Conectiva Local Security Checks : Conectiva Security Advisory CLA-2004:888

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.51379

Categoría: Conectiva Local Security Checks

Título: Conectiva Security Advisory CLA-2004:888

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory CLA-2004:888.

libtiff[1] is a library for handling TIFF images.

This announcement fixes several integer overflow vulnerabilities that
were encountered in libtiff.

The fixed vulnerabilities are:

CVE-2004-0803: Chris Evans encountered several problems in the RLE
(Run Length Encoding) decoders that could lead to an arbitrary code
execution vulnerability through a specially crafted image.

CVE-2004-0804: Matthias Clasen encountered a division by zero through
an integer overflow that could lead to a denial of service
vulnerability which could be triggered by a specially crafted image.

CVE-2004-0886: Dmitry V. Levin encountered several integer overflows
that caused malloc issues which could result in either plain a crash
or memory corruption.

Solution:
The apt tool can be used to perform RPM package upgrades
by running 'apt-get update' followed by 'apt-get upgrade'

http://www.libtiff.org
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0803
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0804
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0886
http://www.securityspace.com/smysecure/catid.html?in=CLA-2004:888
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002004

Risk factor : High

CVSS Score:
7.5

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2004-0803
BugTraq ID: 11406
http://www.securityfocus.com/bid/11406
Bugtraq: 20041013 CESA-2004-006: libtiff (Google Search)
http://marc.info/?l=bugtraq&m=109778785107450&w=2
CERT/CC vulnerability note: VU#948752
http://www.kb.cert.org/vuls/id/948752
Conectiva Linux advisory: CLA-2004:888
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000888
Debian Security Information: DSA-567 (Google Search)
http://www.debian.org/security/2004/dsa-567
http://www.gentoo.org/security/en/glsa/glsa-200410-11.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2004:109
http://www.mandriva.com/security/advisories?name=MDKSA-2005:052
http://scary.beasts.org/security/CESA-2004-006.txt
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100114
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8896
http://www.redhat.com/support/errata/RHSA-2004-577.html
http://www.redhat.com/support/errata/RHSA-2005-021.html
http://www.redhat.com/support/errata/RHSA-2005-354.html
http://secunia.com/advisories/12818
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1
SuSE Security Announcement: SUSE-SA:2004:038 (Google Search)
http://www.novell.com/linux/security/advisories/2004_38_libtiff.html
XForce ISS Database: libtiff-library-decoding-bo(17703)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17703
Common Vulnerability Exposure (CVE) ID: CVE-2004-0804
CERT/CC vulnerability note: VU#555304
http://www.kb.cert.org/vuls/id/555304
http://bugzilla.remotesensing.org/show_bug.cgi?id=111
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100115
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11711
XForce ISS Database: libtiff-dos(17755)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17755
Common Vulnerability Exposure (CVE) ID: CVE-2004-0886
CERT/CC vulnerability note: VU#687568
http://www.kb.cert.org/vuls/id/687568
Computer Incident Advisory Center Bulletin: P-015
http://www.ciac.org/ciac/bulletins/p-015.shtml
http://marc.info/?l=bugtraq&m=109779465621929&w=2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100116
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9907
http://securitytracker.com/id?1011674
http://www.trustix.org/errata/2004/0054/
XForce ISS Database: libtiff-bo(17715)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17715

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.51379
Categoría:	Conectiva Local Security Checks
Título:	Conectiva Security Advisory CLA-2004:888
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory CLA-2004:888. libtiff[1] is a library for handling TIFF images. This announcement fixes several integer overflow vulnerabilities that were encountered in libtiff. The fixed vulnerabilities are: CVE-2004-0803: Chris Evans encountered several problems in the RLE (Run Length Encoding) decoders that could lead to an arbitrary code execution vulnerability through a specially crafted image. CVE-2004-0804: Matthias Clasen encountered a division by zero through an integer overflow that could lead to a denial of service vulnerability which could be triggered by a specially crafted image. CVE-2004-0886: Dmitry V. Levin encountered several integer overflows that caused malloc issues which could result in either plain a crash or memory corruption. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://www.libtiff.org http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0803 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0804 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0886 http://www.securityspace.com/smysecure/catid.html?in=CLA-2004:888 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002004 Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0803 BugTraq ID: 11406 http://www.securityfocus.com/bid/11406 Bugtraq: 20041013 CESA-2004-006: libtiff (Google Search) http://marc.info/?l=bugtraq&m=109778785107450&w=2 CERT/CC vulnerability note: VU#948752 http://www.kb.cert.org/vuls/id/948752 Conectiva Linux advisory: CLA-2004:888 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000888 Debian Security Information: DSA-567 (Google Search) http://www.debian.org/security/2004/dsa-567 http://www.gentoo.org/security/en/glsa/glsa-200410-11.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:109 http://www.mandriva.com/security/advisories?name=MDKSA-2005:052 http://scary.beasts.org/security/CESA-2004-006.txt https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100114 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8896 http://www.redhat.com/support/errata/RHSA-2004-577.html http://www.redhat.com/support/errata/RHSA-2005-021.html http://www.redhat.com/support/errata/RHSA-2005-354.html http://secunia.com/advisories/12818 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1 SuSE Security Announcement: SUSE-SA:2004:038 (Google Search) http://www.novell.com/linux/security/advisories/2004_38_libtiff.html XForce ISS Database: libtiff-library-decoding-bo(17703) https://exchange.xforce.ibmcloud.com/vulnerabilities/17703 Common Vulnerability Exposure (CVE) ID: CVE-2004-0804 CERT/CC vulnerability note: VU#555304 http://www.kb.cert.org/vuls/id/555304 http://bugzilla.remotesensing.org/show_bug.cgi?id=111 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100115 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11711 XForce ISS Database: libtiff-dos(17755) https://exchange.xforce.ibmcloud.com/vulnerabilities/17755 Common Vulnerability Exposure (CVE) ID: CVE-2004-0886 CERT/CC vulnerability note: VU#687568 http://www.kb.cert.org/vuls/id/687568 Computer Incident Advisory Center Bulletin: P-015 http://www.ciac.org/ciac/bulletins/p-015.shtml http://marc.info/?l=bugtraq&m=109779465621929&w=2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100116 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9907 http://securitytracker.com/id?1011674 http://www.trustix.org/errata/2004/0054/ XForce ISS Database: libtiff-bo(17715) https://exchange.xforce.ibmcloud.com/vulnerabilities/17715
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com