ID de Prueba:	1.3.6.1.4.1.25623.1.0.881365
Categoría:	CentOS Local Security Checks
Título:	CentOS Update for libtiff CESA-2011:0392 centos5 x86_64
Resumen:	The remote host is missing an update for the 'libtiff'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'libtiff' package(s) announced via the referenced advisory. Vulnerability Insight: The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. A heap-based buffer overflow flaw was found in the way libtiff processed certain TIFF files encoded with a 4-bit run-length encoding scheme from ThunderScan. An attacker could use this flaw to create a specially-crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. (CVE-2011-1167) This update also fixes the following bug: * The RHSA-2011:0318 libtiff update introduced a regression that prevented certain TIFF Internet Fax image files, compressed with the CCITT Group 4 compression algorithm, from being read. (BZ#688825) All libtiff users should upgrade to these updated packages, which contain a backported patch to resolve these issues. All running applications linked against libtiff must be restarted for this update to take effect. Affected Software/OS: libtiff on CentOS 5 Solution: Please install the updated packages. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1167 1025257 http://www.securitytracker.com/id?1025257 20110321 ZDI-11-107: Libtiff ThunderCode Decoder THUNDER_2BITDELTAS Remote Code Execution Vulnerability http://www.securityfocus.com/archive/1/517101/100/0/threaded 43900 http://secunia.com/advisories/43900 43934 http://secunia.com/advisories/43934 43974 http://secunia.com/advisories/43974 44117 http://secunia.com/advisories/44117 44135 http://secunia.com/advisories/44135 46951 http://www.securityfocus.com/bid/46951 50726 http://secunia.com/advisories/50726 71256 http://www.osvdb.org/71256 8165 http://securityreason.com/securityalert/8165 ADV-2011-0795 http://www.vupen.com/english/advisories/2011/0795 ADV-2011-0845 http://www.vupen.com/english/advisories/2011/0845 ADV-2011-0859 http://www.vupen.com/english/advisories/2011/0859 ADV-2011-0860 http://www.vupen.com/english/advisories/2011/0860 ADV-2011-0905 http://www.vupen.com/english/advisories/2011/0905 ADV-2011-0930 http://www.vupen.com/english/advisories/2011/0930 ADV-2011-0960 http://www.vupen.com/english/advisories/2011/0960 APPLE-SA-2012-02-01-1 http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html APPLE-SA-2012-05-09-1 http://lists.apple.com/archives/security-announce/2012/May/msg00001.html APPLE-SA-2012-09-19-1 http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html DSA-2210 http://www.debian.org/security/2011/dsa-2210 FEDORA-2011-3827 http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057840.html FEDORA-2011-3836 http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057763.html GLSA-201209-02 http://security.gentoo.org/glsa/glsa-201209-02.xml MDVSA-2011:064 http://www.mandriva.com/security/advisories?name=MDVSA-2011:064 RHSA-2011:0392 http://www.redhat.com/support/errata/RHSA-2011-0392.html SSA:2011-098-01 http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.587820 SUSE-SR:2011:009 http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html USN-1102-1 http://ubuntu.com/usn/usn-1102-1 http://blackberry.com/btsc/KB27244 http://bugzilla.maptools.org/show_bug.cgi?id=2300 http://support.apple.com/kb/HT5130 http://support.apple.com/kb/HT5281 http://support.apple.com/kb/HT5503 http://www.zerodayinitiative.com/advisories/ZDI-11-107 https://bugzilla.redhat.com/show_bug.cgi?id=684939 libtiff-thundercode-decoder-bo(66247) https://exchange.xforce.ibmcloud.com/vulnerabilities/66247 Common Vulnerability Exposure (CVE) ID: CVE-2011-0192 http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html http://lists.apple.com/archives/security-announce/2011//Mar/msg00005.html http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html BugTraq ID: 46658 http://www.securityfocus.com/bid/46658 Debian Security Information: DSA-2210 (Google Search) http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055683.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055240.html http://www.mandriva.com/security/advisories?name=MDVSA-2011:043 http://www.redhat.com/support/errata/RHSA-2011-0318.html http://www.securitytracker.com/id?1025153 http://secunia.com/advisories/43585 http://secunia.com/advisories/43593 http://secunia.com/advisories/43664 SuSE Security Announcement: SUSE-SR:2011:005 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html SuSE Security Announcement: SUSE-SR:2011:009 (Google Search) http://www.vupen.com/english/advisories/2011/0551 http://www.vupen.com/english/advisories/2011/0599 http://www.vupen.com/english/advisories/2011/0621
Copyright	Copyright (C) 2012 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.