 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.0.831715 |
| Kategorie: | Mandrake Local Security Checks |
| Titel: | Mandriva Update for libtiff MDVSA-2012:127 (libtiff) |
| Zusammenfassung: | The remote host is missing an update for the 'libtiff'; package(s) announced via the referenced advisory. |
| Beschreibung: | Summary: The remote host is missing an update for the 'libtiff' package(s) announced via the referenced advisory. Vulnerability Insight: A vulnerability was found and corrected in libtiff: A heap-based buffer overflow flaw was found in the way tiff2pdf, a TIFF image to a PDF document conversion tool, of libtiff, a library of functions for manipulating TIFF (Tagged Image File Format) image format files, performed write of TIFF image content into particular PDF document file, when not properly initialized T2P context struct pointer has been provided by tiff2pdf (application requesting the conversion) as one of parameters for the routine performing the write. A remote attacker could provide a specially-crafted TIFF image format file, that when processed by tiff2pdf would lead to tiff2pdf executable crash or, potentially, arbitrary code execution with the privileges of the user running the tiff2pdf binary (CVE-2012-3401). The updated packages have been patched to correct this issue. Affected Software/OS: libtiff on Mandriva Linux 2011.0, Mandriva Enterprise Server 5.2 Solution: Please Install the Updated Packages. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P |
| Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2012-3401 49938 http://secunia.com/advisories/49938 50007 http://secunia.com/advisories/50007 50726 http://secunia.com/advisories/50726 54601 http://www.securityfocus.com/bid/54601 84090 http://osvdb.org/84090 DSA-2552 http://www.debian.org/security/2012/dsa-2552 GLSA-201209-02 http://security.gentoo.org/glsa/glsa-201209-02.xml MDVSA-2012:127 http://www.mandriva.com/security/advisories?name=MDVSA-2012:127 RHSA-2012:1590 http://rhn.redhat.com/errata/RHSA-2012-1590.html USN-1511-1 http://www.ubuntu.com/usn/USN-1511-1 [oss-security] 20120719 Re: tiff2pdf: Heap-based buffer overflow due to improper initialization of T2P context struct pointer http://www.openwall.com/lists/oss-security/2012/07/19/4 [oss-security] 20120719 tiff2pdf: Heap-based buffer overflow due to improper initialization of T2P context struct pointer http://www.openwall.com/lists/oss-security/2012/07/19/1 http://libjpeg-turbo.svn.sourceforge.net/viewvc/libjpeg-turbo?view=revision&revision=830 http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf https://bugzilla.redhat.com/attachment.cgi?id=596457 https://bugzilla.redhat.com/show_bug.cgi?id=837577 libtiff-t2preadtiffinit-bo(77088) https://exchange.xforce.ibmcloud.com/vulnerabilities/77088 openSUSE-SU-2012:0955 http://lists.opensuse.org/opensuse-updates/2012-08/msg00011.html |
| Copyright | Copyright (C) 2012 Greenbone AG |
| Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |