Description: | Description: The remote host is missing an update to libtiff announced via advisory FEDORA-2011-5336.
Update Information:
Update to libtiff 3.9.5, incorporating all our previous patches plus other fixes, notably the fix for CVE-2009-5022 Fix incorrect fix for CVE-2011-0192
Add fix for CVE-2011-1167 Fix buffer overrun in fax decoding (CVE-2011-0192) as well as a non-security-critical crash in gif2tiff.
References:
[ 1 ] Bug #695885 - CVE-2009-5022 libtiff ojpeg buffer overflow https://bugzilla.redhat.com/show_bug.cgi?id=695885 [ 2 ] Bug #695887 - CVE-2010-4665 libtiff tiffdump integer overflow https://bugzilla.redhat.com/show_bug.cgi?id=695887 [ 3 ] Bug #684939 - CVE-2011-1167 libtiff: heap-based buffer overflow in thunder decoder (ZDI-11-107) https://bugzilla.redhat.com/show_bug.cgi?id=684939 [ 4 ] Bug #678635 - CVE-2011-0192 libtiff: buffer overflow in Fax4Decode https://bugzilla.redhat.com/show_bug.cgi?id=678635
Solution: Apply the appropriate updates.
This update can be installed with the yum update program. Use su -c 'yum update libtiff' at the command line. For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/.
https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2011-5336
Risk factor : Critical
CVSS Score: 9.3
|