| Description: | Description:
The remote host is missing updates announced in
advisory RHSA-2005:021.
The kdegraphics package contains graphics applications for the K Desktop
Environment.
During a source code audit, Chris Evans discovered a number of integer
overflow bugs that affect libtiff. The kfax application contains a copy of
the libtiff code used for parsing TIFF files and is therefore affected by
these bugs. An attacker who has the ability to trick a user into opening a
malicious TIFF file could cause kfax to crash or possibly execute arbitrary
code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the names CVE-2004-0886 and CVE-2004-0804 to these issues.
Additionally, a number of buffer overflow bugs that affect libtiff have
been found. The kfax application contains a copy of the libtiff code used
for parsing TIFF files and is therefore affected by these bugs. An attacker
who has the ability to trick a user into opening a malicious TIFF file
could cause kfax to crash or possibly execute arbitrary code. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CVE-2004-0803 to this issue.
Users of kfax should upgrade to these updated packages, which contain
backported patches and are not vulnerable to this issue.
Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date
http://rhn.redhat.com/errata/RHSA-2005-021.html
Risk factor : High
CVSS Score:
7.5
|
