ID de Prueba:	1.3.6.1.4.1.25623.1.0.61529
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDVSA-2008:184 (libtiff)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to libtiff announced via advisory MDVSA-2008:184. Drew Yaro of the Apple Product Security Team reported multiple uses of uninitialized values in libtiff's LZW compression algorithm decoder. An attacker could create a carefully crafted LZW-encoded TIFF file that would cause an application linked to libtiff to crash or potentially execute arbitrary code (CVE-2008-2327). The updated packages have been patched to prevent this issue. Affected: 2007.1, 2008.0, 2008.1, Corporate 3.0, Corporate 4.0, Multi Network Firewall 2.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2008:184 Risk factor : High CVSS Score: 6.8
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-2327 http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html BugTraq ID: 30832 http://www.securityfocus.com/bid/30832 Bugtraq: 20080905 rPSA-2008-0268-1 libtiff (Google Search) http://www.securityfocus.com/archive/1/496033/100/0/threaded Bugtraq: 20081031 VMSA-2008-0017 Updated ESX packages for libxml2, ucd-snmp, libtiff (Google Search) http://www.securityfocus.com/archive/1/497962/100/0/threaded Cert/CC Advisory: TA08-260A http://www.us-cert.gov/cas/techalerts/TA08-260A.html Debian Security Information: DSA-1632 (Google Search) http://www.debian.org/security/2008/dsa-1632 https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00102.html https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00121.html http://security.gentoo.org/glsa/glsa-200809-07.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:184 http://www.vmware.com/security/advisories/VMSA-2008-0017.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11489 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5514 http://www.redhat.com/support/errata/RHSA-2008-0847.html http://www.redhat.com/support/errata/RHSA-2008-0848.html http://www.redhat.com/support/errata/RHSA-2008-0863.html http://www.securitytracker.com/id?1020750 http://secunia.com/advisories/31610 http://secunia.com/advisories/31623 http://secunia.com/advisories/31668 http://secunia.com/advisories/31670 http://secunia.com/advisories/31698 http://secunia.com/advisories/31838 http://secunia.com/advisories/31882 http://secunia.com/advisories/31982 http://secunia.com/advisories/32706 http://secunia.com/advisories/32756 http://sunsolve.sun.com/search/document.do?assetkey=1-26-265030-1 SuSE Security Announcement: SUSE-SR:2008:018 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html http://www.ubuntu.com/usn/usn-639-1 http://www.vupen.com/english/advisories/2008/2438 http://www.vupen.com/english/advisories/2008/2584 http://www.vupen.com/english/advisories/2008/2776 http://www.vupen.com/english/advisories/2008/2971 http://www.vupen.com/english/advisories/2008/3107 http://www.vupen.com/english/advisories/2008/3232 http://www.vupen.com/english/advisories/2009/2143
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.