Amazon Linux Local Security Checks : Amazon Linux: Security Advisory (ALAS-2012-65)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.120591

Categoría: Amazon Linux Local Security Checks

Título: Amazon Linux: Security Advisory (ALAS-2012-65)

Resumen: The remote host is missing an update for the 'libtiff' package(s) announced via the ALAS-2012-65 advisory.

Descripción: Summary:
The remote host is missing an update for the 'libtiff' package(s) announced via the ALAS-2012-65 advisory.

Vulnerability Insight:
Two integer overflow flaws, leading to heap-based buffer overflows, were found in the way libtiff attempted to allocate space for a tile in a TIFF image file. An attacker could use these flaws to create a specially-crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. (CVE-2012-1173)

Affected Software/OS:
'libtiff' package(s) on Amazon Linux.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2012-1173
1026895
http://www.securitytracker.com/id?1026895
48684
http://secunia.com/advisories/48684
48722
http://secunia.com/advisories/48722
48735
http://secunia.com/advisories/48735
48757
http://secunia.com/advisories/48757
48893
http://secunia.com/advisories/48893
50726
http://secunia.com/advisories/50726
52891
http://www.securityfocus.com/bid/52891
81025
http://www.osvdb.org/81025
APPLE-SA-2012-09-19-1
http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
APPLE-SA-2012-09-19-2
http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
DSA-2447
http://www.debian.org/security/2012/dsa-2447
FEDORA-2012-5406
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078403.html
FEDORA-2012-5410
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078835.html
FEDORA-2012-5463
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077463.html
GLSA-201209-02
http://security.gentoo.org/glsa/glsa-201209-02.xml
MDVSA-2012:054
http://www.mandriva.com/security/advisories?name=MDVSA-2012:054
RHSA-2012:0468
http://rhn.redhat.com/errata/RHSA-2012-0468.html
USN-1416-1
http://ubuntu.com/usn/usn-1416-1
http://bugzilla.maptools.org/attachment.cgi?id=477&action=diff
http://bugzilla.maptools.org/show_bug.cgi?id=2369
http://home.gdal.org/private/zdi-can-1221/zdi-can-1221.txt
http://support.apple.com/kb/HT5501
http://support.apple.com/kb/HT5503
https://downloads.avaya.com/css/P8/documents/100161772
libtiff-gttileseparate-bo(74656)
https://exchange.xforce.ibmcloud.com/vulnerabilities/74656
openSUSE-SU-2012:0539
https://hermes.opensuse.org/messages/14302713

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.120591
Categoría:	Amazon Linux Local Security Checks
Título:	Amazon Linux: Security Advisory (ALAS-2012-65)
Resumen:	The remote host is missing an update for the 'libtiff' package(s) announced via the ALAS-2012-65 advisory.
Descripción:	Summary: The remote host is missing an update for the 'libtiff' package(s) announced via the ALAS-2012-65 advisory. Vulnerability Insight: Two integer overflow flaws, leading to heap-based buffer overflows, were found in the way libtiff attempted to allocate space for a tile in a TIFF image file. An attacker could use these flaws to create a specially-crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. (CVE-2012-1173) Affected Software/OS: 'libtiff' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-1173 1026895 http://www.securitytracker.com/id?1026895 48684 http://secunia.com/advisories/48684 48722 http://secunia.com/advisories/48722 48735 http://secunia.com/advisories/48735 48757 http://secunia.com/advisories/48757 48893 http://secunia.com/advisories/48893 50726 http://secunia.com/advisories/50726 52891 http://www.securityfocus.com/bid/52891 81025 http://www.osvdb.org/81025 APPLE-SA-2012-09-19-1 http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html APPLE-SA-2012-09-19-2 http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html DSA-2447 http://www.debian.org/security/2012/dsa-2447 FEDORA-2012-5406 http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078403.html FEDORA-2012-5410 http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078835.html FEDORA-2012-5463 http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077463.html GLSA-201209-02 http://security.gentoo.org/glsa/glsa-201209-02.xml MDVSA-2012:054 http://www.mandriva.com/security/advisories?name=MDVSA-2012:054 RHSA-2012:0468 http://rhn.redhat.com/errata/RHSA-2012-0468.html USN-1416-1 http://ubuntu.com/usn/usn-1416-1 http://bugzilla.maptools.org/attachment.cgi?id=477&action=diff http://bugzilla.maptools.org/show_bug.cgi?id=2369 http://home.gdal.org/private/zdi-can-1221/zdi-can-1221.txt http://support.apple.com/kb/HT5501 http://support.apple.com/kb/HT5503 https://downloads.avaya.com/css/P8/documents/100161772 libtiff-gttileseparate-bo(74656) https://exchange.xforce.ibmcloud.com/vulnerabilities/74656 openSUSE-SU-2012:0539 https://hermes.opensuse.org/messages/14302713
Copyright	Copyright (C) 2015 Greenbone AG