Release Info

Advisory: CLSA-2025:1745531344

OS: AlmaLinux 9.2 ESU

Public date: 2025-04-24 21:49:07

Project: libtiff

Version: 4.4.0-8.el9_2.tuxcare.els4

Errata link: https://errata.tuxcare.com/els_os/almalinux9.2esu/CLSA-2025-1745531344.html

Changelog

- CVE-2023-40745: prevent integer overflow on hostile images to avoid heap-based buffer overflow and potential code execution - CVE-2023-41175: address integer overflows and bypass in raw2tiff.c to prevent heap-based buffer overflow and potential code execution

Update

Update command: dnf update libtiff*

Packages list

libtiff-4.4.0-8.el9_2.tuxcare.els4.i686.rpm libtiff-4.4.0-8.el9_2.tuxcare.els4.x86_64.rpm libtiff-devel-4.4.0-8.el9_2.tuxcare.els4.i686.rpm libtiff-devel-4.4.0-8.el9_2.tuxcare.els4.x86_64.rpm libtiff-static-4.4.0-8.el9_2.tuxcare.els4.x86_64.rpm libtiff-tools-4.4.0-8.el9_2.tuxcare.els4.x86_64.rpm

CVEs

CVE-2023-52356
CVE-2023-26966
CVE-2023-41175
CVE-2023-40745
CVE-2023-26965