Test ID:	1.3.6.1.4.1.25623.1.1.13.2013.290.01
Category:	Slackware Local Security Checks
Title:	Slackware: Security Advisory (SSA:2013-290-01)
Summary:	The remote host is missing an update for the 'libtiff' package(s) announced via the SSA:2013-290-01 advisory.
Description:	Summary: The remote host is missing an update for the 'libtiff' package(s) announced via the SSA:2013-290-01 advisory. Vulnerability Insight: New libtiff packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix security issues. Here are the details from the Slackware 14.0 ChangeLog: +--------------------------+ patches/packages/libtiff-3.9.7-i486-1_slack14.0.txz: Upgraded. Patched overflows, crashes, and out of bounds writes. Thanks to mancha for the backported patches. For more information, see: [links moved to references] (* Security fix *) +--------------------------+ Affected Software/OS: 'libtiff' package(s) on Slackware 12.1, Slackware 12.2, Slackware 13.0, Slackware 13.1, Slackware 13.37, Slackware 14.0, Slackware current. Solution: Please install the updated package(s). CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-2088 49686 http://secunia.com/advisories/49686 50726 http://secunia.com/advisories/50726 54270 http://www.securityfocus.com/bid/54270 APPLE-SA-2013-03-14-1 http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html GLSA-201209-02 http://security.gentoo.org/glsa/glsa-201209-02.xml MDVSA-2012:101 http://www.mandriva.com/security/advisories?name=MDVSA-2012:101 RHSA-2012:1054 http://rhn.redhat.com/errata/RHSA-2012-1054.html SUSE-SU-2012:0894 http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00010.html http://support.apple.com/kb/HT6162 http://support.apple.com/kb/HT6163 https://bugzilla.redhat.com/show_bug.cgi?id=832864 openSUSE-SU-2012:0829 https://hermes.opensuse.org/messages/15083566 Common Vulnerability Exposure (CVE) ID: CVE-2012-2113 49493 http://secunia.com/advisories/49493 54076 http://www.securityfocus.com/bid/54076 DSA-2552 http://www.debian.org/security/2012/dsa-2552 http://www.remotesensing.org/libtiff/v4.0.2.html https://bugzilla.redhat.com/show_bug.cgi?id=810551 Common Vulnerability Exposure (CVE) ID: CVE-2012-4447 49938 http://secunia.com/advisories/49938 51049 http://secunia.com/advisories/51049 55673 http://www.securityfocus.com/bid/55673 DSA-2561 http://www.debian.org/security/2012/dsa-2561 RHSA-2012:1590 http://rhn.redhat.com/errata/RHSA-2012-1590.html USN-1631-1 http://www.ubuntu.com/usn/USN-1631-1 [oss-security] 20120925 CVE Request: libtiff: Heap-buffer overflow when processing a TIFF image with PixarLog Compression http://www.openwall.com/lists/oss-security/2012/09/25/9 [oss-security] 20120925 Re: CVE Request: libtiff: Heap-buffer overflow when processing a TIFF image with PixarLog Compression http://www.openwall.com/lists/oss-security/2012/09/25/14 http://www.remotesensing.org/libtiff/v4.0.3.html https://bugzilla.redhat.com/show_bug.cgi?id=860198 openSUSE-SU-2013:0187 http://lists.opensuse.org/opensuse-updates/2013-01/msg00076.html Common Vulnerability Exposure (CVE) ID: CVE-2012-4564 51133 http://secunia.com/advisories/51133 56372 http://www.securityfocus.com/bid/56372 86878 http://www.osvdb.org/86878 DSA-2575 http://www.debian.org/security/2012/dsa-2575 [oss-security] 20121102 Re: libtiff: Missing return value check in ppm2tiff leading to heap-buffer overflow when reading a tiff file http://www.openwall.com/lists/oss-security/2012/11/02/7 [oss-security] 20121102 libtiff: Missing return value check in ppm2tiff leading to heap-buffer overflow when reading a tiff file http://www.openwall.com/lists/oss-security/2012/11/02/3 https://bugzilla.redhat.com/show_bug.cgi?id=871700 libtiff-ppm2tiff-bo(79750) https://exchange.xforce.ibmcloud.com/vulnerabilities/79750 Common Vulnerability Exposure (CVE) ID: CVE-2013-1960 53237 http://secunia.com/advisories/53237 53765 http://secunia.com/advisories/53765 59609 http://www.securityfocus.com/bid/59609 DSA-2698 http://www.debian.org/security/2013/dsa-2698 FEDORA-2013-7339 http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104916.html FEDORA-2013-7361 http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105828.html FEDORA-2013-7369 http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105253.html RHSA-2014:0223 http://rhn.redhat.com/errata/RHSA-2014-0223.html [oss-security] 20130502 Fwd: Two libtiff (tiff2pdf flaws) http://seclists.org/oss-sec/2013/q2/254 https://bugzilla.redhat.com/show_bug.cgi?id=952158 openSUSE-SU-2013:0922 http://lists.opensuse.org/opensuse-updates/2013-06/msg00058.html openSUSE-SU-2013:0944 http://lists.opensuse.org/opensuse-updates/2013-06/msg00080.html Common Vulnerability Exposure (CVE) ID: CVE-2013-1961 59607 http://www.securityfocus.com/bid/59607 https://bugzilla.redhat.com/show_bug.cgi?id=952131 Common Vulnerability Exposure (CVE) ID: CVE-2013-4231 54543 http://secunia.com/advisories/54543 54628 http://secunia.com/advisories/54628 61695 http://www.securityfocus.com/bid/61695 DSA-2744 http://www.debian.org/security/2013/dsa-2744 [oss-security] 20130809 Re: CVE Request -- Four (stack-based) buffer overflows and one use-after-free in libtiff v4.0.3 reported by Pedro Ribeiro http://www.openwall.com/lists/oss-security/2013/08/10/2 [tiff] 20130801 Vulnerabilities in libtiff 4.0.3 http://www.asmail.be/msg0055359936.html http://bugzilla.maptools.org/show_bug.cgi?id=2450 https://bugzilla.redhat.com/show_bug.cgi?id=995965 Common Vulnerability Exposure (CVE) ID: CVE-2013-4232 http://bugzilla.maptools.org/show_bug.cgi?id=2449 https://bugzilla.redhat.com/show_bug.cgi?id=995975 Common Vulnerability Exposure (CVE) ID: CVE-2013-4244 http://bugzilla.maptools.org/show_bug.cgi?id=2452 https://bugzilla.redhat.com/show_bug.cgi?id=996468 https://github.com/vadz/libtiff/commit/ce6841d9e41d621ba23cf18b190ee6a23b2cc833
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.