Test ID:	1.3.6.1.4.1.25623.1.0.61529
Category:	Mandrake Local Security Checks
Title:	Mandrake Security Advisory MDVSA-2008:184 (libtiff)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to libtiff announced via advisory MDVSA-2008:184. Drew Yaro of the Apple Product Security Team reported multiple uses of uninitialized values in libtiff's LZW compression algorithm decoder. An attacker could create a carefully crafted LZW-encoded TIFF file that would cause an application linked to libtiff to crash or potentially execute arbitrary code (CVE-2008-2327). The updated packages have been patched to prevent this issue. Affected: 2007.1, 2008.0, 2008.1, Corporate 3.0, Corporate 4.0, Multi Network Firewall 2.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2008:184 Risk factor : High CVSS Score: 6.8
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-2327 http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html BugTraq ID: 30832 http://www.securityfocus.com/bid/30832 Bugtraq: 20080905 rPSA-2008-0268-1 libtiff (Google Search) http://www.securityfocus.com/archive/1/496033/100/0/threaded Bugtraq: 20081031 VMSA-2008-0017 Updated ESX packages for libxml2, ucd-snmp, libtiff (Google Search) http://www.securityfocus.com/archive/1/497962/100/0/threaded Cert/CC Advisory: TA08-260A http://www.us-cert.gov/cas/techalerts/TA08-260A.html Debian Security Information: DSA-1632 (Google Search) http://www.debian.org/security/2008/dsa-1632 https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00102.html https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00121.html http://security.gentoo.org/glsa/glsa-200809-07.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:184 http://www.vmware.com/security/advisories/VMSA-2008-0017.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11489 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5514 http://www.redhat.com/support/errata/RHSA-2008-0847.html http://www.redhat.com/support/errata/RHSA-2008-0848.html http://www.redhat.com/support/errata/RHSA-2008-0863.html http://www.securitytracker.com/id?1020750 http://secunia.com/advisories/31610 http://secunia.com/advisories/31623 http://secunia.com/advisories/31668 http://secunia.com/advisories/31670 http://secunia.com/advisories/31698 http://secunia.com/advisories/31838 http://secunia.com/advisories/31882 http://secunia.com/advisories/31982 http://secunia.com/advisories/32706 http://secunia.com/advisories/32756 http://sunsolve.sun.com/search/document.do?assetkey=1-26-265030-1 SuSE Security Announcement: SUSE-SR:2008:018 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html http://www.ubuntu.com/usn/usn-639-1 http://www.vupen.com/english/advisories/2008/2438 http://www.vupen.com/english/advisories/2008/2584 http://www.vupen.com/english/advisories/2008/2776 http://www.vupen.com/english/advisories/2008/2971 http://www.vupen.com/english/advisories/2008/3107 http://www.vupen.com/english/advisories/2008/3232 http://www.vupen.com/english/advisories/2009/2143
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.