Test ID:	1.3.6.1.4.1.25623.1.0.64406
Category:	Fedora Local Security Checks
Title:	Fedora Core 10 FEDORA-2009-7724 (libtiff)
Summary:	The remote host is missing an update to libtiff;announced via advisory FEDORA-2009-7724.;Note: This VT has been deprecated and is therefore no longer functional.
Description:	Summary: The remote host is missing an update to libtiff announced via advisory FEDORA-2009-7724. Note: This VT has been deprecated and is therefore no longer functional. Vulnerability Insight: Update Information: CVE-2009-2347 libtiff: integer overflows in various inter-color spaces conversion tools (crash, ACE) Not the same as last week's libtiff security issue ... ChangeLog: * Mon Jul 13 2009 Tom Lane 3.8.2-14 - Fix buffer overrun risks caused by unchecked integer overflow (CVE-2009-2347) Related: #510041 * Wed Jul 1 2009 Tom Lane 3.8.2-13 - Fix some more LZW decoding vulnerabilities (CVE-2009-2285) Related: #507465 - Update upstream URL Solution: Apply the appropriate updates. This update can be installed with the yum update program. Use su -c 'yum update libtiff' at the command line. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-2347 BugTraq ID: 35652 http://www.securityfocus.com/bid/35652 Bugtraq: 20090713 [oCERT-2009-012] libtiff tools integer overflows (Google Search) http://www.securityfocus.com/archive/1/504892/100/0/threaded Debian Security Information: DSA-1835 (Google Search) http://www.debian.org/security/2009/dsa-1835 https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00663.html https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00724.html http://security.gentoo.org/glsa/glsa-200908-03.xml http://security.gentoo.org/glsa/glsa-201209-02.xml http://www.mandriva.com/security/advisories?name=MDVSA-2009:150 http://www.mandriva.com/security/advisories?name=MDVSA-2011:043 http://www.ocert.org/advisories/ocert-2009-012.html http://osvdb.org/55821 http://osvdb.org/55822 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10988 http://www.redhat.com/support/errata/RHSA-2009-1159.html http://www.securitytracker.com/id?1022539 http://secunia.com/advisories/35811 http://secunia.com/advisories/35817 http://secunia.com/advisories/35866 http://secunia.com/advisories/35883 http://secunia.com/advisories/35911 http://secunia.com/advisories/36194 http://secunia.com/advisories/50726 http://www.ubuntu.com/usn/USN-801-1 http://www.vupen.com/english/advisories/2009/1870 http://www.vupen.com/english/advisories/2011/0621 XForce ISS Database: libtiff-rgb2ycbcr-tiff2rgba-bo(51688) https://exchange.xforce.ibmcloud.com/vulnerabilities/51688 Common Vulnerability Exposure (CVE) ID: CVE-2009-2285 http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html http://lists.apple.com/archives/security-announce/2010/Feb/msg00000.html http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.html https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00142.html https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00161.html https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00230.html https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00655.html https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00714.html http://www.lan.st/showthread.php?t=1856&page=3 http://www.openwall.com/lists/oss-security/2009/06/22/1 http://www.openwall.com/lists/oss-security/2009/06/23/1 http://www.openwall.com/lists/oss-security/2009/06/29/5 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10145 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7049 http://secunia.com/advisories/35695 http://secunia.com/advisories/35716 http://secunia.com/advisories/35912 http://secunia.com/advisories/36831 http://secunia.com/advisories/38241 http://secunia.com/advisories/39135 http://sunsolve.sun.com/search/document.do?assetkey=1-66-267808-1 https://usn.ubuntu.com/797-1/ http://www.vupen.com/english/advisories/2009/1637 http://www.vupen.com/english/advisories/2009/2727 http://www.vupen.com/english/advisories/2009/3184 http://www.vupen.com/english/advisories/2010/0173
Copyright	Copyright (C) 2009 E-Soft Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.