CentOS Local Security Checks : CentOS Update for libtiff CESA-2012:1054 centos5

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.881205

Categoría: CentOS Local Security Checks

Título: CentOS Update for libtiff CESA-2012:1054 centos5

Resumen: The remote host is missing an update for the 'libtiff'; package(s) announced via the referenced advisory.

Descripción: Summary:
The remote host is missing an update for the 'libtiff'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The libtiff packages contain a library of functions for manipulating Tagged
Image File Format (TIFF) files.

libtiff did not properly convert between signed and unsigned integer
values, leading to a buffer overflow. An attacker could use this flaw to
create a specially-crafted TIFF file that, when opened, would cause an
application linked against libtiff to crash or, possibly, execute arbitrary
code. (CVE-2012-2088)

Multiple integer overflow flaws, leading to heap-based buffer overflows,
were found in the tiff2pdf tool. An attacker could use these flaws to
create a specially-crafted TIFF file that would cause tiff2pdf to crash or,
possibly, execute arbitrary code. (CVE-2012-2113)

All libtiff users should upgrade to these updated packages, which contain
backported patches to resolve these issues. All running applications linked
against libtiff must be restarted for this update to take effect.

Affected Software/OS:
libtiff on CentOS 5

Solution:
Please install the updated packages.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2012-2088
49686
http://secunia.com/advisories/49686
50726
http://secunia.com/advisories/50726
54270
http://www.securityfocus.com/bid/54270
APPLE-SA-2013-03-14-1
http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html
GLSA-201209-02
http://security.gentoo.org/glsa/glsa-201209-02.xml
MDVSA-2012:101
http://www.mandriva.com/security/advisories?name=MDVSA-2012:101
RHSA-2012:1054
http://rhn.redhat.com/errata/RHSA-2012-1054.html
SUSE-SU-2012:0894
http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00010.html
http://support.apple.com/kb/HT6162
http://support.apple.com/kb/HT6163
https://bugzilla.redhat.com/show_bug.cgi?id=832864
openSUSE-SU-2012:0829
https://hermes.opensuse.org/messages/15083566
Common Vulnerability Exposure (CVE) ID: CVE-2012-2113
49493
http://secunia.com/advisories/49493
54076
http://www.securityfocus.com/bid/54076
DSA-2552
http://www.debian.org/security/2012/dsa-2552
http://www.remotesensing.org/libtiff/v4.0.2.html
https://bugzilla.redhat.com/show_bug.cgi?id=810551

Copyright Copyright (C) 2012 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.881205
Categoría:	CentOS Local Security Checks
Título:	CentOS Update for libtiff CESA-2012:1054 centos5
Resumen:	The remote host is missing an update for the 'libtiff'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'libtiff' package(s) announced via the referenced advisory. Vulnerability Insight: The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. libtiff did not properly convert between signed and unsigned integer values, leading to a buffer overflow. An attacker could use this flaw to create a specially-crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. (CVE-2012-2088) Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the tiff2pdf tool. An attacker could use these flaws to create a specially-crafted TIFF file that would cause tiff2pdf to crash or, possibly, execute arbitrary code. (CVE-2012-2113) All libtiff users should upgrade to these updated packages, which contain backported patches to resolve these issues. All running applications linked against libtiff must be restarted for this update to take effect. Affected Software/OS: libtiff on CentOS 5 Solution: Please install the updated packages. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-2088 49686 http://secunia.com/advisories/49686 50726 http://secunia.com/advisories/50726 54270 http://www.securityfocus.com/bid/54270 APPLE-SA-2013-03-14-1 http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html GLSA-201209-02 http://security.gentoo.org/glsa/glsa-201209-02.xml MDVSA-2012:101 http://www.mandriva.com/security/advisories?name=MDVSA-2012:101 RHSA-2012:1054 http://rhn.redhat.com/errata/RHSA-2012-1054.html SUSE-SU-2012:0894 http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00010.html http://support.apple.com/kb/HT6162 http://support.apple.com/kb/HT6163 https://bugzilla.redhat.com/show_bug.cgi?id=832864 openSUSE-SU-2012:0829 https://hermes.opensuse.org/messages/15083566 Common Vulnerability Exposure (CVE) ID: CVE-2012-2113 49493 http://secunia.com/advisories/49493 54076 http://www.securityfocus.com/bid/54076 DSA-2552 http://www.debian.org/security/2012/dsa-2552 http://www.remotesensing.org/libtiff/v4.0.2.html https://bugzilla.redhat.com/show_bug.cgi?id=810551
Copyright	Copyright (C) 2012 Greenbone AG