Test ID:	1.3.6.1.4.1.25623.1.0.59360
Category:	Fedora Local Security Checks
Title:	Fedora Core 5 FEDORA-2006-877 (libtiff)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to libtiff announced via advisory FEDORA-2006-877. The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. The libtiff package should be installed if you need to manipulate TIFF format image files. Update Information: The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) files. Tavis Ormandy of Google discovered a number of flaws in libtiff during a security audit. An attacker could create a carefully crafted TIFF file in such a way that it was possible to cause an application linked with libtiff to crash or possibly execute arbitrary code. (CVE-2006-3459, CVE-2006-3460, CVE-2006-3461, CVE-2006-3462, CVE-2006-3463, CVE-2006-3464, CVE-2006-3465) All users are advised to upgrade to these updated packages, which contain backported fixes for these issues. * Mon Jul 24 2006 Matthias Clasen - Fix several vulnerabilities (CVE-2006-3460 CVE-2006-3461 CVE-2006-3462 CVE-2006-3463 CVE-2006-3464 CVE-2006-3465) Solution: Apply the appropriate updates. This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/ This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at http://fedora.redhat.com/docs/yum/. http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2006-877 Risk factor : High CVSS Score: 7.8
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2006-3459 http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html BugTraq ID: 19283 http://www.securityfocus.com/bid/19283 BugTraq ID: 19289 http://www.securityfocus.com/bid/19289 Cert/CC Advisory: TA06-214A http://www.us-cert.gov/cas/techalerts/TA06-214A.html Debian Security Information: DSA-1137 (Google Search) http://www.debian.org/security/2006/dsa-1137 http://www.gentoo.org/security/en/glsa/glsa-200608-07.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:136 http://www.mandriva.com/security/advisories?name=MDKSA-2006:137 http://secunia.com/blog/76 http://www.osvdb.org/27723 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11497 http://www.redhat.com/support/errata/RHSA-2006-0603.html http://www.redhat.com/support/errata/RHSA-2006-0648.html http://securitytracker.com/id?1016628 http://securitytracker.com/id?1016671 http://secunia.com/advisories/21253 http://secunia.com/advisories/21274 http://secunia.com/advisories/21290 http://secunia.com/advisories/21304 http://secunia.com/advisories/21319 http://secunia.com/advisories/21334 http://secunia.com/advisories/21338 http://secunia.com/advisories/21346 http://secunia.com/advisories/21370 http://secunia.com/advisories/21392 http://secunia.com/advisories/21501 http://secunia.com/advisories/21537 http://secunia.com/advisories/21598 http://secunia.com/advisories/21632 http://secunia.com/advisories/22036 http://secunia.com/advisories/27181 http://secunia.com/advisories/27222 http://secunia.com/advisories/27832 SGI Security Advisory: 20060801-01-P ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P SGI Security Advisory: 20060901-01-P ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.536600 http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1 SuSE Security Announcement: SUSE-SA:2006:044 (Google Search) http://www.novell.com/linux/security/advisories/2006_44_libtiff.html http://lwn.net/Alerts/194228/ http://www.ubuntu.com/usn/usn-330-1 http://www.vupen.com/english/advisories/2006/3101 http://www.vupen.com/english/advisories/2006/3105 http://www.vupen.com/english/advisories/2007/3486 http://www.vupen.com/english/advisories/2007/4034 Common Vulnerability Exposure (CVE) ID: CVE-2006-3460 BugTraq ID: 19288 http://www.securityfocus.com/bid/19288 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11265 Common Vulnerability Exposure (CVE) ID: CVE-2006-3461 BugTraq ID: 19290 http://www.securityfocus.com/bid/19290 http://www.osvdb.org/27725 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9910 Common Vulnerability Exposure (CVE) ID: CVE-2006-3462 BugTraq ID: 19282 http://www.securityfocus.com/bid/19282 http://docs.info.apple.com/article.html?artnum=304063 http://www.osvdb.org/27726 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11301 Common Vulnerability Exposure (CVE) ID: CVE-2006-3463 BugTraq ID: 19284 http://www.securityfocus.com/bid/19284 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10639 Common Vulnerability Exposure (CVE) ID: CVE-2006-3464 BugTraq ID: 19286 http://www.securityfocus.com/bid/19286 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10916 Common Vulnerability Exposure (CVE) ID: CVE-2006-3465 BugTraq ID: 19287 http://www.securityfocus.com/bid/19287 http://www.osvdb.org/27729 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9067
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.