Amazon Linux Local Security Checks : Amazon Linux: Security Advisory (ALAS-2012-106)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.120269

Categoría: Amazon Linux Local Security Checks

Título: Amazon Linux: Security Advisory (ALAS-2012-106)

Resumen: The remote host is missing an update for the 'libtiff' package(s) announced via the ALAS-2012-106 advisory.

Descripción: Summary:
The remote host is missing an update for the 'libtiff' package(s) announced via the ALAS-2012-106 advisory.

Vulnerability Insight:
libtiff did not properly convert between signed and unsigned integer values, leading to a buffer overflow. An attacker could use this flaw to create a specially-crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. (CVE-2012-2088)

Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the tiff2pdf tool. An attacker could use these flaws to create a specially-crafted TIFF file that would cause tiff2pdf to crash or, possibly, execute arbitrary code. (CVE-2012-2113)

Affected Software/OS:
'libtiff' package(s) on Amazon Linux.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2012-2088
49686
http://secunia.com/advisories/49686
50726
http://secunia.com/advisories/50726
54270
http://www.securityfocus.com/bid/54270
APPLE-SA-2013-03-14-1
http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html
GLSA-201209-02
http://security.gentoo.org/glsa/glsa-201209-02.xml
MDVSA-2012:101
http://www.mandriva.com/security/advisories?name=MDVSA-2012:101
RHSA-2012:1054
http://rhn.redhat.com/errata/RHSA-2012-1054.html
SUSE-SU-2012:0894
http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00010.html
http://support.apple.com/kb/HT6162
http://support.apple.com/kb/HT6163
https://bugzilla.redhat.com/show_bug.cgi?id=832864
openSUSE-SU-2012:0829
https://hermes.opensuse.org/messages/15083566
Common Vulnerability Exposure (CVE) ID: CVE-2012-2113
49493
http://secunia.com/advisories/49493
54076
http://www.securityfocus.com/bid/54076
DSA-2552
http://www.debian.org/security/2012/dsa-2552
http://www.remotesensing.org/libtiff/v4.0.2.html
https://bugzilla.redhat.com/show_bug.cgi?id=810551

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.120269
Categoría:	Amazon Linux Local Security Checks
Título:	Amazon Linux: Security Advisory (ALAS-2012-106)
Resumen:	The remote host is missing an update for the 'libtiff' package(s) announced via the ALAS-2012-106 advisory.
Descripción:	Summary: The remote host is missing an update for the 'libtiff' package(s) announced via the ALAS-2012-106 advisory. Vulnerability Insight: libtiff did not properly convert between signed and unsigned integer values, leading to a buffer overflow. An attacker could use this flaw to create a specially-crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. (CVE-2012-2088) Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the tiff2pdf tool. An attacker could use these flaws to create a specially-crafted TIFF file that would cause tiff2pdf to crash or, possibly, execute arbitrary code. (CVE-2012-2113) Affected Software/OS: 'libtiff' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-2088 49686 http://secunia.com/advisories/49686 50726 http://secunia.com/advisories/50726 54270 http://www.securityfocus.com/bid/54270 APPLE-SA-2013-03-14-1 http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html GLSA-201209-02 http://security.gentoo.org/glsa/glsa-201209-02.xml MDVSA-2012:101 http://www.mandriva.com/security/advisories?name=MDVSA-2012:101 RHSA-2012:1054 http://rhn.redhat.com/errata/RHSA-2012-1054.html SUSE-SU-2012:0894 http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00010.html http://support.apple.com/kb/HT6162 http://support.apple.com/kb/HT6163 https://bugzilla.redhat.com/show_bug.cgi?id=832864 openSUSE-SU-2012:0829 https://hermes.opensuse.org/messages/15083566 Common Vulnerability Exposure (CVE) ID: CVE-2012-2113 49493 http://secunia.com/advisories/49493 54076 http://www.securityfocus.com/bid/54076 DSA-2552 http://www.debian.org/security/2012/dsa-2552 http://www.remotesensing.org/libtiff/v4.0.2.html https://bugzilla.redhat.com/show_bug.cgi?id=810551
Copyright	Copyright (C) 2015 Greenbone AG