Test ID:	1.3.6.1.4.1.25623.1.0.71694
Category:	Ubuntu Local Security Checks
Title:	Ubuntu USN-1416-1 (libtiff4)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to libtiff4 announced via advisory USN-1416-1. Details: Alexander Gavrun discovered that the TIFF library incorrectly allocated space for a tile. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could execute arbitrary code with user privileges, or crash the application, leading to a denial of service. (CVE-2012-1173) It was discovered that the tiffdump utility incorrectly handled directory data structures with many directory entries. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. This issue only applied to Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2010-4665) Solution: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.10: libtiff4 3.9.5-1ubuntu1.1 Ubuntu 11.04: libtiff4 3.9.4-5ubuntu6.1 Ubuntu 10.10: libtiff4 3.9.4-2ubuntu0.5 Ubuntu 10.04 LTS: libtiff4 3.9.2-2ubuntu0.8 Ubuntu 8.04 LTS: libtiff4 3.8.2-7ubuntu3.10 http://www.securityspace.com/smysecure/catid.html?in=USN-1416-1 CVSS Score: 6.8 CVSS Vector: AV:L/AC:H/Au:NR/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-1173 1026895 http://www.securitytracker.com/id?1026895 48684 http://secunia.com/advisories/48684 48722 http://secunia.com/advisories/48722 48735 http://secunia.com/advisories/48735 48757 http://secunia.com/advisories/48757 48893 http://secunia.com/advisories/48893 50726 http://secunia.com/advisories/50726 52891 http://www.securityfocus.com/bid/52891 81025 http://www.osvdb.org/81025 APPLE-SA-2012-09-19-1 http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html APPLE-SA-2012-09-19-2 http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html DSA-2447 http://www.debian.org/security/2012/dsa-2447 FEDORA-2012-5406 http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078403.html FEDORA-2012-5410 http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078835.html FEDORA-2012-5463 http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077463.html GLSA-201209-02 http://security.gentoo.org/glsa/glsa-201209-02.xml MDVSA-2012:054 http://www.mandriva.com/security/advisories?name=MDVSA-2012:054 RHSA-2012:0468 http://rhn.redhat.com/errata/RHSA-2012-0468.html USN-1416-1 http://ubuntu.com/usn/usn-1416-1 http://bugzilla.maptools.org/attachment.cgi?id=477&action=diff http://bugzilla.maptools.org/show_bug.cgi?id=2369 http://home.gdal.org/private/zdi-can-1221/zdi-can-1221.txt http://support.apple.com/kb/HT5501 http://support.apple.com/kb/HT5503 https://downloads.avaya.com/css/P8/documents/100161772 libtiff-gttileseparate-bo(74656) https://exchange.xforce.ibmcloud.com/vulnerabilities/74656 openSUSE-SU-2012:0539 https://hermes.opensuse.org/messages/14302713 Common Vulnerability Exposure (CVE) ID: CVE-2010-4665 44271 http://secunia.com/advisories/44271 47338 http://www.securityfocus.com/bid/47338 DSA-2552 http://www.debian.org/security/2012/dsa-2552 FEDORA-2011-5304 http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058478.html SUSE-SR:2011:009 http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html [oss-security] 20110412 libtiff CVE assignments http://openwall.com/lists/oss-security/2011/04/12/10 http://bugzilla.maptools.org/show_bug.cgi?id=2218 http://www.remotesensing.org/libtiff/v3.9.5.html https://bugzilla.redhat.com/show_bug.cgi?id=695887
Copyright	Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.