Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Test ID: | 1.3.6.1.4.1.25623.1.0.871133 |
Category: | Red Hat Local Security Checks |
Title: | RedHat Update for libtiff RHSA-2014:0222-01 |
Summary: | The remote host is missing an update for the 'libtiff'; package(s) announced via the referenced advisory. |
Description: | Summary: The remote host is missing an update for the 'libtiff' package(s) announced via the referenced advisory. Vulnerability Insight: The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. A heap-based buffer overflow and a use-after-free flaw were found in the tiff2pdf tool. An attacker could use these flaws to create a specially crafted TIFF file that would cause tiff2pdf to crash or, possibly, execute arbitrary code. (CVE-2013-1960, CVE-2013-4232) Multiple buffer overflow flaws were found in the gif2tiff tool. An attacker could use these flaws to create a specially crafted GIF file that could cause gif2tiff to crash or, possibly, execute arbitrary code. (CVE-2013-4231, CVE-2013-4243, CVE-2013-4244) A flaw was found in the way libtiff handled OJPEG-encoded TIFF images. An attacker could use this flaw to create a specially crafted TIFF file that would cause an application using libtiff to crash. (CVE-2010-2596) Multiple buffer overflow flaws were found in the tiff2pdf tool. An attacker could use these flaws to create a specially crafted TIFF file that would cause tiff2pdf to crash. (CVE-2013-1961) Red Hat would like to thank Emmanuel Bouillon of NCI Agency for reporting CVE-2013-1960 and CVE-2013-1961. The CVE-2013-4243 issue was discovered by Murray McAllister of the Red Hat Security Response Team, and the CVE-2013-4244 issue was discovered by Huzaifa Sidhpurwala of the Red Hat Security Response Team. All libtiff users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running applications linked against libtiff must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at the references. 5. Bugs fixed: 610759 - CVE-2010-2596 libtiff: assertion failure on downsampled OJPEG file Affected Software/OS: libtiff on Red Hat Enterprise Linux Desktop (v. 6), Red Hat Enterprise Linux Server (v. 6), Red Hat Enterprise Linux Workstation (v. 6) Solution: Please Install the Updated Packages. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C |
Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2010-2596 http://security.gentoo.org/glsa/glsa-201209-02.xml http://marc.info/?l=oss-security&m=127731610612908&w=2 http://secunia.com/advisories/40422 http://secunia.com/advisories/50726 Common Vulnerability Exposure (CVE) ID: CVE-2013-1960 BugTraq ID: 59609 http://www.securityfocus.com/bid/59609 Debian Security Information: DSA-2698 (Google Search) http://www.debian.org/security/2013/dsa-2698 http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104916.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105828.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105253.html http://seclists.org/oss-sec/2013/q2/254 RedHat Security Advisories: RHSA-2014:0223 http://rhn.redhat.com/errata/RHSA-2014-0223.html http://secunia.com/advisories/53237 http://secunia.com/advisories/53765 SuSE Security Announcement: openSUSE-SU-2013:0922 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-06/msg00058.html SuSE Security Announcement: openSUSE-SU-2013:0944 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-06/msg00080.html Common Vulnerability Exposure (CVE) ID: CVE-2013-1961 BugTraq ID: 59607 http://www.securityfocus.com/bid/59607 Common Vulnerability Exposure (CVE) ID: CVE-2013-4231 BugTraq ID: 61695 http://www.securityfocus.com/bid/61695 Debian Security Information: DSA-2744 (Google Search) http://www.debian.org/security/2013/dsa-2744 http://www.openwall.com/lists/oss-security/2013/08/10/2 http://www.asmail.be/msg0055359936.html http://secunia.com/advisories/54543 http://secunia.com/advisories/54628 Common Vulnerability Exposure (CVE) ID: CVE-2013-4232 Common Vulnerability Exposure (CVE) ID: CVE-2013-4243 BugTraq ID: 62082 http://www.securityfocus.com/bid/62082 https://security.gentoo.org/glsa/201701-16 Common Vulnerability Exposure (CVE) ID: CVE-2013-4244 |
Copyright | Copyright (C) 2014 Greenbone Networks GmbH |
This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |