Test Kennung:	1.3.6.1.4.1.25623.1.0.831750
Kategorie:	Mandrake Local Security Checks
Titel:	Mandriva Update for libtiff MDVSA-2012:174 (libtiff)
Zusammenfassung:	The remote host is missing an update for the 'libtiff'; package(s) announced via the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'libtiff' package(s) announced via the referenced advisory. Vulnerability Insight: Multiple vulnerabilities was found and corrected in libtiff: Heap-based buffer overflow in tif_pixarlog.c in LibTIFF before 4.0.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted TIFF image using the PixarLog Compression format (CVE-2012-4447). ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PPM image that triggers an integer overflow, a zero-memory allocation, and a heap-based buffer overflow (CVE-2012-4564). The updated packages have been patched to correct these issues. Affected Software/OS: libtiff on Mandriva Linux 2011.0, Mandriva Enterprise Server 5.2 Solution: Please Install the Updated Packages. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2012-4447 49938 http://secunia.com/advisories/49938 51049 http://secunia.com/advisories/51049 55673 http://www.securityfocus.com/bid/55673 DSA-2561 http://www.debian.org/security/2012/dsa-2561 RHSA-2012:1590 http://rhn.redhat.com/errata/RHSA-2012-1590.html USN-1631-1 http://www.ubuntu.com/usn/USN-1631-1 [oss-security] 20120925 CVE Request: libtiff: Heap-buffer overflow when processing a TIFF image with PixarLog Compression http://www.openwall.com/lists/oss-security/2012/09/25/9 [oss-security] 20120925 Re: CVE Request: libtiff: Heap-buffer overflow when processing a TIFF image with PixarLog Compression http://www.openwall.com/lists/oss-security/2012/09/25/14 http://www.remotesensing.org/libtiff/v4.0.3.html https://bugzilla.redhat.com/show_bug.cgi?id=860198 openSUSE-SU-2013:0187 http://lists.opensuse.org/opensuse-updates/2013-01/msg00076.html Common Vulnerability Exposure (CVE) ID: CVE-2012-4564 51133 http://secunia.com/advisories/51133 56372 http://www.securityfocus.com/bid/56372 86878 http://www.osvdb.org/86878 DSA-2575 http://www.debian.org/security/2012/dsa-2575 [oss-security] 20121102 Re: libtiff: Missing return value check in ppm2tiff leading to heap-buffer overflow when reading a tiff file http://www.openwall.com/lists/oss-security/2012/11/02/7 [oss-security] 20121102 libtiff: Missing return value check in ppm2tiff leading to heap-buffer overflow when reading a tiff file http://www.openwall.com/lists/oss-security/2012/11/02/3 https://bugzilla.redhat.com/show_bug.cgi?id=871700 libtiff-ppm2tiff-bo(79750) https://exchange.xforce.ibmcloud.com/vulnerabilities/79750
Copyright	Copyright (C) 2012 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.