Vulmon
Amazon Linux 2022 Security Advisory: ALAS-2022-194
Advisory Release Date: 2022-11-01 21:24 Pacific
Advisory Updated Date: 2022-11-03 20:57 Pacific
Severity:
Medium
Issue Overview:
A divide-by-zero vulnerability was found in libtiff. This flaw allows an attacker to cause a denial of service via a crafted tiff file. (CVE-2022-2056)
A divide-by-zero vulnerability was found in libtiff. This flaw allows an attacker to cause a denial of service via a crafted tiff file. (CVE-2022-2057)
A divide-by-zero vulnerability was found in libtiff. This flaw allows an attacker to cause a denial of service via a crafted tiff file. (CVE-2022-2058)
A stack overflow flaw was found in the _TIFFVGetField function of Tiffsplit. This vulnerability allows attackers to cause a denial of service (DoS) via a crafted TIFF file. (CVE-2022-34526)
Affected Packages:
libtiff
Issue Correction:
Run dnf update libtiff --releasever=2022.0.20221102 to update your system.
New Packages:
aarch64:
libtiff-debugsource-4.4.0-4.amzn2022.0.1.aarch64
libtiff-static-4.4.0-4.amzn2022.0.1.aarch64
libtiff-debuginfo-4.4.0-4.amzn2022.0.1.aarch64
libtiff-4.4.0-4.amzn2022.0.1.aarch64
libtiff-devel-4.4.0-4.amzn2022.0.1.aarch64
libtiff-tools-debuginfo-4.4.0-4.amzn2022.0.1.aarch64
libtiff-tools-4.4.0-4.amzn2022.0.1.aarch64
i686:
libtiff-debugsource-4.4.0-4.amzn2022.0.1.i686
libtiff-static-4.4.0-4.amzn2022.0.1.i686
libtiff-debuginfo-4.4.0-4.amzn2022.0.1.i686
libtiff-devel-4.4.0-4.amzn2022.0.1.i686
libtiff-tools-debuginfo-4.4.0-4.amzn2022.0.1.i686
libtiff-tools-4.4.0-4.amzn2022.0.1.i686
libtiff-4.4.0-4.amzn2022.0.1.i686
src:
libtiff-4.4.0-4.amzn2022.0.1.src
x86_64:
libtiff-debugsource-4.4.0-4.amzn2022.0.1.x86_64
libtiff-static-4.4.0-4.amzn2022.0.1.x86_64
libtiff-debuginfo-4.4.0-4.amzn2022.0.1.x86_64
libtiff-4.4.0-4.amzn2022.0.1.x86_64
libtiff-tools-debuginfo-4.4.0-4.amzn2022.0.1.x86_64
libtiff-tools-4.4.0-4.amzn2022.0.1.x86_64
libtiff-devel-4.4.0-4.amzn2022.0.1.x86_64