Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.59361
Category:Fedora Local Security Checks
Title:Fedora Core 4 FEDORA-2006-878 (libtiff)
Summary:NOSUMMARY
Description:Description:

The remote host is missing an update to libtiff
announced via advisory FEDORA-2006-878.

The libtiff package contains a library of functions for manipulating
TIFF (Tagged Image File Format) image format files. TIFF is a widely
used file format for bitmapped images. TIFF files usually end in the
.tif extension and they are often quite large.

The libtiff package should be installed if you need to manipulate TIFF
format image files.

Update Information:

The libtiff package contains a library of functions for
manipulating TIFF (Tagged Image File Format) files.

Tavis Ormandy of Google discovered a number of flaws in
libtiff during a security audit. An attacker could create a
carefully crafted TIFF file in such a way that it was
possible to cause an application linked with libtiff to
crash or possibly execute arbitrary code. (CVE-2006-3459,
CVE-2006-3460, CVE-2006-3461, CVE-2006-3462, CVE-2006-3463,
CVE-2006-3464, CVE-2006-3465)

All users are advised to upgrade to these updated packages,
which contain backported fixes for these issues.
* Tue Aug 1 2006 Matthias Clasen
- Fix several vulnerabilities (CVE-2006-3460 CVE-2006-3461
CVE-2006-3462 CVE-2006-3463 CVE-2006-3464 CVE-2006-3465)

Solution: Apply the appropriate updates.

This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/


This update can be installed with the 'yum' update program. Use 'yum update
package-name' at the command line. For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.


http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2006-878

Risk factor : High

CVSS Score:
7.8

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2006-3459
http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html
BugTraq ID: 19283
http://www.securityfocus.com/bid/19283
BugTraq ID: 19289
http://www.securityfocus.com/bid/19289
Cert/CC Advisory: TA06-214A
http://www.us-cert.gov/cas/techalerts/TA06-214A.html
Debian Security Information: DSA-1137 (Google Search)
http://www.debian.org/security/2006/dsa-1137
http://www.gentoo.org/security/en/glsa/glsa-200608-07.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:136
http://www.mandriva.com/security/advisories?name=MDKSA-2006:137
http://secunia.com/blog/76
http://www.osvdb.org/27723
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11497
http://www.redhat.com/support/errata/RHSA-2006-0603.html
http://www.redhat.com/support/errata/RHSA-2006-0648.html
http://securitytracker.com/id?1016628
http://securitytracker.com/id?1016671
http://secunia.com/advisories/21253
http://secunia.com/advisories/21274
http://secunia.com/advisories/21290
http://secunia.com/advisories/21304
http://secunia.com/advisories/21319
http://secunia.com/advisories/21334
http://secunia.com/advisories/21338
http://secunia.com/advisories/21346
http://secunia.com/advisories/21370
http://secunia.com/advisories/21392
http://secunia.com/advisories/21501
http://secunia.com/advisories/21537
http://secunia.com/advisories/21598
http://secunia.com/advisories/21632
http://secunia.com/advisories/22036
http://secunia.com/advisories/27181
http://secunia.com/advisories/27222
http://secunia.com/advisories/27832
SGI Security Advisory: 20060801-01-P
ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P
SGI Security Advisory: 20060901-01-P
ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.536600
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1
SuSE Security Announcement: SUSE-SA:2006:044 (Google Search)
http://www.novell.com/linux/security/advisories/2006_44_libtiff.html
http://lwn.net/Alerts/194228/
http://www.ubuntu.com/usn/usn-330-1
http://www.vupen.com/english/advisories/2006/3101
http://www.vupen.com/english/advisories/2006/3105
http://www.vupen.com/english/advisories/2007/3486
http://www.vupen.com/english/advisories/2007/4034
Common Vulnerability Exposure (CVE) ID: CVE-2006-3460
BugTraq ID: 19288
http://www.securityfocus.com/bid/19288
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11265
Common Vulnerability Exposure (CVE) ID: CVE-2006-3461
BugTraq ID: 19290
http://www.securityfocus.com/bid/19290
http://www.osvdb.org/27725
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9910
Common Vulnerability Exposure (CVE) ID: CVE-2006-3462
BugTraq ID: 19282
http://www.securityfocus.com/bid/19282
http://docs.info.apple.com/article.html?artnum=304063
http://www.osvdb.org/27726
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11301
Common Vulnerability Exposure (CVE) ID: CVE-2006-3463
BugTraq ID: 19284
http://www.securityfocus.com/bid/19284
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10639
Common Vulnerability Exposure (CVE) ID: CVE-2006-3464
BugTraq ID: 19286
http://www.securityfocus.com/bid/19286
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10916
Common Vulnerability Exposure (CVE) ID: CVE-2006-3465
BugTraq ID: 19287
http://www.securityfocus.com/bid/19287
http://www.osvdb.org/27729
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9067
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2022 E-Soft Inc. All rights reserved.