Amazon Linux Local Security Checks : Amazon Linux: Security Advisory (ALAS-2014-307)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.120528

Categoría: Amazon Linux Local Security Checks

Título: Amazon Linux: Security Advisory (ALAS-2014-307)

Resumen: The remote host is missing an update for the 'libtiff' package(s) announced via the ALAS-2014-307 advisory.

Descripción: Summary:
The remote host is missing an update for the 'libtiff' package(s) announced via the ALAS-2014-307 advisory.

Vulnerability Insight:
A heap-based buffer overflow and a use-after-free flaw were found in the tiff2pdf tool. An attacker could use these flaws to create a specially crafted TIFF file that would cause tiff2pdf to crash or, possibly, execute arbitrary code. (CVE-2013-1960, CVE-2013-4232)

Multiple buffer overflow flaws were found in the gif2tiff tool. An attacker could use these flaws to create a specially crafted GIF file that could cause gif2tiff to crash or, possibly, execute arbitrary code. (CVE-2013-4231, CVE-2013-4243, CVE-2013-4244)

A flaw was found in the way libtiff handled OJPEG-encoded TIFF images. An attacker could use this flaw to create a specially crafted TIFF file that would cause an application using libtiff to crash. (CVE-2010-2596)

Multiple buffer overflow flaws were found in the tiff2pdf tool. An attacker could use these flaws to create a specially crafted TIFF file that would cause tiff2pdf to crash. (CVE-2013-1961)

Affected Software/OS:
'libtiff' package(s) on Amazon Linux.

Solution:
Please install the updated package(s).

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-2596
http://security.gentoo.org/glsa/glsa-201209-02.xml
http://marc.info/?l=oss-security&m=127731610612908&w=2
http://secunia.com/advisories/40422
http://secunia.com/advisories/50726
Common Vulnerability Exposure (CVE) ID: CVE-2013-1960
53237
http://secunia.com/advisories/53237
53765
http://secunia.com/advisories/53765
59609
http://www.securityfocus.com/bid/59609
DSA-2698
http://www.debian.org/security/2013/dsa-2698
FEDORA-2013-7339
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104916.html
FEDORA-2013-7361
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105828.html
FEDORA-2013-7369
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105253.html
RHSA-2014:0223
http://rhn.redhat.com/errata/RHSA-2014-0223.html
[oss-security] 20130502 Fwd: Two libtiff (tiff2pdf flaws)
http://seclists.org/oss-sec/2013/q2/254
https://bugzilla.redhat.com/show_bug.cgi?id=952158
openSUSE-SU-2013:0922
http://lists.opensuse.org/opensuse-updates/2013-06/msg00058.html
openSUSE-SU-2013:0944
http://lists.opensuse.org/opensuse-updates/2013-06/msg00080.html
Common Vulnerability Exposure (CVE) ID: CVE-2013-1961
59607
http://www.securityfocus.com/bid/59607
https://bugzilla.redhat.com/show_bug.cgi?id=952131
Common Vulnerability Exposure (CVE) ID: CVE-2013-4231
54543
http://secunia.com/advisories/54543
54628
http://secunia.com/advisories/54628
61695
http://www.securityfocus.com/bid/61695
DSA-2744
http://www.debian.org/security/2013/dsa-2744
[oss-security] 20130809 Re: CVE Request -- Four (stack-based) buffer overflows and one use-after-free in libtiff v4.0.3 reported by Pedro Ribeiro
http://www.openwall.com/lists/oss-security/2013/08/10/2
[tiff] 20130801 Vulnerabilities in libtiff 4.0.3
http://www.asmail.be/msg0055359936.html
http://bugzilla.maptools.org/show_bug.cgi?id=2450
https://bugzilla.redhat.com/show_bug.cgi?id=995965
Common Vulnerability Exposure (CVE) ID: CVE-2013-4232
http://bugzilla.maptools.org/show_bug.cgi?id=2449
https://bugzilla.redhat.com/show_bug.cgi?id=995975
Common Vulnerability Exposure (CVE) ID: CVE-2013-4243
62082
http://www.securityfocus.com/bid/62082
GLSA-201701-16
https://security.gentoo.org/glsa/201701-16
http://bugzilla.maptools.org/show_bug.cgi?id=2451
https://bugzilla.redhat.com/show_bug.cgi?id=996052
Common Vulnerability Exposure (CVE) ID: CVE-2013-4244
http://bugzilla.maptools.org/show_bug.cgi?id=2452
https://bugzilla.redhat.com/show_bug.cgi?id=996468
https://github.com/vadz/libtiff/commit/ce6841d9e41d621ba23cf18b190ee6a23b2cc833

