Test ID:	1.3.6.1.4.1.25623.1.0.840976
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-1416-1)
Summary:	The remote host is missing an update for the 'tiff' package(s) announced via the USN-1416-1 advisory.
Description:	Summary: The remote host is missing an update for the 'tiff' package(s) announced via the USN-1416-1 advisory. Vulnerability Insight: Alexander Gavrun discovered that the TIFF library incorrectly allocated space for a tile. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could execute arbitrary code with user privileges, or crash the application, leading to a denial of service. (CVE-2012-1173) It was discovered that the tiffdump utility incorrectly handled directory data structures with many directory entries. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. This issue only applied to Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2010-4665) Affected Software/OS: 'tiff' package(s) on Ubuntu 8.04, Ubuntu 10.04, Ubuntu 10.10, Ubuntu 11.04, Ubuntu 11.10. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-4665 44271 http://secunia.com/advisories/44271 47338 http://www.securityfocus.com/bid/47338 50726 http://secunia.com/advisories/50726 DSA-2552 http://www.debian.org/security/2012/dsa-2552 FEDORA-2011-5304 http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058478.html GLSA-201209-02 http://security.gentoo.org/glsa/glsa-201209-02.xml SUSE-SR:2011:009 http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html USN-1416-1 http://ubuntu.com/usn/usn-1416-1 [oss-security] 20110412 libtiff CVE assignments http://openwall.com/lists/oss-security/2011/04/12/10 http://bugzilla.maptools.org/show_bug.cgi?id=2218 http://www.remotesensing.org/libtiff/v3.9.5.html https://bugzilla.redhat.com/show_bug.cgi?id=695887 Common Vulnerability Exposure (CVE) ID: CVE-2012-1173 1026895 http://www.securitytracker.com/id?1026895 48684 http://secunia.com/advisories/48684 48722 http://secunia.com/advisories/48722 48735 http://secunia.com/advisories/48735 48757 http://secunia.com/advisories/48757 48893 http://secunia.com/advisories/48893 52891 http://www.securityfocus.com/bid/52891 81025 http://www.osvdb.org/81025 APPLE-SA-2012-09-19-1 http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html APPLE-SA-2012-09-19-2 http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html DSA-2447 http://www.debian.org/security/2012/dsa-2447 FEDORA-2012-5406 http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078403.html FEDORA-2012-5410 http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078835.html FEDORA-2012-5463 http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077463.html MDVSA-2012:054 http://www.mandriva.com/security/advisories?name=MDVSA-2012:054 RHSA-2012:0468 http://rhn.redhat.com/errata/RHSA-2012-0468.html http://bugzilla.maptools.org/attachment.cgi?id=477&action=diff http://bugzilla.maptools.org/show_bug.cgi?id=2369 http://home.gdal.org/private/zdi-can-1221/zdi-can-1221.txt http://support.apple.com/kb/HT5501 http://support.apple.com/kb/HT5503 https://downloads.avaya.com/css/P8/documents/100161772 libtiff-gttileseparate-bo(74656) https://exchange.xforce.ibmcloud.com/vulnerabilities/74656 openSUSE-SU-2012:0539 https://hermes.opensuse.org/messages/14302713
Copyright	Copyright (C) 2012 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.