Test ID:	1.3.6.1.4.1.25623.1.0.56923
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-1091-1)
Summary:	The remote host is missing an update for the Debian 'tiff' package(s) announced via the DSA-1091-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'tiff' package(s) announced via the DSA-1091-1 advisory. Vulnerability Insight: Several problems have been discovered in the TIFF library. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2006-2193 SuSE discovered a buffer overflow in the conversion of TIFF files into PDF documents which could be exploited when tiff2pdf is used e.g. in a printer filter. CVE-2006-2656 The tiffsplit command from the TIFF library contains a buffer overflow in the commandline handling which could be exploited when the program is executed automatically on unknown filenames. For the old stable distribution (woody) this problem has been fixed in version 3.5.5-7woody2. For the stable distribution (sarge) this problem has been fixed in version 3.7.2-5. For the unstable distribution (sid) this problem has been fixed in version 3.8.2-4. We recommend that you upgrade your tiff packages. Affected Software/OS: 'tiff' package(s) on Debian 3.0, Debian 3.1. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2006-2193 BugTraq ID: 18331 http://www.securityfocus.com/bid/18331 Debian Security Information: DSA-1091 (Google Search) http://www.debian.org/security/2006/dsa-1091 http://security.gentoo.org/glsa/glsa-200607-03.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:102 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9788 http://www.redhat.com/support/errata/RHSA-2008-0848.html http://secunia.com/advisories/20488 http://secunia.com/advisories/20501 http://secunia.com/advisories/20520 http://secunia.com/advisories/20693 http://secunia.com/advisories/20766 http://secunia.com/advisories/21002 http://secunia.com/advisories/27181 http://secunia.com/advisories/27222 http://secunia.com/advisories/27832 http://secunia.com/advisories/31670 http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1 SuSE Security Announcement: SUSE-SR:2006:014 (Google Search) http://lists.suse.com/archive/suse-security-announce/2006-Jun/0008.html https://usn.ubuntu.com/289-1/ http://www.vupen.com/english/advisories/2006/2197 http://www.vupen.com/english/advisories/2007/3486 http://www.vupen.com/english/advisories/2007/4034 XForce ISS Database: libtiff-tiff2pdf-bo(26991) https://exchange.xforce.ibmcloud.com/vulnerabilities/26991 Common Vulnerability Exposure (CVE) ID: CVE-2006-2656 20060524 tiffsplit (libtiff <= 3.8.2) bss & stack buffer overflow... http://marc.info/?l=vuln-dev&m=114857412916909&w=2 20501 20520 20766 21002 DSA-1091 FEDORA-2006-591 https://www.redhat.com/archives/fedora-package-announce/2006-May/msg00127.html GLSA-200607-03 MDKSA-2006:095 http://www.mandriva.com/security/advisories?name=MDKSA-2006:095 SUSE-SR:2006:014 USN-289-1
Copyright	Copyright (C) 2008 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.