Test ID:	1.3.6.1.4.1.25623.1.0.841820
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-2205-1)
Summary:	The remote host is missing an update for the 'tiff' package(s) announced via the USN-2205-1 advisory.
Description:	Summary: The remote host is missing an update for the 'tiff' package(s) announced via the USN-2205-1 advisory. Vulnerability Insight: Pedro Ribeiro discovered that LibTIFF incorrectly handled certain malformed images when using the gif2tiff tool. If a user or automated system were tricked into opening a specially crafted GIF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. This issue only affected Ubuntu 10.04 LTS, Ubunu 12.04 LTS, Ubuntu 12.10 and Ubuntu 13.10. (CVE-2013-4231) Pedro Ribeiro discovered that LibTIFF incorrectly handled certain malformed images when using the tiff2pdf tool. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. This issue only affected Ubuntu 10.04 LTS, Ubunu 12.04 LTS, Ubuntu 12.10 and Ubuntu 13.10. (CVE-2013-4232) Murray McAllister discovered that LibTIFF incorrectly handled certain malformed images when using the gif2tiff tool. If a user or automated system were tricked into opening a specially crafted GIF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. (CVE-2013-4243) Huzaifa Sidhpurwala discovered that LibTIFF incorrectly handled certain malformed images when using the gif2tiff tool. If a user or automated system were tricked into opening a specially crafted GIF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. This issue only affected Ubuntu 10.04 LTS, Ubunu 12.04 LTS, Ubuntu 12.10 and Ubuntu 13.10. (CVE-2013-4244) Affected Software/OS: 'tiff' package(s) on Ubuntu 10.04, Ubuntu 12.04, Ubuntu 12.10, Ubuntu 13.10, Ubuntu 14.04. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2013-4231 54543 http://secunia.com/advisories/54543 54628 http://secunia.com/advisories/54628 61695 http://www.securityfocus.com/bid/61695 DSA-2744 http://www.debian.org/security/2013/dsa-2744 RHSA-2014:0223 http://rhn.redhat.com/errata/RHSA-2014-0223.html [oss-security] 20130809 Re: CVE Request -- Four (stack-based) buffer overflows and one use-after-free in libtiff v4.0.3 reported by Pedro Ribeiro http://www.openwall.com/lists/oss-security/2013/08/10/2 [tiff] 20130801 Vulnerabilities in libtiff 4.0.3 http://www.asmail.be/msg0055359936.html http://bugzilla.maptools.org/show_bug.cgi?id=2450 https://bugzilla.redhat.com/show_bug.cgi?id=995965 Common Vulnerability Exposure (CVE) ID: CVE-2013-4232 http://bugzilla.maptools.org/show_bug.cgi?id=2449 https://bugzilla.redhat.com/show_bug.cgi?id=995975 Common Vulnerability Exposure (CVE) ID: CVE-2013-4243 62082 http://www.securityfocus.com/bid/62082 GLSA-201701-16 https://security.gentoo.org/glsa/201701-16 http://bugzilla.maptools.org/show_bug.cgi?id=2451 https://bugzilla.redhat.com/show_bug.cgi?id=996052 Common Vulnerability Exposure (CVE) ID: CVE-2013-4244 http://bugzilla.maptools.org/show_bug.cgi?id=2452 https://bugzilla.redhat.com/show_bug.cgi?id=996468 https://github.com/vadz/libtiff/commit/ce6841d9e41d621ba23cf18b190ee6a23b2cc833
Copyright	Copyright (C) 2014 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.