Red Hat Local Security Checks : RedHat Security Advisory RHSA-2006:0648

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.57277
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2006:0648
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory RHSA-2006:0648. The kdegraphics package contains graphics applications for the K Desktop Environment. Tavis Ormandy of Google discovered a number of flaws in libtiff during a security audit. The kfax application contains a copy of the libtiff code used for parsing TIFF files and is therefore affected by these flaws. An attacker who has the ability to trick a user into opening a malicious TIFF file could cause kfax to crash or possibly execute arbitrary code. (CVE-2006-3459, CVE-2006-3460, CVE-2006-3461, CVE-2006-3462, CVE-2006-3463, CVE-2006-3464, CVE-2006-3465) Red Hat Enterprise Linux 4 is not vulnerable to these issues as kfax uses the shared libtiff library which has been fixed in a previous update. Users of kfax should upgrade to these updated packages, which contain backported patches and are not vulnerable to this issue. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2006-0648.html http://www.redhat.com/security/updates/classification/#moderate Risk factor : High CVSS Score: 7.8
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2006-3459 http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html BugTraq ID: 19283 http://www.securityfocus.com/bid/19283 BugTraq ID: 19289 http://www.securityfocus.com/bid/19289 Cert/CC Advisory: TA06-214A http://www.us-cert.gov/cas/techalerts/TA06-214A.html Debian Security Information: DSA-1137 (Google Search) http://www.debian.org/security/2006/dsa-1137 http://www.gentoo.org/security/en/glsa/glsa-200608-07.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:136 http://www.mandriva.com/security/advisories?name=MDKSA-2006:137 http://secunia.com/blog/76 http://www.osvdb.org/27723 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11497 http://www.redhat.com/support/errata/RHSA-2006-0603.html http://www.redhat.com/support/errata/RHSA-2006-0648.html http://securitytracker.com/id?1016628 http://securitytracker.com/id?1016671 http://secunia.com/advisories/21253 http://secunia.com/advisories/21274 http://secunia.com/advisories/21290 http://secunia.com/advisories/21304 http://secunia.com/advisories/21319 http://secunia.com/advisories/21334 http://secunia.com/advisories/21338 http://secunia.com/advisories/21346 http://secunia.com/advisories/21370 http://secunia.com/advisories/21392 http://secunia.com/advisories/21501 http://secunia.com/advisories/21537 http://secunia.com/advisories/21598 http://secunia.com/advisories/21632 http://secunia.com/advisories/22036 http://secunia.com/advisories/27181 http://secunia.com/advisories/27222 http://secunia.com/advisories/27832 SGI Security Advisory: 20060801-01-P ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P SGI Security Advisory: 20060901-01-P ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.536600 http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1 SuSE Security Announcement: SUSE-SA:2006:044 (Google Search) http://www.novell.com/linux/security/advisories/2006_44_libtiff.html http://lwn.net/Alerts/194228/ http://www.ubuntu.com/usn/usn-330-1 http://www.vupen.com/english/advisories/2006/3101 http://www.vupen.com/english/advisories/2006/3105 http://www.vupen.com/english/advisories/2007/3486 http://www.vupen.com/english/advisories/2007/4034 Common Vulnerability Exposure (CVE) ID: CVE-2006-3460 BugTraq ID: 19288 http://www.securityfocus.com/bid/19288 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11265 Common Vulnerability Exposure (CVE) ID: CVE-2006-3461 BugTraq ID: 19290 http://www.securityfocus.com/bid/19290 http://www.osvdb.org/27725 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9910 Common Vulnerability Exposure (CVE) ID: CVE-2006-3462 BugTraq ID: 19282 http://www.securityfocus.com/bid/19282 http://docs.info.apple.com/article.html?artnum=304063 http://www.osvdb.org/27726 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11301 Common Vulnerability Exposure (CVE) ID: CVE-2006-3463 BugTraq ID: 19284 http://www.securityfocus.com/bid/19284 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10639 Common Vulnerability Exposure (CVE) ID: CVE-2006-3464 BugTraq ID: 19286 http://www.securityfocus.com/bid/19286 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10916 Common Vulnerability Exposure (CVE) ID: CVE-2006-3465 BugTraq ID: 19287 http://www.securityfocus.com/bid/19287 http://www.osvdb.org/27729 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9067
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com