Test ID:	1.3.6.1.4.1.25623.1.0.64502
Category:	Mandrake Local Security Checks
Title:	Mandrake Security Advisory MDVSA-2009:169 (libtiff)
Summary:	The remote host is missing an update to libtiff;announced via advisory MDVSA-2009:169.
Description:	Summary: The remote host is missing an update to libtiff announced via advisory MDVSA-2009:169. Vulnerability Insight: Multiple vulnerabilities has been found and corrected in libtiff: Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327 (CVE-2009-2285). Fix several places in tiff2rgba and rgb2ycbcr that were being careless about possible integer overflow in calculation of buffer sizes (CVE-2009-2347). This update provides fixes for these vulnerabilities. Affected: Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-2327 http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html BugTraq ID: 30832 http://www.securityfocus.com/bid/30832 Bugtraq: 20080905 rPSA-2008-0268-1 libtiff (Google Search) http://www.securityfocus.com/archive/1/496033/100/0/threaded Bugtraq: 20081031 VMSA-2008-0017 Updated ESX packages for libxml2, ucd-snmp, libtiff (Google Search) http://www.securityfocus.com/archive/1/497962/100/0/threaded Cert/CC Advisory: TA08-260A http://www.us-cert.gov/cas/techalerts/TA08-260A.html Debian Security Information: DSA-1632 (Google Search) http://www.debian.org/security/2008/dsa-1632 https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00102.html https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00121.html http://security.gentoo.org/glsa/glsa-200809-07.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:184 http://www.vmware.com/security/advisories/VMSA-2008-0017.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11489 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5514 http://www.redhat.com/support/errata/RHSA-2008-0847.html http://www.redhat.com/support/errata/RHSA-2008-0848.html http://www.redhat.com/support/errata/RHSA-2008-0863.html http://www.securitytracker.com/id?1020750 http://secunia.com/advisories/31610 http://secunia.com/advisories/31623 http://secunia.com/advisories/31668 http://secunia.com/advisories/31670 http://secunia.com/advisories/31698 http://secunia.com/advisories/31838 http://secunia.com/advisories/31882 http://secunia.com/advisories/31982 http://secunia.com/advisories/32706 http://secunia.com/advisories/32756 http://sunsolve.sun.com/search/document.do?assetkey=1-26-265030-1 SuSE Security Announcement: SUSE-SR:2008:018 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html http://www.ubuntu.com/usn/usn-639-1 http://www.vupen.com/english/advisories/2008/2438 http://www.vupen.com/english/advisories/2008/2584 http://www.vupen.com/english/advisories/2008/2776 http://www.vupen.com/english/advisories/2008/2971 http://www.vupen.com/english/advisories/2008/3107 http://www.vupen.com/english/advisories/2008/3232 http://www.vupen.com/english/advisories/2009/2143 Common Vulnerability Exposure (CVE) ID: CVE-2009-2285 http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html http://lists.apple.com/archives/security-announce/2010/Feb/msg00000.html http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.html Debian Security Information: DSA-1835 (Google Search) http://www.debian.org/security/2009/dsa-1835 https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00142.html https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00161.html https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00230.html https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00655.html https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00714.html http://security.gentoo.org/glsa/glsa-200908-03.xml http://www.lan.st/showthread.php?t=1856&page=3 http://www.openwall.com/lists/oss-security/2009/06/22/1 http://www.openwall.com/lists/oss-security/2009/06/23/1 http://www.openwall.com/lists/oss-security/2009/06/29/5 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10145 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7049 http://www.redhat.com/support/errata/RHSA-2009-1159.html http://secunia.com/advisories/35695 http://secunia.com/advisories/35716 http://secunia.com/advisories/35866 http://secunia.com/advisories/35883 http://secunia.com/advisories/35912 http://secunia.com/advisories/36194 http://secunia.com/advisories/36831 http://secunia.com/advisories/38241 http://secunia.com/advisories/39135 http://sunsolve.sun.com/search/document.do?assetkey=1-66-267808-1 https://usn.ubuntu.com/797-1/ http://www.vupen.com/english/advisories/2009/1637 http://www.vupen.com/english/advisories/2009/2727 http://www.vupen.com/english/advisories/2009/3184 http://www.vupen.com/english/advisories/2010/0173 Common Vulnerability Exposure (CVE) ID: CVE-2009-2347 BugTraq ID: 35652 http://www.securityfocus.com/bid/35652 Bugtraq: 20090713 [oCERT-2009-012] libtiff tools integer overflows (Google Search) http://www.securityfocus.com/archive/1/504892/100/0/threaded https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00663.html https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00724.html http://security.gentoo.org/glsa/glsa-201209-02.xml http://www.mandriva.com/security/advisories?name=MDVSA-2009:150 http://www.mandriva.com/security/advisories?name=MDVSA-2011:043 http://www.ocert.org/advisories/ocert-2009-012.html http://osvdb.org/55821 http://osvdb.org/55822 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10988 http://www.securitytracker.com/id?1022539 http://secunia.com/advisories/35811 http://secunia.com/advisories/35817 http://secunia.com/advisories/35911 http://secunia.com/advisories/50726 http://www.ubuntu.com/usn/USN-801-1 http://www.vupen.com/english/advisories/2009/1870 http://www.vupen.com/english/advisories/2011/0621 XForce ISS Database: libtiff-rgb2ycbcr-tiff2rgba-bo(51688) https://exchange.xforce.ibmcloud.com/vulnerabilities/51688
Copyright	Copyright (C) 2009 E-Soft Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.