ID de Prueba:	1.3.6.1.4.1.25623.1.0.69143
Categoría:	Ubuntu Local Security Checks
Título:	Ubuntu USN-1085-1 (tiff)
Resumen:	Ubuntu USN-1085-1 (tiff)
Descripción:	The remote host is missing an update to tiff announced via advisory USN-1085-1. Details follow: Sauli Pahlman discovered that the TIFF library incorrectly handled invalid td_stripbytecount fields. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service. This issue only affected Ubuntu 10.04 LTS and 10.10. (CVE-2010-2482) Sauli Pahlman discovered that the TIFF library incorrectly handled TIFF files with an invalid combination of SamplesPerPixel and Photometric values. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service. This issue only affected Ubuntu 10.10. (CVE-2010-2482) Nicolae Ghimbovschi discovered that the TIFF library incorrectly handled invalid ReferenceBlackWhite values. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service. (CVE-2010-2595) Sauli Pahlman discovered that the TIFF library incorrectly handled certain default fields. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service. (CVE-2010-2597, CVE-2010-2598) It was discovered that the TIFF library incorrectly validated certain data types. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service. (CVE-2010-2630) It was discovered that the TIFF library incorrectly handled downsampled JPEG data. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could execute arbitrary code with user privileges, or crash the application, leading to a denial of service. This issue only affected Ubuntu 10.04 LTS and 10.10. (CVE-2010-3087) It was discovered that the TIFF library incorrectly handled certain JPEG data. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could execute arbitrary code with user privileges, or crash the application, leading to a denial of service. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS and 9.10. (CVE-2011-0191) It was discovered that the TIFF library incorrectly handled certain TIFF FAX images. If a user or automated system were tricked into opening a specially crafted TIFF FAX image, a remote attacker could execute arbitrary code with user privileges, or crash the application, leading to a denial of service. (CVE-2011-0191) Solution: The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libtiff4 3.7.4-1ubuntu3.9 Ubuntu 8.04 LTS: libtiff4 3.8.2-7ubuntu3.7 Ubuntu 9.10: libtiff4 3.8.2-13ubuntu0.4 Ubuntu 10.04 LTS: libtiff4 3.9.2-2ubuntu0.4 Ubuntu 10.10: libtiff4 3.9.4-2ubuntu0.1 After a standard system update you need to restart your session to make all the necessary changes. http://www.securityspace.com/smysecure/catid.html?in=USN-1085-1 Risk factor : Critical
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-2482 http://marc.info/?l=oss-security&m=127738540902757&w=2 http://marc.info/?l=oss-security&m=127736307002102&w=2 http://www.openwall.com/lists/oss-security/2010/06/30/22 http://marc.info/?l=oss-security&m=127797353202873&w=2 Debian Security Information: DSA-2552 (Google Search) http://www.debian.org/security/2012/dsa-2552 http://secunia.com/advisories/40422 Common Vulnerability Exposure (CVE) ID: CVE-2010-2483 http://marc.info/?l=oss-security&m=127731610612908&w=2 http://marc.info/?l=oss-security&m=127781315415896&w=2 http://www.redhat.com/support/errata/RHSA-2010-0519.html http://secunia.com/advisories/40527 http://www.vupen.com/english/advisories/2010/1761 Common Vulnerability Exposure (CVE) ID: CVE-2010-2595 Common Vulnerability Exposure (CVE) ID: CVE-2010-2597 Common Vulnerability Exposure (CVE) ID: CVE-2010-2598 http://www.redhat.com/support/errata/RHSA-2010-0520.html http://secunia.com/advisories/40536 Common Vulnerability Exposure (CVE) ID: CVE-2010-2630 Common Vulnerability Exposure (CVE) ID: CVE-2010-3087 SuSE Security Announcement: SUSE-SR:2010:017 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html Common Vulnerability Exposure (CVE) ID: CVE-2011-0191 http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html http://lists.apple.com/archives/security-announce/2011//Mar/msg00005.html http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html Debian Security Information: DSA-2210 (Google Search) http://www.debian.org/security/2011/dsa-2210 http://www.mandriva.com/security/advisories?name=MDVSA-2011:064 BugTraq ID: 46657 http://www.securityfocus.com/bid/46657 http://secunia.com/advisories/43934 http://www.vupen.com/english/advisories/2011/0845 http://www.vupen.com/english/advisories/2011/0859 Common Vulnerability Exposure (CVE) ID: CVE-2011-0192 http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055683.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055240.html http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057840.html http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057763.html http://www.mandriva.com/security/advisories?name=MDVSA-2011:043 http://www.redhat.com/support/errata/RHSA-2011-0318.html http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.587820 BugTraq ID: 46658 http://www.securityfocus.com/bid/46658 http://www.securitytracker.com/id?1025153 http://secunia.com/advisories/43585 http://secunia.com/advisories/43593 http://secunia.com/advisories/43664 http://secunia.com/advisories/44117 http://secunia.com/advisories/44135 http://www.vupen.com/english/advisories/2011/0621 http://www.vupen.com/english/advisories/2011/0551 http://www.vupen.com/english/advisories/2011/0599 http://www.vupen.com/english/advisories/2011/0905 http://www.vupen.com/english/advisories/2011/0930 http://www.vupen.com/english/advisories/2011/0960
Copyright	Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 32582 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

Registro de Nuevo Usuario Email: Usuario: Contraseña: Envíeme por email sus boletines mensuales, informándome los últimos servicios, mejoras y encuestas. Por favor envíeme por email un anuncio de prueba de vulnerabilidades siempre que se agregue una nueva prueba.     Privacidad

Ingreso de Usuario Registrado   Usuario:     Contraseña:     ¿Olvidó su usuario o contraseña?? Email/ID de Usario: