Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: glsamaker@g.o
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 202210-10 ] LibTIFF: Multiple Vulnerabilities
Date: Mon, 31 Oct 2022 02:06:25
Message-Id: 166717852029.9.10944068435576565767@90bb6a0775af
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 202210-10
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Low
8 Title: LibTIFF: Multiple Vulnerabilities
9 Date: October 31, 2022
10 Bugs: #830981, #837560
11 ID: 202210-10
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in LibTIFF, the worst of which
19 could result in denial of service.
20
21 Background
22 ==========
23
24 LibTIFF provides support for reading and manipulating TIFF (Tagged Image
25 File Format) images.
26
27 Affected packages
28 =================
29
30 -------------------------------------------------------------------
31 Package / Vulnerable / Unaffected
32 -------------------------------------------------------------------
33 1 media-libs/tiff < 4.4.0 >= 4.4.0
34
35 Description
36 ===========
37
38 Multiple vulnerabilities have been discovered in LibTIFF. Please review
39 the CVE identifiers referenced below for details.
40
41 Impact
42 ======
43
44 Please review the referenced CVE identifiers for details.
45
46 Workaround
47 ==========
48
49 There is no known workaround at this time.
50
51 Resolution
52 ==========
53
54 All LibTIFF users should upgrade to the latest version:
55
56 # emerge --sync
57 # emerge --ask --oneshot --verbose ">=media-libs/tiff-4.4.0"
58
59 References
60 ==========
61
62 [ 1 ] CVE-2022-0561
63 https://nvd.nist.gov/vuln/detail/CVE-2022-0561
64 [ 2 ] CVE-2022-0562
65 https://nvd.nist.gov/vuln/detail/CVE-2022-0562
66 [ 3 ] CVE-2022-0865
67 https://nvd.nist.gov/vuln/detail/CVE-2022-0865
68 [ 4 ] CVE-2022-0891
69 https://nvd.nist.gov/vuln/detail/CVE-2022-0891
70 [ 5 ] CVE-2022-0907
71 https://nvd.nist.gov/vuln/detail/CVE-2022-0907
72 [ 6 ] CVE-2022-0908
73 https://nvd.nist.gov/vuln/detail/CVE-2022-0908
74 [ 7 ] CVE-2022-0909
75 https://nvd.nist.gov/vuln/detail/CVE-2022-0909
76 [ 8 ] CVE-2022-0924
77 https://nvd.nist.gov/vuln/detail/CVE-2022-0924
78 [ 9 ] CVE-2022-1056
79 https://nvd.nist.gov/vuln/detail/CVE-2022-1056
80 [ 10 ] CVE-2022-1210
81 https://nvd.nist.gov/vuln/detail/CVE-2022-1210
82 [ 11 ] CVE-2022-1354
83 https://nvd.nist.gov/vuln/detail/CVE-2022-1354
84 [ 12 ] CVE-2022-1355
85 https://nvd.nist.gov/vuln/detail/CVE-2022-1355
86 [ 13 ] CVE-2022-1622
87 https://nvd.nist.gov/vuln/detail/CVE-2022-1622
88 [ 14 ] CVE-2022-1623
89 https://nvd.nist.gov/vuln/detail/CVE-2022-1623
90 [ 15 ] CVE-2022-22844
91 https://nvd.nist.gov/vuln/detail/CVE-2022-22844
92
93 Availability
94 ============
95
96 This GLSA and any updates to it are available for viewing at
97 the Gentoo Security Website:
98
99 https://security.gentoo.org/glsa/202210-10
100
101 Concerns?
102 =========
103
104 Security is a primary focus of Gentoo Linux and ensuring the
105 confidentiality and security of our users' machines is of utmost
106 importance to us. Any security concerns should be addressed to
107 security@g.o or alternatively, you may file a bug at
108 https://bugs.gentoo.org.
109
110 License
111 =======
112
113 Copyright 2022 Gentoo Foundation, Inc; referenced text
114 belongs to its owner(s).
115
116 The contents of this document are licensed under the
117 Creative Commons - Attribution / Share Alike license.
118
119 https://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups