Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.880477
Category:CentOS Local Security Checks
Title:CentOS Update for libtiff CESA-2011:0318 centos4 i386
Summary:The remote host is missing an update for the 'libtiff'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'libtiff'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The libtiff packages contain a library of functions for manipulating Tagged
Image File Format (TIFF) files.

A heap-based buffer overflow flaw was found in the way libtiff processed
certain TIFF Internet Fax image files, compressed with the CCITT Group 4
compression algorithm. An attacker could use this flaw to create a
specially-crafted TIFF file that, when opened, would cause an application
linked against libtiff to crash or, possibly, execute arbitrary code.
(CVE-2011-0192)

Red Hat would like to thank Apple Product Security for reporting this
issue.

All libtiff users should upgrade to these updated packages, which contain a
backported patch to resolve this issue. All running applications linked
against libtiff must be restarted for this update to take effect.

Affected Software/OS:
libtiff on CentOS 4

Solution:
Please install the updated packages.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2011-0192
http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html
http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html
http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html
http://lists.apple.com/archives/security-announce/2011//Mar/msg00005.html
http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html
BugTraq ID: 46658
http://www.securityfocus.com/bid/46658
Debian Security Information: DSA-2210 (Google Search)
http://www.debian.org/security/2011/dsa-2210
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055683.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055240.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057840.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057763.html
http://security.gentoo.org/glsa/glsa-201209-02.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2011:043
http://www.redhat.com/support/errata/RHSA-2011-0318.html
http://www.securitytracker.com/id?1025153
http://secunia.com/advisories/43585
http://secunia.com/advisories/43593
http://secunia.com/advisories/43664
http://secunia.com/advisories/43934
http://secunia.com/advisories/44117
http://secunia.com/advisories/44135
http://secunia.com/advisories/50726
http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.587820
SuSE Security Announcement: SUSE-SR:2011:005 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
SuSE Security Announcement: SUSE-SR:2011:009 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
http://www.vupen.com/english/advisories/2011/0551
http://www.vupen.com/english/advisories/2011/0599
http://www.vupen.com/english/advisories/2011/0621
http://www.vupen.com/english/advisories/2011/0845
http://www.vupen.com/english/advisories/2011/0905
http://www.vupen.com/english/advisories/2011/0930
http://www.vupen.com/english/advisories/2011/0960
CopyrightCopyright (c) 2011 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.