ID de Prueba:	1.3.6.1.4.1.25623.1.0.120176
Categoría:	Amazon Linux Local Security Checks
Título:	Amazon Linux: Security Advisory (ALAS-2012-147)
Resumen:	The remote host is missing an update for the 'libtiff' package(s) announced via the ALAS-2012-147 advisory.
Descripción:	Summary: The remote host is missing an update for the 'libtiff' package(s) announced via the ALAS-2012-147 advisory. Vulnerability Insight: A heap-based buffer overflow flaw was found in the way libtiff processed certain TIFF images using the Pixar Log Format encoding. An attacker could create a specially-crafted TIFF file that, when opened, could cause an application using libtiff to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2012-4447) A stack-based buffer overflow flaw was found in the way libtiff handled DOTRANGE tags. An attacker could use this flaw to create a specially-crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. (CVE-2012-5581) A heap-based buffer overflow flaw was found in the tiff2pdf tool. An attacker could use this flaw to create a specially-crafted TIFF file that would cause tiff2pdf to crash or, possibly, execute arbitrary code. (CVE-2012-3401) A missing return value check flaw, leading to a heap-based buffer overflow, was found in the ppm2tiff tool. An attacker could use this flaw to create a specially-crafted PPM (Portable Pixel Map) file that would cause ppm2tiff to crash or, possibly, execute arbitrary code. (CVE-2012-4564) Affected Software/OS: 'libtiff' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-3401 49938 http://secunia.com/advisories/49938 50007 http://secunia.com/advisories/50007 50726 http://secunia.com/advisories/50726 54601 http://www.securityfocus.com/bid/54601 84090 http://osvdb.org/84090 DSA-2552 http://www.debian.org/security/2012/dsa-2552 GLSA-201209-02 http://security.gentoo.org/glsa/glsa-201209-02.xml MDVSA-2012:127 http://www.mandriva.com/security/advisories?name=MDVSA-2012:127 RHSA-2012:1590 http://rhn.redhat.com/errata/RHSA-2012-1590.html USN-1511-1 http://www.ubuntu.com/usn/USN-1511-1 [oss-security] 20120719 Re: tiff2pdf: Heap-based buffer overflow due to improper initialization of T2P context struct pointer http://www.openwall.com/lists/oss-security/2012/07/19/4 [oss-security] 20120719 tiff2pdf: Heap-based buffer overflow due to improper initialization of T2P context struct pointer http://www.openwall.com/lists/oss-security/2012/07/19/1 http://libjpeg-turbo.svn.sourceforge.net/viewvc/libjpeg-turbo?view=revision&revision=830 http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf https://bugzilla.redhat.com/attachment.cgi?id=596457 https://bugzilla.redhat.com/show_bug.cgi?id=837577 libtiff-t2preadtiffinit-bo(77088) https://exchange.xforce.ibmcloud.com/vulnerabilities/77088 openSUSE-SU-2012:0955 http://lists.opensuse.org/opensuse-updates/2012-08/msg00011.html Common Vulnerability Exposure (CVE) ID: CVE-2012-4447 51049 http://secunia.com/advisories/51049 55673 http://www.securityfocus.com/bid/55673 DSA-2561 http://www.debian.org/security/2012/dsa-2561 USN-1631-1 http://www.ubuntu.com/usn/USN-1631-1 [oss-security] 20120925 CVE Request: libtiff: Heap-buffer overflow when processing a TIFF image with PixarLog Compression http://www.openwall.com/lists/oss-security/2012/09/25/9 [oss-security] 20120925 Re: CVE Request: libtiff: Heap-buffer overflow when processing a TIFF image with PixarLog Compression http://www.openwall.com/lists/oss-security/2012/09/25/14 http://www.remotesensing.org/libtiff/v4.0.3.html https://bugzilla.redhat.com/show_bug.cgi?id=860198 openSUSE-SU-2013:0187 http://lists.opensuse.org/opensuse-updates/2013-01/msg00076.html Common Vulnerability Exposure (CVE) ID: CVE-2012-4564 51133 http://secunia.com/advisories/51133 56372 http://www.securityfocus.com/bid/56372 86878 http://www.osvdb.org/86878 DSA-2575 http://www.debian.org/security/2012/dsa-2575 [oss-security] 20121102 Re: libtiff: Missing return value check in ppm2tiff leading to heap-buffer overflow when reading a tiff file http://www.openwall.com/lists/oss-security/2012/11/02/7 [oss-security] 20121102 libtiff: Missing return value check in ppm2tiff leading to heap-buffer overflow when reading a tiff file http://www.openwall.com/lists/oss-security/2012/11/02/3 https://bugzilla.redhat.com/show_bug.cgi?id=871700 libtiff-ppm2tiff-bo(79750) https://exchange.xforce.ibmcloud.com/vulnerabilities/79750 Common Vulnerability Exposure (CVE) ID: CVE-2012-5581 51491 http://secunia.com/advisories/51491 56715 http://www.securityfocus.com/bid/56715 DSA-2589 http://www.debian.org/security/2012/dsa-2589 USN-1655-1 http://www.ubuntu.com/usn/USN-1655-1 [oss-security] 20121128 libtiff: Stack based buffer overflow when handling DOTRANGE tags http://www.openwall.com/lists/oss-security/2012/11/28/1 https://bugzilla.redhat.com/show_bug.cgi?id=867235 libtiff-dotrange-bo(80339) https://exchange.xforce.ibmcloud.com/vulnerabilities/80339
Copyright	Copyright (C) 2015 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.