Test ID:	1.3.6.1.4.1.25623.1.0.52820
Category:	Turbolinux Local Security Tests
Title:	Turbolinux TLSA-2005-4 (libtiff)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to libtiff announced via advisory TLSA-2005-4. The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. Multiple issues exist in libtiff: - Multiple vulnerabilities in libtiff's RLE (run length encoding) decoders - Vulnerability in tif_dirread.c - Multiple integer overflows - Integer overflow in tif_dirread.c and tif_fax3.c These vulnerabilities may allow remote attackers to execute arbitrary code via malformed TIFF image files. Solution: Please use the turbopkg (zabom) tool to apply the update. http://www.securityspace.com/smysecure/catid.html?in=TLSA-2005-4 Risk factor : Critical CVSS Score: 10.0
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0803 BugTraq ID: 11406 http://www.securityfocus.com/bid/11406 Bugtraq: 20041013 CESA-2004-006: libtiff (Google Search) http://marc.info/?l=bugtraq&m=109778785107450&w=2 CERT/CC vulnerability note: VU#948752 http://www.kb.cert.org/vuls/id/948752 Conectiva Linux advisory: CLA-2004:888 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000888 Debian Security Information: DSA-567 (Google Search) http://www.debian.org/security/2004/dsa-567 http://www.gentoo.org/security/en/glsa/glsa-200410-11.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:109 http://www.mandriva.com/security/advisories?name=MDKSA-2005:052 http://scary.beasts.org/security/CESA-2004-006.txt https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100114 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8896 http://www.redhat.com/support/errata/RHSA-2004-577.html http://www.redhat.com/support/errata/RHSA-2005-021.html http://www.redhat.com/support/errata/RHSA-2005-354.html http://secunia.com/advisories/12818 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1 SuSE Security Announcement: SUSE-SA:2004:038 (Google Search) http://www.novell.com/linux/security/advisories/2004_38_libtiff.html XForce ISS Database: libtiff-library-decoding-bo(17703) https://exchange.xforce.ibmcloud.com/vulnerabilities/17703 Common Vulnerability Exposure (CVE) ID: CVE-2004-0804 CERT/CC vulnerability note: VU#555304 http://www.kb.cert.org/vuls/id/555304 http://bugzilla.remotesensing.org/show_bug.cgi?id=111 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100115 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11711 XForce ISS Database: libtiff-dos(17755) https://exchange.xforce.ibmcloud.com/vulnerabilities/17755 Common Vulnerability Exposure (CVE) ID: CVE-2004-0886 CERT/CC vulnerability note: VU#687568 http://www.kb.cert.org/vuls/id/687568 Computer Incident Advisory Center Bulletin: P-015 http://www.ciac.org/ciac/bulletins/p-015.shtml http://marc.info/?l=bugtraq&m=109779465621929&w=2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100116 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9907 http://securitytracker.com/id?1011674 http://www.trustix.org/errata/2004/0054/ XForce ISS Database: libtiff-bo(17715) https://exchange.xforce.ibmcloud.com/vulnerabilities/17715 Common Vulnerability Exposure (CVE) ID: CVE-2004-1183 BugTraq ID: 12173 http://www.securityfocus.com/bid/12173 Bugtraq: 20050106 [USN-54-1] TIFF library tool vulnerability (Google Search) http://marc.info/?l=bugtraq&m=110503635113419&w=2 Conectiva Linux advisory: CLA-2005:920 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000920 Debian Security Information: DSA-626 (Google Search) http://www.debian.org/security/2004/dsa-626 http://security.gentoo.org/glsa/glsa-200501-06.xml http://www.mandriva.com/security/advisories?name=MDKSA-2005:001 http://www.mandriva.com/security/advisories?name=MDKSA-2005:002 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9743 http://www.redhat.com/support/errata/RHSA-2005-019.html http://www.redhat.com/support/errata/RHSA-2005-035.html http://secunia.com/advisories/13728/ http://secunia.com/advisories/13776 SuSE Security Announcement: SUSE-SA:2005:001 (Google Search) http://www.novell.com/linux/security/advisories/2005_01_libtiff_tiff.html XForce ISS Database: libtiff-tiffdump-bo(18782) https://exchange.xforce.ibmcloud.com/vulnerabilities/18782 Common Vulnerability Exposure (CVE) ID: CVE-2004-1308 http://lists.apple.com/archives/security-announce/2005/May/msg00001.html Cert/CC Advisory: TA05-136A http://www.us-cert.gov/cas/techalerts/TA05-136A.html CERT/CC vulnerability note: VU#125598 http://www.kb.cert.org/vuls/id/125598 Debian Security Information: DSA-617 (Google Search) http://www.debian.org/security/2004/dsa-617 http://www.idefense.com/application/poi/display?id=174&type=vulnerabilities https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100117 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9392 XForce ISS Database: libtiff-tiff-tdircount-bo(18637) https://exchange.xforce.ibmcloud.com/vulnerabilities/18637
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.