Fedora Linux 8758 Published by

New libtiff packages have been made available for Fedora 40 to resolve three security vulnerabilities:

[SECURITY] Fedora 40 Update: libtiff-4.6.0-5.fc40.1




[SECURITY] Fedora 40 Update: libtiff-4.6.0-5.fc40.1


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-9c84a7c963
2024-10-25 02:08:03.181957
--------------------------------------------------------------------------------

Name : libtiff
Product : Fedora 40
Version : 4.6.0
Release : 5.fc40.1
URL : http://www.simplesystems.org/libtiff/
Summary : Library of functions for manipulating TIFF format image files
Description :
The libtiff package contains a library of functions for manipulating
TIFF (Tagged Image File Format) image format files. TIFF is a widely
used file format for bitmapped images. TIFF files usually end in the
.tif extension and they are often quite large.

The libtiff package should be installed if you need to manipulate TIFF
format image files.

--------------------------------------------------------------------------------
Update Information:

fix CVE-2024-7006 (rhbz#2302997)
fix CVE-2023-52356 (rhbz#2260112)
fix CVE-2023-6228 (rhbz#2251863)
--------------------------------------------------------------------------------
ChangeLog:

* Wed Oct 23 2024 Michal Hlavinka [mhlavink@redhat.com] - 4.6.0-5.1
- squash history to prevent upgrade-path issue
- fix CVE-2024-7006 (rhbz#2302997)
- fix CVE-2023-52356 (rhbz#2260112)
- fix CVE-2023-6228 (rhbz#2251863)
- revert previous change as per discussion in (#2292047)
* Tue Jul 30 2024 Michal Hlavinka [mhlavink@redhat.com] - 4.6.0-5
- do not carry over libtiff.so.5, it's .so.6 era already (#2292047)
* Mon Jul 22 2024 Michal Hlavinka [mhlavink@redhat.com] - 4.6.0-4
- use uname -m instead of -i for multilib check, as per PR#7
* Thu Jul 18 2024 Fedora Release Engineering [releng@fedoraproject.org] - 4.6.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-9c84a7c963' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--