以下是关于漏洞的关键信息: RHSA-2025:21407 - Security Advisory - Synopsis: - Important: libtiff security update - Type/Severity: - Security Advisory: Important - Topic: - An update for libtiff is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. - Description: - The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. The security fix addresses the following vulnerabilities: - LibTIFF Use-After-Free Vulnerability (CVE-2025-8176) - LibTIFF Buffer Overflow (CVE-2025-8177) - LibTIFF Write-What-Where (CVE-2025-9900) - Solution: - For details on how to apply this update, refer to the provided link. - Affected Products: - Red Hat Enterprise Linux Server - Extended Life Cycle Support 7 x86_64 - Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 7 s390x - Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, big endian 7 ppc64 - Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7 ppc64le - Fixes: - BZ - 2383598 - CVE-2025-8176 libtiff: LibTIFF Use-After-Free Vulnerability - BZ - 2383608 - CVE-2025-8177 libtiff: LibTIFF Buffer Overflow - BZ - 2392784 - CVE-2025-9900 libtiff: Libtiff Write-What-Where - CVEs: - CVE-2025-8176 - CVE-2025-8177 - CVE-2025-9900 - References: - Red Hat Security Updates Classification