Test ID:	1.3.6.1.4.1.25623.1.0.57217
Category:	Ubuntu Local Security Checks
Title:	Ubuntu USN-330-1 (tiff)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to tiff announced via advisory USN-330-1. A security issue affects the following Ubuntu releases: Ubuntu 5.04 Ubuntu 5.10 Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. Tavis Ormandy discovered that the TIFF library did not sufficiently check handled images for validity. By tricking an user or an automated system into processing a specially crafted TIFF image, an attacker could exploit these weaknesses to execute arbitrary code with the target application's privileges. This library is used in many client and server applications, thus you should reboot your computer after the upgrade to ensure that all running programs use the new version of the library. Solution: The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.04: libtiff4 3.6.1-5ubuntu0.6 Ubuntu 5.10: libtiff4 3.7.3-1ubuntu1.5 Ubuntu 6.06 LTS: libtiff4 3.7.4-1ubuntu3.2 After a standard system upgrade you need to reboot your computer to effect the necessary changes. http://www.securityspace.com/smysecure/catid.html?in=USN-330-1 Risk factor : High CVSS Score: 7.8
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2006-3459 http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html BugTraq ID: 19283 http://www.securityfocus.com/bid/19283 BugTraq ID: 19289 http://www.securityfocus.com/bid/19289 Cert/CC Advisory: TA06-214A http://www.us-cert.gov/cas/techalerts/TA06-214A.html Debian Security Information: DSA-1137 (Google Search) http://www.debian.org/security/2006/dsa-1137 http://www.gentoo.org/security/en/glsa/glsa-200608-07.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:136 http://www.mandriva.com/security/advisories?name=MDKSA-2006:137 http://secunia.com/blog/76 http://www.osvdb.org/27723 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11497 http://www.redhat.com/support/errata/RHSA-2006-0603.html http://www.redhat.com/support/errata/RHSA-2006-0648.html http://securitytracker.com/id?1016628 http://securitytracker.com/id?1016671 http://secunia.com/advisories/21253 http://secunia.com/advisories/21274 http://secunia.com/advisories/21290 http://secunia.com/advisories/21304 http://secunia.com/advisories/21319 http://secunia.com/advisories/21334 http://secunia.com/advisories/21338 http://secunia.com/advisories/21346 http://secunia.com/advisories/21370 http://secunia.com/advisories/21392 http://secunia.com/advisories/21501 http://secunia.com/advisories/21537 http://secunia.com/advisories/21598 http://secunia.com/advisories/21632 http://secunia.com/advisories/22036 http://secunia.com/advisories/27181 http://secunia.com/advisories/27222 http://secunia.com/advisories/27832 SGI Security Advisory: 20060801-01-P ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P SGI Security Advisory: 20060901-01-P ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.536600 http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1 SuSE Security Announcement: SUSE-SA:2006:044 (Google Search) http://www.novell.com/linux/security/advisories/2006_44_libtiff.html http://lwn.net/Alerts/194228/ http://www.ubuntu.com/usn/usn-330-1 http://www.vupen.com/english/advisories/2006/3101 http://www.vupen.com/english/advisories/2006/3105 http://www.vupen.com/english/advisories/2007/3486 http://www.vupen.com/english/advisories/2007/4034 Common Vulnerability Exposure (CVE) ID: CVE-2006-3460 BugTraq ID: 19288 http://www.securityfocus.com/bid/19288 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11265 Common Vulnerability Exposure (CVE) ID: CVE-2006-3461 BugTraq ID: 19290 http://www.securityfocus.com/bid/19290 http://www.osvdb.org/27725 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9910 Common Vulnerability Exposure (CVE) ID: CVE-2006-3462 BugTraq ID: 19282 http://www.securityfocus.com/bid/19282 http://docs.info.apple.com/article.html?artnum=304063 http://www.osvdb.org/27726 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11301 Common Vulnerability Exposure (CVE) ID: CVE-2006-3463 BugTraq ID: 19284 http://www.securityfocus.com/bid/19284 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10639 Common Vulnerability Exposure (CVE) ID: CVE-2006-3464 BugTraq ID: 19286 http://www.securityfocus.com/bid/19286 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10916 Common Vulnerability Exposure (CVE) ID: CVE-2006-3465 BugTraq ID: 19287 http://www.securityfocus.com/bid/19287 http://www.osvdb.org/27729 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9067
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.