Test ID:	1.3.6.1.4.1.25623.1.1.1.2.2015.221
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DLA-221-1)
Summary:	The remote host is missing an update for the Debian 'tiff' package(s) announced via the DLA-221-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'tiff' package(s) announced via the DLA-221-1 advisory. Vulnerability Insight: Several vulnerabilities have been discovered in the LibTIFF library and utilities for the Tag Image File Format. These could lead to a denial of service, information disclosure or privilege escalation. CVE-2014-8128 William Robinet discovered that out-of-bounds writes are triggered in several of the LibTIFF utilities when processing crafted TIFF files. Other applications using LibTIFF are also likely to be affected in the same way. CVE-2014-8129 William Robinet discovered that out-of-bounds reads and writes are triggered in tiff2pdf when processing crafted TIFF files. Other applications using LibTIFF are also likely to be affected in the same way. CVE-2014-9330 Paris Zoumpouloglou discovered that out-of-bounds reads and writes are triggered in bmp2tiff when processing crafted BMP files. CVE-2014-9655 Michal Zalewski discovered that out-of-bounds reads and writes are triggered in LibTIFF when processing crafted TIFF files. For the oldoldstable distribution (squeeze), these problems have been fixed in version 3.9.4-5+squeeze12. For the oldstable distribution (wheezy), these problems will be fixed soon. The stable distribution (jessie) was not affected by these problems as they were fixed before release. Affected Software/OS: 'tiff' package(s) on Debian 6. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-8128 http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html http://openwall.com/lists/oss-security/2015/01/24/15 http://support.apple.com/kb/HT204941 http://support.apple.com/kb/HT204942 http://www.conostix.com/pub/adv/CVE-2014-8128-LibTIFF-Out-of-bounds_Writes.txt https://bugzilla.redhat.com/show_bug.cgi?id=1185812 Common Vulnerability Exposure (CVE) ID: CVE-2014-8129 1032760 http://www.securitytracker.com/id/1032760 72352 http://www.securityfocus.com/bid/72352 APPLE-SA-2015-06-30-1 APPLE-SA-2015-06-30-2 DSA-3273 https://www.debian.org/security/2015/dsa-3273 GLSA-201701-16 https://security.gentoo.org/glsa/201701-16 RHSA-2016:1546 http://rhn.redhat.com/errata/RHSA-2016-1546.html RHSA-2016:1547 http://rhn.redhat.com/errata/RHSA-2016-1547.html [oss-security] 20150124 Multiple vulnerabilities in LibTIFF and associated tools http://bugzilla.maptools.org/show_bug.cgi?id=2487 http://bugzilla.maptools.org/show_bug.cgi?id=2488 http://www.conostix.com/pub/adv/CVE-2014-8129-LibTIFF-Out-of-bounds_Reads_and_Writes.txt https://bugzilla.redhat.com/show_bug.cgi?id=1185815 Common Vulnerability Exposure (CVE) ID: CVE-2014-9330 BugTraq ID: 71789 http://www.securityfocus.com/bid/71789 Debian Security Information: DSA-3273 (Google Search) http://www.debian.org/security/2015/dsa-3273 http://seclists.org/fulldisclosure/2014/Dec/97 RedHat Security Advisories: RHSA-2016:1546 RedHat Security Advisories: RHSA-2016:1547 http://www.securitytracker.com/id/1031442 Common Vulnerability Exposure (CVE) ID: CVE-2014-9655 Debian Security Information: DSA-3467 (Google Search) http://www.debian.org/security/2016/dsa-3467 http://openwall.com/lists/oss-security/2015/02/07/5 Common Vulnerability Exposure (CVE) ID: CVE-2015-1547 BugTraq ID: 73438 http://www.securityfocus.com/bid/73438 http://openwall.com/lists/oss-security/2015/01/24/16
Copyright	Copyright (C) 2023 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.