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.120528
Categoría:	Amazon Linux Local Security Checks
Título:	Amazon Linux: Security Advisory (ALAS-2014-307)
Resumen:	The remote host is missing an update for the 'libtiff' package(s) announced via the ALAS-2014-307 advisory.
Descripción:	Summary: The remote host is missing an update for the 'libtiff' package(s) announced via the ALAS-2014-307 advisory. Vulnerability Insight: A heap-based buffer overflow and a use-after-free flaw were found in the tiff2pdf tool. An attacker could use these flaws to create a specially crafted TIFF file that would cause tiff2pdf to crash or, possibly, execute arbitrary code. (CVE-2013-1960, CVE-2013-4232) Multiple buffer overflow flaws were found in the gif2tiff tool. An attacker could use these flaws to create a specially crafted GIF file that could cause gif2tiff to crash or, possibly, execute arbitrary code. (CVE-2013-4231, CVE-2013-4243, CVE-2013-4244) A flaw was found in the way libtiff handled OJPEG-encoded TIFF images. An attacker could use this flaw to create a specially crafted TIFF file that would cause an application using libtiff to crash. (CVE-2010-2596) Multiple buffer overflow flaws were found in the tiff2pdf tool. An attacker could use these flaws to create a specially crafted TIFF file that would cause tiff2pdf to crash. (CVE-2013-1961) Affected Software/OS: 'libtiff' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-2596 http://security.gentoo.org/glsa/glsa-201209-02.xml http://marc.info/?l=oss-security&m=127731610612908&w=2 http://secunia.com/advisories/40422 http://secunia.com/advisories/50726 Common Vulnerability Exposure (CVE) ID: CVE-2013-1960 53237 http://secunia.com/advisories/53237 53765 http://secunia.com/advisories/53765 59609 http://www.securityfocus.com/bid/59609 DSA-2698 http://www.debian.org/security/2013/dsa-2698 FEDORA-2013-7339 http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104916.html FEDORA-2013-7361 http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105828.html FEDORA-2013-7369 http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105253.html RHSA-2014:0223 http://rhn.redhat.com/errata/RHSA-2014-0223.html [oss-security] 20130502 Fwd: Two libtiff (tiff2pdf flaws) http://seclists.org/oss-sec/2013/q2/254 https://bugzilla.redhat.com/show_bug.cgi?id=952158 openSUSE-SU-2013:0922 http://lists.opensuse.org/opensuse-updates/2013-06/msg00058.html openSUSE-SU-2013:0944 http://lists.opensuse.org/opensuse-updates/2013-06/msg00080.html Common Vulnerability Exposure (CVE) ID: CVE-2013-1961 59607 http://www.securityfocus.com/bid/59607 https://bugzilla.redhat.com/show_bug.cgi?id=952131 Common Vulnerability Exposure (CVE) ID: CVE-2013-4231 54543 http://secunia.com/advisories/54543 54628 http://secunia.com/advisories/54628 61695 http://www.securityfocus.com/bid/61695 DSA-2744 http://www.debian.org/security/2013/dsa-2744 [oss-security] 20130809 Re: CVE Request -- Four (stack-based) buffer overflows and one use-after-free in libtiff v4.0.3 reported by Pedro Ribeiro http://www.openwall.com/lists/oss-security/2013/08/10/2 [tiff] 20130801 Vulnerabilities in libtiff 4.0.3 http://www.asmail.be/msg0055359936.html http://bugzilla.maptools.org/show_bug.cgi?id=2450 https://bugzilla.redhat.com/show_bug.cgi?id=995965 Common Vulnerability Exposure (CVE) ID: CVE-2013-4232 http://bugzilla.maptools.org/show_bug.cgi?id=2449 https://bugzilla.redhat.com/show_bug.cgi?id=995975 Common Vulnerability Exposure (CVE) ID: CVE-2013-4243 62082 http://www.securityfocus.com/bid/62082 GLSA-201701-16 https://security.gentoo.org/glsa/201701-16 http://bugzilla.maptools.org/show_bug.cgi?id=2451 https://bugzilla.redhat.com/show_bug.cgi?id=996052 Common Vulnerability Exposure (CVE) ID: CVE-2013-4244 http://bugzilla.maptools.org/show_bug.cgi?id=2452 https://bugzilla.redhat.com/show_bug.cgi?id=996468 https://github.com/vadz/libtiff/commit/ce6841d9e41d621ba23cf18b190ee6a23b2cc833
Copyright	Copyright (C) 2015 Greenbone AG