Test ID:	1.3.6.1.4.1.25623.1.0.881115
Category:	CentOS Local Security Checks
Title:	CentOS Update for libtiff CESA-2012:0468 centos6
Summary:	The remote host is missing an update for the 'libtiff'; package(s) announced via the referenced advisory.
Description:	Summary: The remote host is missing an update for the 'libtiff' package(s) announced via the referenced advisory. Vulnerability Insight: The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Two integer overflow flaws, leading to heap-based buffer overflows, were found in the way libtiff attempted to allocate space for a tile in a TIFF image file. An attacker could use these flaws to create a specially-crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. (CVE-2012-1173) All libtiff users should upgrade to these updated packages, which contain a backported patch to resolve these issues. All running applications linked against libtiff must be restarted for this update to take effect. Affected Software/OS: libtiff on CentOS 6 Solution: Please install the updated packages. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-1173 1026895 http://www.securitytracker.com/id?1026895 48684 http://secunia.com/advisories/48684 48722 http://secunia.com/advisories/48722 48735 http://secunia.com/advisories/48735 48757 http://secunia.com/advisories/48757 48893 http://secunia.com/advisories/48893 50726 http://secunia.com/advisories/50726 52891 http://www.securityfocus.com/bid/52891 81025 http://www.osvdb.org/81025 APPLE-SA-2012-09-19-1 http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html APPLE-SA-2012-09-19-2 http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html DSA-2447 http://www.debian.org/security/2012/dsa-2447 FEDORA-2012-5406 http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078403.html FEDORA-2012-5410 http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078835.html FEDORA-2012-5463 http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077463.html GLSA-201209-02 http://security.gentoo.org/glsa/glsa-201209-02.xml MDVSA-2012:054 http://www.mandriva.com/security/advisories?name=MDVSA-2012:054 RHSA-2012:0468 http://rhn.redhat.com/errata/RHSA-2012-0468.html USN-1416-1 http://ubuntu.com/usn/usn-1416-1 http://bugzilla.maptools.org/attachment.cgi?id=477&action=diff http://bugzilla.maptools.org/show_bug.cgi?id=2369 http://home.gdal.org/private/zdi-can-1221/zdi-can-1221.txt http://support.apple.com/kb/HT5501 http://support.apple.com/kb/HT5503 https://downloads.avaya.com/css/P8/documents/100161772 libtiff-gttileseparate-bo(74656) https://exchange.xforce.ibmcloud.com/vulnerabilities/74656 openSUSE-SU-2012:0539 https://hermes.opensuse.org/messages/14302713
Copyright	Copyright (C) 2012 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.