 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.881891 |
| Category: | CentOS Local Security Checks |
| Title: | CentOS Update for libtiff CESA-2014:0222 centos6 |
| Summary: | The remote host is missing an update for the 'libtiff'; package(s) announced via the referenced advisory. |
| Description: | Summary: The remote host is missing an update for the 'libtiff' package(s) announced via the referenced advisory. Vulnerability Insight: The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. A heap-based buffer overflow and a use-after-free flaw were found in the tiff2pdf tool. An attacker could use these flaws to create a specially crafted TIFF file that would cause tiff2pdf to crash or, possibly, execute arbitrary code. (CVE-2013-1960, CVE-2013-4232) Multiple buffer overflow flaws were found in the gif2tiff tool. An attacker could use these flaws to create a specially crafted GIF file that could cause gif2tiff to crash or, possibly, execute arbitrary code. (CVE-2013-4231, CVE-2013-4243, CVE-2013-4244) A flaw was found in the way libtiff handled OJPEG-encoded TIFF images. An attacker could use this flaw to create a specially crafted TIFF file that would cause an application using libtiff to crash. (CVE-2010-2596) Multiple buffer overflow flaws were found in the tiff2pdf tool. An attacker could use these flaws to create a specially crafted TIFF file that would cause tiff2pdf to crash. (CVE-2013-1961) Red Hat would like to thank Emmanuel Bouillon of NCI Agency for reporting CVE-2013-1960 and CVE-2013-1961. The CVE-2013-4243 issue was discovered by Murray McAllister of the Red Hat Security Response Team, and the CVE-2013-4244 issue was discovered by Huzaifa Sidhpurwala of the Red Hat Security Response Team. All libtiff users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running applications linked against libtiff must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at the linked references. 5. Bugs fixed: 610759 - CVE-2010-2596 libtiff: assertion failure on downsampled OJPEG file Affected Software/OS: libtiff on CentOS 6 Solution: Please install the updated packages. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2010-2596 http://security.gentoo.org/glsa/glsa-201209-02.xml http://marc.info/?l=oss-security&m=127731610612908&w=2 http://secunia.com/advisories/40422 http://secunia.com/advisories/50726 Common Vulnerability Exposure (CVE) ID: CVE-2013-1960 53237 http://secunia.com/advisories/53237 53765 http://secunia.com/advisories/53765 59609 http://www.securityfocus.com/bid/59609 DSA-2698 http://www.debian.org/security/2013/dsa-2698 FEDORA-2013-7339 http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104916.html FEDORA-2013-7361 http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105828.html FEDORA-2013-7369 http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105253.html RHSA-2014:0223 http://rhn.redhat.com/errata/RHSA-2014-0223.html [oss-security] 20130502 Fwd: Two libtiff (tiff2pdf flaws) http://seclists.org/oss-sec/2013/q2/254 https://bugzilla.redhat.com/show_bug.cgi?id=952158 openSUSE-SU-2013:0922 http://lists.opensuse.org/opensuse-updates/2013-06/msg00058.html openSUSE-SU-2013:0944 http://lists.opensuse.org/opensuse-updates/2013-06/msg00080.html Common Vulnerability Exposure (CVE) ID: CVE-2013-1961 59607 http://www.securityfocus.com/bid/59607 https://bugzilla.redhat.com/show_bug.cgi?id=952131 Common Vulnerability Exposure (CVE) ID: CVE-2013-4231 54543 http://secunia.com/advisories/54543 54628 http://secunia.com/advisories/54628 61695 http://www.securityfocus.com/bid/61695 DSA-2744 http://www.debian.org/security/2013/dsa-2744 [oss-security] 20130809 Re: CVE Request -- Four (stack-based) buffer overflows and one use-after-free in libtiff v4.0.3 reported by Pedro Ribeiro http://www.openwall.com/lists/oss-security/2013/08/10/2 [tiff] 20130801 Vulnerabilities in libtiff 4.0.3 http://www.asmail.be/msg0055359936.html http://bugzilla.maptools.org/show_bug.cgi?id=2450 https://bugzilla.redhat.com/show_bug.cgi?id=995965 Common Vulnerability Exposure (CVE) ID: CVE-2013-4232 http://bugzilla.maptools.org/show_bug.cgi?id=2449 https://bugzilla.redhat.com/show_bug.cgi?id=995975 Common Vulnerability Exposure (CVE) ID: CVE-2013-4243 62082 http://www.securityfocus.com/bid/62082 GLSA-201701-16 https://security.gentoo.org/glsa/201701-16 http://bugzilla.maptools.org/show_bug.cgi?id=2451 https://bugzilla.redhat.com/show_bug.cgi?id=996052 Common Vulnerability Exposure (CVE) ID: CVE-2013-4244 http://bugzilla.maptools.org/show_bug.cgi?id=2452 https://bugzilla.redhat.com/show_bug.cgi?id=996468 https://github.com/vadz/libtiff/commit/ce6841d9e41d621ba23cf18b190ee6a23b2cc833 |
| Copyright | Copyright (C) 2014 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |