Test Kennung:	1.3.6.1.4.1.25623.1.0.831361
Kategorie:	Mandrake Local Security Checks
Titel:	Mandriva Update for libtiff MDVSA-2011:064 (libtiff)
Zusammenfassung:	The remote host is missing an update for the 'libtiff'; package(s) announced via the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'libtiff' package(s) announced via the referenced advisory. Vulnerability Insight: Multiple vulnerabilities were discovered and corrected in libtiff: Buffer overflow in LibTIFF allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with JPEG encoding (CVE-2011-0191). Heap-based buffer overflow in the thunder (aka ThunderScan) decoder in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote attackers to execute arbitrary code via crafted THUNDER_2BITDELTAS data in a .tiff file that has an unexpected BitsPerSample value (CVE-2011-1167). Packages for 2009.0 are provided as of the Extended Maintenance Program. The updated packages have been patched to correct these issues. Affected Software/OS: libtiff on Mandriva Linux 2009.0, Mandriva Linux 2009.0/X86_64, Mandriva Linux 2010.0, Mandriva Linux 2010.0/X86_64, Mandriva Linux 2010.1, Mandriva Linux 2010.1/X86_64, Mandriva Enterprise Server 5, Mandriva Enterprise Server 5/X86_64 Solution: Please Install the Updated Packages. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2011-0191 http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html http://lists.apple.com/archives/security-announce/2011//Mar/msg00005.html http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html BugTraq ID: 46657 http://www.securityfocus.com/bid/46657 Debian Security Information: DSA-2210 (Google Search) http://www.debian.org/security/2011/dsa-2210 http://www.mandriva.com/security/advisories?name=MDVSA-2011:064 http://secunia.com/advisories/43934 SuSE Security Announcement: SUSE-SR:2011:005 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html SuSE Security Announcement: SUSE-SR:2011:009 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html http://www.vupen.com/english/advisories/2011/0845 http://www.vupen.com/english/advisories/2011/0859 Common Vulnerability Exposure (CVE) ID: CVE-2011-1167 1025257 http://www.securitytracker.com/id?1025257 20110321 ZDI-11-107: Libtiff ThunderCode Decoder THUNDER_2BITDELTAS Remote Code Execution Vulnerability http://www.securityfocus.com/archive/1/517101/100/0/threaded 43900 http://secunia.com/advisories/43900 43934 43974 http://secunia.com/advisories/43974 44117 http://secunia.com/advisories/44117 44135 http://secunia.com/advisories/44135 46951 http://www.securityfocus.com/bid/46951 50726 http://secunia.com/advisories/50726 71256 http://www.osvdb.org/71256 8165 http://securityreason.com/securityalert/8165 ADV-2011-0795 http://www.vupen.com/english/advisories/2011/0795 ADV-2011-0845 ADV-2011-0859 ADV-2011-0860 http://www.vupen.com/english/advisories/2011/0860 ADV-2011-0905 http://www.vupen.com/english/advisories/2011/0905 ADV-2011-0930 http://www.vupen.com/english/advisories/2011/0930 ADV-2011-0960 http://www.vupen.com/english/advisories/2011/0960 APPLE-SA-2012-02-01-1 http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html APPLE-SA-2012-05-09-1 http://lists.apple.com/archives/security-announce/2012/May/msg00001.html APPLE-SA-2012-09-19-1 http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html DSA-2210 FEDORA-2011-3827 http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057840.html FEDORA-2011-3836 http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057763.html GLSA-201209-02 http://security.gentoo.org/glsa/glsa-201209-02.xml MDVSA-2011:064 RHSA-2011:0392 http://www.redhat.com/support/errata/RHSA-2011-0392.html SSA:2011-098-01 http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.587820 SUSE-SR:2011:009 USN-1102-1 http://ubuntu.com/usn/usn-1102-1 http://blackberry.com/btsc/KB27244 http://bugzilla.maptools.org/show_bug.cgi?id=2300 http://support.apple.com/kb/HT5130 http://support.apple.com/kb/HT5281 http://support.apple.com/kb/HT5503 http://www.zerodayinitiative.com/advisories/ZDI-11-107 https://bugzilla.redhat.com/show_bug.cgi?id=684939 libtiff-thundercode-decoder-bo(66247) https://exchange.xforce.ibmcloud.com/vulnerabilities/66247
Copyright	Copyright (C) 2011 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.