Red Hat Local Security Checks : RedHat Security Advisory RHSA-2011:0452

Price/Feature Summary | Order | New Vulnerabilities | Confidentiality | Vulnerability Search

Vulnerability Search		Search 61204 CVE descriptions and 32582 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.69433

Category: Red Hat Local Security Checks

Title: RedHat Security Advisory RHSA-2011:0452

Summary: Redhat Security Advisory RHSA-2011:0452

Description: The remote host is missing updates announced in
advisory RHSA-2011:0452.

The libtiff packages contain a library of functions for manipulating Tagged
Image File Format (TIFF) files.

A heap-based buffer overflow flaw was found in the way libtiff processed
certain TIFF image files that were compressed with the JPEG compression
algorithm. An attacker could use this flaw to create a specially-crafted
TIFF file that, when opened, would cause an application linked against
libtiff to crash or, possibly, execute arbitrary code. (CVE-2009-5022)

All libtiff users should upgrade to these updated packages, which contain a
backported patch to resolve this issue. All running applications linked
against libtiff must be restarted for this update to take effect.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2011-0452.html

Risk factor : High

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-5022
http://openwall.com/lists/oss-security/2011/04/12/10
Debian Security Information: DSA-2256 (Google Search)
http://www.debian.org/security/2011/dsa-2256
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058478.html
http://www.mandriva.com/security/advisories?name=MDVSA-2011:078
http://www.redhat.com/support/errata/RHSA-2011-0452.html
http://www.ubuntu.com/usn/USN-1120-1
BugTraq ID: 47338
http://www.securityfocus.com/bid/47338
http://securitytracker.com/id?1025380
http://secunia.com/advisories/44271
http://www.vupen.com/english/advisories/2011/1014
http://www.vupen.com/english/advisories/2011/1082
XForce ISS Database: libtiff-ojpeg-bo(66774)
http://xforce.iss.net/xforce/xfdb/66774

Copyright Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

New User Registration
Email:

UserID:

Passwd:

Please email me your monthly newsletters, informing the latest services, improvements & surveys.

Please email me a vulnerability test announcement whenever a new test is added.

Privacy

Registered User Login

UserID:

Passwd:

Forgot userid or passwd?

Email/Userid:

Test ID:	1.3.6.1.4.1.25623.1.0.69433
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2011:0452
Summary:	Redhat Security Advisory RHSA-2011:0452
Description:	The remote host is missing updates announced in advisory RHSA-2011:0452. The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. A heap-based buffer overflow flaw was found in the way libtiff processed certain TIFF image files that were compressed with the JPEG compression algorithm. An attacker could use this flaw to create a specially-crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. (CVE-2009-5022) All libtiff users should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running applications linked against libtiff must be restarted for this update to take effect. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2011-0452.html Risk factor : High
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-5022 http://openwall.com/lists/oss-security/2011/04/12/10 Debian Security Information: DSA-2256 (Google Search) http://www.debian.org/security/2011/dsa-2256 http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058478.html http://www.mandriva.com/security/advisories?name=MDVSA-2011:078 http://www.redhat.com/support/errata/RHSA-2011-0452.html http://www.ubuntu.com/usn/USN-1120-1 BugTraq ID: 47338 http://www.securityfocus.com/bid/47338 http://securitytracker.com/id?1025380 http://secunia.com/advisories/44271 http://www.vupen.com/english/advisories/2011/1014 http://www.vupen.com/english/advisories/2011/1082 XForce ISS Database: libtiff-ojpeg-bo(66774) http://xforce.iss.net/xforce/xfdb/66774
Copyright	Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com