Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2016-0361)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2016.0361

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2016-0361)

Resumen: The remote host is missing an update for the 'libtiff' package(s) announced via the MGASA-2016-0361 advisory.

Descripción: Summary:
The remote host is missing an update for the 'libtiff' package(s) announced via the MGASA-2016-0361 advisory.

Vulnerability Insight:
The TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in
the tiffset tool in LibTIFF 4.0.6 and earlier allows remote attackers to
cause a denial of service (out-of-bounds read) via vectors involving the
ma variable (CVE-2016-3658).

They also fix:

An out-of-bound read of up to 3 bytes in readContigTilesIntoBuffer().

An out-of-bound read on some tiled images.

Segfault when specifying -r without argument (fax2tiff).

Affected Software/OS:
'libtiff' package(s) on Mageia 5.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2014-8127
1032760
http://www.securitytracker.com/id/1032760
72323
http://www.securityfocus.com/bid/72323
DSA-3273
http://www.debian.org/security/2015/dsa-3273
GLSA-201701-16
https://security.gentoo.org/glsa/201701-16
RHSA-2016:1546
http://rhn.redhat.com/errata/RHSA-2016-1546.html
RHSA-2016:1547
http://rhn.redhat.com/errata/RHSA-2016-1547.html
[oss-security] 20150124 Multiple vulnerabilities in LibTIFF and associated tools
http://www.openwall.com/lists/oss-security/2015/01/24/15
http://bugzilla.maptools.org/show_bug.cgi?id=2484
http://bugzilla.maptools.org/show_bug.cgi?id=2485
http://bugzilla.maptools.org/show_bug.cgi?id=2486
http://bugzilla.maptools.org/show_bug.cgi?id=2496
http://bugzilla.maptools.org/show_bug.cgi?id=2497
http://bugzilla.maptools.org/show_bug.cgi?id=2500
http://www.conostix.com/pub/adv/CVE-2014-8127-LibTIFF-Out-of-bounds_Reads.txt
openSUSE-SU-2015:0450
http://lists.opensuse.org/opensuse-updates/2015-03/msg00022.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-3658
BugTraq ID: 93331
http://www.securityfocus.com/bid/93331
Debian Security Information: DSA-3844 (Google Search)
http://www.debian.org/security/2017/dsa-3844
http://bugzilla.maptools.org/show_bug.cgi?id=2546
http://www.openwall.com/lists/oss-security/2016/04/08/12

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2016.0361
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2016-0361)
Resumen:	The remote host is missing an update for the 'libtiff' package(s) announced via the MGASA-2016-0361 advisory.
Descripción:	Summary: The remote host is missing an update for the 'libtiff' package(s) announced via the MGASA-2016-0361 advisory. Vulnerability Insight: The TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors involving the ma variable (CVE-2016-3658). They also fix: An out-of-bound read of up to 3 bytes in readContigTilesIntoBuffer(). An out-of-bound read on some tiled images. Segfault when specifying -r without argument (fax2tiff). Affected Software/OS: 'libtiff' package(s) on Mageia 5. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-8127 1032760 http://www.securitytracker.com/id/1032760 72323 http://www.securityfocus.com/bid/72323 DSA-3273 http://www.debian.org/security/2015/dsa-3273 GLSA-201701-16 https://security.gentoo.org/glsa/201701-16 RHSA-2016:1546 http://rhn.redhat.com/errata/RHSA-2016-1546.html RHSA-2016:1547 http://rhn.redhat.com/errata/RHSA-2016-1547.html [oss-security] 20150124 Multiple vulnerabilities in LibTIFF and associated tools http://www.openwall.com/lists/oss-security/2015/01/24/15 http://bugzilla.maptools.org/show_bug.cgi?id=2484 http://bugzilla.maptools.org/show_bug.cgi?id=2485 http://bugzilla.maptools.org/show_bug.cgi?id=2486 http://bugzilla.maptools.org/show_bug.cgi?id=2496 http://bugzilla.maptools.org/show_bug.cgi?id=2497 http://bugzilla.maptools.org/show_bug.cgi?id=2500 http://www.conostix.com/pub/adv/CVE-2014-8127-LibTIFF-Out-of-bounds_Reads.txt openSUSE-SU-2015:0450 http://lists.opensuse.org/opensuse-updates/2015-03/msg00022.html Common Vulnerability Exposure (CVE) ID: CVE-2016-3658 BugTraq ID: 93331 http://www.securityfocus.com/bid/93331 Debian Security Information: DSA-3844 (Google Search) http://www.debian.org/security/2017/dsa-3844 http://bugzilla.maptools.org/show_bug.cgi?id=2546 http://www.openwall.com/lists/oss-security/2016/04/08/12
Copyright	Copyright (C) 2022 Greenbone AG