA-256: ea949aaab2e878cec4ded7c3cfa7d9cf6ba09f14a7727e87509d04cb994b3b09
    Size: 512.29 kB
  4. libtiff-devel-4.0.9-36.el8_10.x86_64.rpm
    MD5: 51b12254b2cfa8e933cb606cf123c285
    SHA-256: 476797952657deb84c3c19b5e6704131180605612b4c83287324b25501f4323f
    Size: 512.28 kB
  5. libtiff-tools-4.0.9-36.el8_10.x86_64.rpm
    MD5: 9ee006f81f7901526f615f5f96d2925b
    SHA-256: 0d154a856af55e892cf75a3fbe6110b7518bf88b75356818a05bbc59a8f79523
    Size: 256.02 kB