Red Hat Local Security Checks : RedHat Security Advisory RHSA-2004:577

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.51157

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2004:577

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory RHSA-2004:577.

The libtiff package contains a library of functions for manipulating TIFF
(Tagged Image File Format) image format files. TIFF is a widely used file
format for bitmapped images.

During a source code audit, Chris Evans discovered a number of integer
overflow bugs that affect libtiff. An attacker who has the ability to trick
a user into opening a malicious TIFF file could cause the application
linked to libtiff to crash or possibly execute arbitrary code. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
names CVE-2004-0886 and CVE-2004-0804 to these issues.

Additionally, a number of buffer overflow bugs that affect libtiff have
been found. An attacker who has the ability to trick a user into opening a
malicious TIFF file could cause the application linked to libtiff to crash
or possibly execute arbitrary code. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CVE-2004-0803 to
this issue.

All users are advised to upgrade to these errata packages, which contain
fixes for these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2004-577.html

Risk factor : High

CVSS Score:
7.5

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2004-0803
BugTraq ID: 11406
http://www.securityfocus.com/bid/11406
Bugtraq: 20041013 CESA-2004-006: libtiff (Google Search)
http://marc.info/?l=bugtraq&m=109778785107450&w=2
CERT/CC vulnerability note: VU#948752
http://www.kb.cert.org/vuls/id/948752
Conectiva Linux advisory: CLA-2004:888
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000888
Debian Security Information: DSA-567 (Google Search)
http://www.debian.org/security/2004/dsa-567
http://www.gentoo.org/security/en/glsa/glsa-200410-11.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2004:109
http://www.mandriva.com/security/advisories?name=MDKSA-2005:052
http://scary.beasts.org/security/CESA-2004-006.txt
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100114
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8896
http://www.redhat.com/support/errata/RHSA-2004-577.html
http://www.redhat.com/support/errata/RHSA-2005-021.html
http://www.redhat.com/support/errata/RHSA-2005-354.html
http://secunia.com/advisories/12818
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1
SuSE Security Announcement: SUSE-SA:2004:038 (Google Search)
http://www.novell.com/linux/security/advisories/2004_38_libtiff.html
XForce ISS Database: libtiff-library-decoding-bo(17703)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17703
Common Vulnerability Exposure (CVE) ID: CVE-2004-0886
CERT/CC vulnerability note: VU#687568
http://www.kb.cert.org/vuls/id/687568
Computer Incident Advisory Center Bulletin: P-015
http://www.ciac.org/ciac/bulletins/p-015.shtml
http://marc.info/?l=bugtraq&m=109779465621929&w=2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100116
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9907
http://securitytracker.com/id?1011674
http://www.trustix.org/errata/2004/0054/
XForce ISS Database: libtiff-bo(17715)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17715
Common Vulnerability Exposure (CVE) ID: CVE-2004-0804
CERT/CC vulnerability note: VU#555304
http://www.kb.cert.org/vuls/id/555304
http://bugzilla.remotesensing.org/show_bug.cgi?id=111
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100115
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11711
XForce ISS Database: libtiff-dos(17755)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17755

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.51157
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2004:577
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2004:577. The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. TIFF is a widely used file format for bitmapped images. During a source code audit, Chris Evans discovered a number of integer overflow bugs that affect libtiff. An attacker who has the ability to trick a user into opening a malicious TIFF file could cause the application linked to libtiff to crash or possibly execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-0886 and CVE-2004-0804 to these issues. Additionally, a number of buffer overflow bugs that affect libtiff have been found. An attacker who has the ability to trick a user into opening a malicious TIFF file could cause the application linked to libtiff to crash or possibly execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0803 to this issue. All users are advised to upgrade to these errata packages, which contain fixes for these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2004-577.html Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0803 BugTraq ID: 11406 http://www.securityfocus.com/bid/11406 Bugtraq: 20041013 CESA-2004-006: libtiff (Google Search) http://marc.info/?l=bugtraq&m=109778785107450&w=2 CERT/CC vulnerability note: VU#948752 http://www.kb.cert.org/vuls/id/948752 Conectiva Linux advisory: CLA-2004:888 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000888 Debian Security Information: DSA-567 (Google Search) http://www.debian.org/security/2004/dsa-567 http://www.gentoo.org/security/en/glsa/glsa-200410-11.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:109 http://www.mandriva.com/security/advisories?name=MDKSA-2005:052 http://scary.beasts.org/security/CESA-2004-006.txt https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100114 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8896 http://www.redhat.com/support/errata/RHSA-2004-577.html http://www.redhat.com/support/errata/RHSA-2005-021.html http://www.redhat.com/support/errata/RHSA-2005-354.html http://secunia.com/advisories/12818 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1 SuSE Security Announcement: SUSE-SA:2004:038 (Google Search) http://www.novell.com/linux/security/advisories/2004_38_libtiff.html XForce ISS Database: libtiff-library-decoding-bo(17703) https://exchange.xforce.ibmcloud.com/vulnerabilities/17703 Common Vulnerability Exposure (CVE) ID: CVE-2004-0886 CERT/CC vulnerability note: VU#687568 http://www.kb.cert.org/vuls/id/687568 Computer Incident Advisory Center Bulletin: P-015 http://www.ciac.org/ciac/bulletins/p-015.shtml http://marc.info/?l=bugtraq&m=109779465621929&w=2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100116 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9907 http://securitytracker.com/id?1011674 http://www.trustix.org/errata/2004/0054/ XForce ISS Database: libtiff-bo(17715) https://exchange.xforce.ibmcloud.com/vulnerabilities/17715 Common Vulnerability Exposure (CVE) ID: CVE-2004-0804 CERT/CC vulnerability note: VU#555304 http://www.kb.cert.org/vuls/id/555304 http://bugzilla.remotesensing.org/show_bug.cgi?id=111 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100115 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11711 XForce ISS Database: libtiff-dos(17755) https://exchange.xforce.ibmcloud.com/vulnerabilities/17755
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com