Mandrake Local Security Checks : Mandriva Update for libtiff MDVSA-2011:064 (libtiff)

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.831361

Categoría: Mandrake Local Security Checks

Título: Mandriva Update for libtiff MDVSA-2011:064 (libtiff)

Resumen: The remote host is missing an update for the 'libtiff'; package(s) announced via the referenced advisory.

Descripción: Summary:
The remote host is missing an update for the 'libtiff'
package(s) announced via the referenced advisory.

Vulnerability Insight:
Multiple vulnerabilities were discovered and corrected in libtiff:

Buffer overflow in LibTIFF allows remote attackers to execute arbitrary
code or cause a denial of service (application crash) via a crafted
TIFF image with JPEG encoding (CVE-2011-0191).

Heap-based buffer overflow in the thunder (aka ThunderScan) decoder
in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote attackers
to execute arbitrary code via crafted THUNDER_2BITDELTAS data in a
.tiff file that has an unexpected BitsPerSample value (CVE-2011-1167).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. The updated packages have been patched to correct these issues.

Affected Software/OS:
libtiff on Mandriva Linux 2009.0,
Mandriva Linux 2009.0/X86_64,
Mandriva Linux 2010.0,
Mandriva Linux 2010.0/X86_64,
Mandriva Linux 2010.1,
Mandriva Linux 2010.1/X86_64,
Mandriva Enterprise Server 5,
Mandriva Enterprise Server 5/X86_64

Solution:
Please Install the Updated Packages.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-0191
http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html
http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html
http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html
http://lists.apple.com/archives/security-announce/2011//Mar/msg00005.html
http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
BugTraq ID: 46657
http://www.securityfocus.com/bid/46657
Debian Security Information: DSA-2210 (Google Search)
http://www.debian.org/security/2011/dsa-2210
http://www.mandriva.com/security/advisories?name=MDVSA-2011:064
http://secunia.com/advisories/43934
SuSE Security Announcement: SUSE-SR:2011:005 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
SuSE Security Announcement: SUSE-SR:2011:009 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
http://www.vupen.com/english/advisories/2011/0845
http://www.vupen.com/english/advisories/2011/0859
Common Vulnerability Exposure (CVE) ID: CVE-2011-1167
http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
BugTraq ID: 46951
http://www.securityfocus.com/bid/46951
Bugtraq: 20110321 ZDI-11-107: Libtiff ThunderCode Decoder THUNDER_2BITDELTAS Remote Code Execution Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/517101/100/0/threaded
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057840.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057763.html
http://security.gentoo.org/glsa/glsa-201209-02.xml
http://www.zerodayinitiative.com/advisories/ZDI-11-107
http://www.osvdb.org/71256
http://www.redhat.com/support/errata/RHSA-2011-0392.html
http://www.securitytracker.com/id?1025257
http://secunia.com/advisories/43900
http://secunia.com/advisories/43974
http://secunia.com/advisories/44117
http://secunia.com/advisories/44135
http://secunia.com/advisories/50726
http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.587820
http://securityreason.com/securityalert/8165
http://ubuntu.com/usn/usn-1102-1
http://www.vupen.com/english/advisories/2011/0795
http://www.vupen.com/english/advisories/2011/0860
http://www.vupen.com/english/advisories/2011/0905
http://www.vupen.com/english/advisories/2011/0930
http://www.vupen.com/english/advisories/2011/0960
XForce ISS Database: libtiff-thundercode-decoder-bo(66247)
https://exchange.xforce.ibmcloud.com/vulnerabilities/66247

Copyright Copyright (c) 2011 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.831361
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Update for libtiff MDVSA-2011:064 (libtiff)
Resumen:	The remote host is missing an update for the 'libtiff'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'libtiff' package(s) announced via the referenced advisory. Vulnerability Insight: Multiple vulnerabilities were discovered and corrected in libtiff: Buffer overflow in LibTIFF allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with JPEG encoding (CVE-2011-0191). Heap-based buffer overflow in the thunder (aka ThunderScan) decoder in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote attackers to execute arbitrary code via crafted THUNDER_2BITDELTAS data in a .tiff file that has an unexpected BitsPerSample value (CVE-2011-1167). Packages for 2009.0 are provided as of the Extended Maintenance Program. The updated packages have been patched to correct these issues. Affected Software/OS: libtiff on Mandriva Linux 2009.0, Mandriva Linux 2009.0/X86_64, Mandriva Linux 2010.0, Mandriva Linux 2010.0/X86_64, Mandriva Linux 2010.1, Mandriva Linux 2010.1/X86_64, Mandriva Enterprise Server 5, Mandriva Enterprise Server 5/X86_64 Solution: Please Install the Updated Packages. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-0191 http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html http://lists.apple.com/archives/security-announce/2011//Mar/msg00005.html http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html BugTraq ID: 46657 http://www.securityfocus.com/bid/46657 Debian Security Information: DSA-2210 (Google Search) http://www.debian.org/security/2011/dsa-2210 http://www.mandriva.com/security/advisories?name=MDVSA-2011:064 http://secunia.com/advisories/43934 SuSE Security Announcement: SUSE-SR:2011:005 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html SuSE Security Announcement: SUSE-SR:2011:009 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html http://www.vupen.com/english/advisories/2011/0845 http://www.vupen.com/english/advisories/2011/0859 Common Vulnerability Exposure (CVE) ID: CVE-2011-1167 http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html http://lists.apple.com/archives/security-announce/2012/May/msg00001.html http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html BugTraq ID: 46951 http://www.securityfocus.com/bid/46951 Bugtraq: 20110321 ZDI-11-107: Libtiff ThunderCode Decoder THUNDER_2BITDELTAS Remote Code Execution Vulnerability (Google Search) http://www.securityfocus.com/archive/1/517101/100/0/threaded http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057840.html http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057763.html http://security.gentoo.org/glsa/glsa-201209-02.xml http://www.zerodayinitiative.com/advisories/ZDI-11-107 http://www.osvdb.org/71256 http://www.redhat.com/support/errata/RHSA-2011-0392.html http://www.securitytracker.com/id?1025257 http://secunia.com/advisories/43900 http://secunia.com/advisories/43974 http://secunia.com/advisories/44117 http://secunia.com/advisories/44135 http://secunia.com/advisories/50726 http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.587820 http://securityreason.com/securityalert/8165 http://ubuntu.com/usn/usn-1102-1 http://www.vupen.com/english/advisories/2011/0795 http://www.vupen.com/english/advisories/2011/0860 http://www.vupen.com/english/advisories/2011/0905 http://www.vupen.com/english/advisories/2011/0930 http://www.vupen.com/english/advisories/2011/0960 XForce ISS Database: libtiff-thundercode-decoder-bo(66247) https://exchange.xforce.ibmcloud.com/vulnerabilities/66247
Copyright	Copyright (c) 2011 Greenbone Networks GmbH