ID de Prueba:	1.3.6.1.4.1.25623.1.0.51986
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2005:354
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2005:354. TeTeX is an implementation of TeX for Linux or UNIX systems. TeX takes a text file and a set of formatting commands as input and creates a typesetter-independent .dvi (DeVice Independent) file as output. A number of security flaws have been found affecting libraries used internally within teTeX. An attacker who has the ability to trick a user into processing a malicious file with teTeX could cause teTeX to crash or possibly execute arbitrary code. A number of integer overflow bugs that affect Xpdf were discovered. The teTeX package contains a copy of the Xpdf code used for parsing PDF files and is therefore affected by these bugs. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-0888 and CVE-2004-1125 to these issues. A number of integer overflow bugs that affect libtiff were discovered. The teTeX package contains an internal copy of libtiff used for parsing TIFF image files and is therefore affected by these bugs. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-0803, CVE-2004-0804 and CVE-2004-0886 to these issues. Also latex2html is added to package tetex-latex for 64bit platforms. Users of teTeX should upgrade to these updated packages, which contain backported patches and are not vulnerable to these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2005-354.html Risk factor : Critical CVSS Score: 10.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0803 BugTraq ID: 11406 http://www.securityfocus.com/bid/11406 Bugtraq: 20041013 CESA-2004-006: libtiff (Google Search) http://marc.info/?l=bugtraq&m=109778785107450&w=2 CERT/CC vulnerability note: VU#948752 http://www.kb.cert.org/vuls/id/948752 Conectiva Linux advisory: CLA-2004:888 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000888 Debian Security Information: DSA-567 (Google Search) http://www.debian.org/security/2004/dsa-567 http://www.gentoo.org/security/en/glsa/glsa-200410-11.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:109 http://www.mandriva.com/security/advisories?name=MDKSA-2005:052 http://scary.beasts.org/security/CESA-2004-006.txt https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100114 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8896 http://www.redhat.com/support/errata/RHSA-2004-577.html http://www.redhat.com/support/errata/RHSA-2005-021.html http://www.redhat.com/support/errata/RHSA-2005-354.html http://secunia.com/advisories/12818 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1 SuSE Security Announcement: SUSE-SA:2004:038 (Google Search) http://www.novell.com/linux/security/advisories/2004_38_libtiff.html XForce ISS Database: libtiff-library-decoding-bo(17703) https://exchange.xforce.ibmcloud.com/vulnerabilities/17703 Common Vulnerability Exposure (CVE) ID: CVE-2004-0804 CERT/CC vulnerability note: VU#555304 http://www.kb.cert.org/vuls/id/555304 http://bugzilla.remotesensing.org/show_bug.cgi?id=111 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100115 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11711 XForce ISS Database: libtiff-dos(17755) https://exchange.xforce.ibmcloud.com/vulnerabilities/17755 Common Vulnerability Exposure (CVE) ID: CVE-2004-0886 CERT/CC vulnerability note: VU#687568 http://www.kb.cert.org/vuls/id/687568 Computer Incident Advisory Center Bulletin: P-015 http://www.ciac.org/ciac/bulletins/p-015.shtml http://marc.info/?l=bugtraq&m=109779465621929&w=2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100116 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9907 http://securitytracker.com/id?1011674 http://www.trustix.org/errata/2004/0054/ XForce ISS Database: libtiff-bo(17715) https://exchange.xforce.ibmcloud.com/vulnerabilities/17715 Common Vulnerability Exposure (CVE) ID: CVE-2004-0888 BugTraq ID: 11501 http://www.securityfocus.com/bid/11501 Conectiva Linux advisory: CLA-2004:886 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000886 Debian Security Information: DSA-573 (Google Search) http://www.debian.org/security/2004/dsa-573 Debian Security Information: DSA-581 (Google Search) http://www.debian.org/security/2004/dsa-581 Debian Security Information: DSA-599 (Google Search) http://www.debian.org/security/2004/dsa-599 http://marc.info/?l=bugtraq&m=110815379627883&w=2 https://bugzilla.fedora.us/show_bug.cgi?id=2353 http://www.gentoo.org/security/en/glsa/glsa-200410-20.xml http://www.gentoo.org/security/en/glsa/glsa-200410-30.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:113 http://www.mandriva.com/security/advisories?name=MDKSA-2004:114 http://www.mandriva.com/security/advisories?name=MDKSA-2004:115 http://www.mandriva.com/security/advisories?name=MDKSA-2004:116 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9714 http://www.redhat.com/support/errata/RHSA-2004-543.html http://www.redhat.com/support/errata/RHSA-2004-592.html http://www.redhat.com/support/errata/RHSA-2005-066.html SuSE Security Announcement: SUSE-SA:2004:039 (Google Search) http://marc.info/?l=bugtraq&m=109880927526773&w=2 https://www.ubuntu.com/usn/usn-9-1/ XForce ISS Database: xpdf-pdf-bo(17818) https://exchange.xforce.ibmcloud.com/vulnerabilities/17818 Common Vulnerability Exposure (CVE) ID: CVE-2004-1125 BugTraq ID: 12070 http://www.securityfocus.com/bid/12070 Bugtraq: 20041228 KDE Security Advisory: kpdf Buffer Overflow Vulnerability (Google Search) http://marc.info/?t=110378596500001&r=1&w=2 Conectiva Linux advisory: CLA-2005:921 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000921 https://bugzilla.fedora.us/show_bug.cgi?id=2352 http://lists.grok.org.uk/pipermail/full-disclosure/2004-December/030241.html http://www.gentoo.org/security/en/glsa/glsa-200412-25.xml http://www.gentoo.org/security/en/glsa/glsa-200501-13.xml http://www.gentoo.org/security/en/glsa/glsa-200501-17.xml http://www.idefense.com/application/poi/display?id=172&type=vulnerabilities https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10830 http://www.redhat.com/support/errata/RHSA-2005-013.html http://www.redhat.com/support/errata/RHSA-2005-018.html http://www.redhat.com/support/errata/RHSA-2005-026.html http://www.redhat.com/support/errata/RHSA-2005-034.html http://www.redhat.com/support/errata/RHSA-2005-053.html http://www.redhat.com/support/errata/RHSA-2005-057.html SCO Security Bulletin: SCOSA-2005.42 ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.42/SCOSA-2005.42.txt http://securitytracker.com/id?1012646 http://secunia.com/advisories/17277 SuSE Security Announcement: SUSE-SR:2005:001 (Google Search) http://www.novell.com/linux/security/advisories/2005_01_sr.html https://usn.ubuntu.com/50-1/ XForce ISS Database: xpdf-gfx-doimage-bo(18641) https://exchange.xforce.ibmcloud.com/vulnerabilities/18641
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.