Test ID:	1.3.6.1.4.1.25623.1.0.120528
Category:	Amazon Linux Local Security Checks
Title:	Amazon Linux: Security Advisory (ALAS-2014-307)
Summary:	The remote host is missing an update announced via the referenced Security Advisory.
Description:	Summary: The remote host is missing an update announced via the referenced Security Advisory. Vulnerability Insight: A heap-based buffer overflow and a use-after-free flaw were found in the tiff2pdf tool. An attacker could use these flaws to create a specially crafted TIFF file that would cause tiff2pdf to crash or, possibly, execute arbitrary code. (CVE-2013-1960, CVE-2013-4232 )Multiple buffer overflow flaws were found in the gif2tiff tool. An attacker could use these flaws to create a specially crafted GIF file that could cause gif2tiff to crash or, possibly, execute arbitrary code. (CVE-2013-4231, CVE-2013-4243, CVE-2013-4244 )A flaw was found in the way libtiff handled OJPEG-encoded TIFF images. An attacker could use this flaw to create a specially crafted TIFF file that would cause an application using libtiff to crash. (CVE-2010-2596 )Multiple buffer overflow flaws were found in the tiff2pdf tool. An attacker could use these flaws to create a specially crafted TIFF file that would cause tiff2pdf to crash. (CVE-2013-1961 ) Solution: Run yum update libtiff to update your system. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-2596 http://security.gentoo.org/glsa/glsa-201209-02.xml http://marc.info/?l=oss-security&m=127731610612908&w=2 http://secunia.com/advisories/40422 http://secunia.com/advisories/50726 Common Vulnerability Exposure (CVE) ID: CVE-2013-4244 RedHat Security Advisories: RHSA-2014:0223 http://rhn.redhat.com/errata/RHSA-2014-0223.html Common Vulnerability Exposure (CVE) ID: CVE-2013-4232 Debian Security Information: DSA-2744 (Google Search) http://www.debian.org/security/2013/dsa-2744 http://www.openwall.com/lists/oss-security/2013/08/10/2 http://www.asmail.be/msg0055359936.html http://secunia.com/advisories/54543 http://secunia.com/advisories/54628 Common Vulnerability Exposure (CVE) ID: CVE-2013-1960 BugTraq ID: 59609 http://www.securityfocus.com/bid/59609 Debian Security Information: DSA-2698 (Google Search) http://www.debian.org/security/2013/dsa-2698 http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104916.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105828.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105253.html http://seclists.org/oss-sec/2013/q2/254 http://secunia.com/advisories/53237 http://secunia.com/advisories/53765 SuSE Security Announcement: openSUSE-SU-2013:0922 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-06/msg00058.html SuSE Security Announcement: openSUSE-SU-2013:0944 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-06/msg00080.html Common Vulnerability Exposure (CVE) ID: CVE-2013-4231 BugTraq ID: 61695 http://www.securityfocus.com/bid/61695 Common Vulnerability Exposure (CVE) ID: CVE-2013-1961 BugTraq ID: 59607 http://www.securityfocus.com/bid/59607 Common Vulnerability Exposure (CVE) ID: CVE-2013-4243 BugTraq ID: 62082 http://www.securityfocus.com/bid/62082 https://security.gentoo.org/glsa/201701-16
Copyright	Copyright (C) 2015 Eero Volotinen

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.