An update for libtiff is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP2 and openEuler-20.03-LTS-SP3 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2022-1551 Final 1.0 1.0 2022-03-07 Initial 2022-03-07 2022-03-07 openEuler SA Tool V1.0 2022-03-07 libtiff security update An update for libtiff is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP2 and openEuler-20.03-LTS-SP3. TIFF Library and Utilities. Security Fix(es): Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, a fix is available with commit 561599c.(CVE-2022-0562) Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, the fix is available with commit eecb0712.(CVE-2022-0561) An update for libtiff is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP2 and openEuler-20.03-LTS-SP3. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium libtiff https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1551 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-0562 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-0561 https://nvd.nist.gov/vuln/detail/CVE-2022-0562 https://nvd.nist.gov/vuln/detail/CVE-2022-0561 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 openEuler-20.03-LTS-SP3 libtiff-debuginfo-4.1.0-4.oe1.aarch64.rpm libtiff-4.1.0-4.oe1.aarch64.rpm libtiff-debugsource-4.1.0-4.oe1.aarch64.rpm libtiff-devel-4.1.0-4.oe1.aarch64.rpm libtiff-devel-4.1.0-4.oe1.aarch64.rpm libtiff-debuginfo-4.1.0-4.oe1.aarch64.rpm libtiff-debugsource-4.1.0-4.oe1.aarch64.rpm libtiff-4.1.0-4.oe1.aarch64.rpm libtiff-debugsource-4.1.0-4.oe1.aarch64.rpm libtiff-debuginfo-4.1.0-4.oe1.aarch64.rpm libtiff-4.1.0-4.oe1.aarch64.rpm libtiff-devel-4.1.0-4.oe1.aarch64.rpm libtiff-help-4.1.0-4.oe1.noarch.rpm libtiff-help-4.1.0-4.oe1.noarch.rpm libtiff-help-4.1.0-4.oe1.noarch.rpm libtiff-4.1.0-4.oe1.src.rpm libtiff-4.1.0-4.oe1.src.rpm libtiff-4.1.0-4.oe1.src.rpm libtiff-debugsource-4.1.0-4.oe1.x86_64.rpm libtiff-debuginfo-4.1.0-4.oe1.x86_64.rpm libtiff-devel-4.1.0-4.oe1.x86_64.rpm libtiff-4.1.0-4.oe1.x86_64.rpm libtiff-4.1.0-4.oe1.x86_64.rpm libtiff-debugsource-4.1.0-4.oe1.x86_64.rpm libtiff-devel-4.1.0-4.oe1.x86_64.rpm libtiff-debuginfo-4.1.0-4.oe1.x86_64.rpm libtiff-devel-4.1.0-4.oe1.x86_64.rpm libtiff-debugsource-4.1.0-4.oe1.x86_64.rpm libtiff-4.1.0-4.oe1.x86_64.rpm libtiff-debuginfo-4.1.0-4.oe1.x86_64.rpm Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, a fix is available with commit 561599c. 2022-03-07 CVE-2022-0562 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 openEuler-20.03-LTS-SP3 Medium 5.5 AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H libtiff security update 2022-03-07 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1551 Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, the fix is available with commit eecb0712. 2022-03-07 CVE-2022-0561 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 openEuler-20.03-LTS-SP3 Medium 5.5 AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H libtiff security update 2022-03-07 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1551