Test ID:	1.3.6.1.4.1.25623.1.0.61589
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-1632-1)
Summary:	The remote host is missing an update for the Debian 'tiff' package(s) announced via the DSA-1632-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'tiff' package(s) announced via the DSA-1632-1 advisory. Vulnerability Insight: Drew Yao discovered that libTIFF, a library for handling the Tagged Image File Format, is vulnerable to a programming error allowing malformed tiff files to lead to a crash or execution of arbitrary code. For the stable distribution (etch), this problem has been fixed in version 3.8.2-7+etch1. For the testing distribution (lenny), this problem has been fixed in version 3.8.2-10+lenny1. The unstable distribution (sid) will be fixed soon. We recommend that you upgrade your tiff package. Affected Software/OS: 'tiff' package(s) on Debian 4. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-2327 http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html BugTraq ID: 30832 http://www.securityfocus.com/bid/30832 Bugtraq: 20080905 rPSA-2008-0268-1 libtiff (Google Search) http://www.securityfocus.com/archive/1/496033/100/0/threaded Bugtraq: 20081031 VMSA-2008-0017 Updated ESX packages for libxml2, ucd-snmp, libtiff (Google Search) http://www.securityfocus.com/archive/1/497962/100/0/threaded Cert/CC Advisory: TA08-260A http://www.us-cert.gov/cas/techalerts/TA08-260A.html Debian Security Information: DSA-1632 (Google Search) http://www.debian.org/security/2008/dsa-1632 https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00102.html https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00121.html http://security.gentoo.org/glsa/glsa-200809-07.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:184 http://www.vmware.com/security/advisories/VMSA-2008-0017.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11489 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5514 http://www.redhat.com/support/errata/RHSA-2008-0847.html http://www.redhat.com/support/errata/RHSA-2008-0848.html http://www.redhat.com/support/errata/RHSA-2008-0863.html http://www.securitytracker.com/id?1020750 http://secunia.com/advisories/31610 http://secunia.com/advisories/31623 http://secunia.com/advisories/31668 http://secunia.com/advisories/31670 http://secunia.com/advisories/31698 http://secunia.com/advisories/31838 http://secunia.com/advisories/31882 http://secunia.com/advisories/31982 http://secunia.com/advisories/32706 http://secunia.com/advisories/32756 http://sunsolve.sun.com/search/document.do?assetkey=1-26-265030-1 SuSE Security Announcement: SUSE-SR:2008:018 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html http://www.ubuntu.com/usn/usn-639-1 http://www.vupen.com/english/advisories/2008/2438 http://www.vupen.com/english/advisories/2008/2584 http://www.vupen.com/english/advisories/2008/2776 http://www.vupen.com/english/advisories/2008/2971 http://www.vupen.com/english/advisories/2008/3107 http://www.vupen.com/english/advisories/2008/3232 http://www.vupen.com/english/advisories/2009/2143
Copyright	Copyright (C) 2008 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.