Test Kennung:	1.3.6.1.4.1.25623.1.0.64502
Kategorie:	Mandrake Local Security Checks
Titel:	Mandrake Security Advisory MDVSA-2009:169 (libtiff)
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing an update to libtiff announced via advisory MDVSA-2009:169. Multiple vulnerabilities has been found and corrected in libtiff: Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327 (CVE-2009-2285). Fix several places in tiff2rgba and rgb2ycbcr that were being careless about possible integer overflow in calculation of buffer sizes (CVE-2009-2347). This update provides fixes for these vulnerabilities. Affected: Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2009:169 CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2008-2327 http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html BugTraq ID: 30832 http://www.securityfocus.com/bid/30832 Bugtraq: 20080905 rPSA-2008-0268-1 libtiff (Google Search) http://www.securityfocus.com/archive/1/496033/100/0/threaded Bugtraq: 20081031 VMSA-2008-0017 Updated ESX packages for libxml2, ucd-snmp, libtiff (Google Search) http://www.securityfocus.com/archive/1/497962/100/0/threaded Cert/CC Advisory: TA08-260A http://www.us-cert.gov/cas/techalerts/TA08-260A.html Debian Security Information: DSA-1632 (Google Search) http://www.debian.org/security/2008/dsa-1632 https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00102.html https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00121.html http://security.gentoo.org/glsa/glsa-200809-07.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:184 http://www.vmware.com/security/advisories/VMSA-2008-0017.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11489 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5514 http://www.redhat.com/support/errata/RHSA-2008-0847.html http://www.redhat.com/support/errata/RHSA-2008-0848.html http://www.redhat.com/support/errata/RHSA-2008-0863.html http://www.securitytracker.com/id?1020750 http://secunia.com/advisories/31610 http://secunia.com/advisories/31623 http://secunia.com/advisories/31668 http://secunia.com/advisories/31670 http://secunia.com/advisories/31698 http://secunia.com/advisories/31838 http://secunia.com/advisories/31882 http://secunia.com/advisories/31982 http://secunia.com/advisories/32706 http://secunia.com/advisories/32756 http://sunsolve.sun.com/search/document.do?assetkey=1-26-265030-1 SuSE Security Announcement: SUSE-SR:2008:018 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html http://www.ubuntu.com/usn/usn-639-1 http://www.vupen.com/english/advisories/2008/2438 http://www.vupen.com/english/advisories/2008/2584 http://www.vupen.com/english/advisories/2008/2776 http://www.vupen.com/english/advisories/2008/2971 http://www.vupen.com/english/advisories/2008/3107 http://www.vupen.com/english/advisories/2008/3232 http://www.vupen.com/english/advisories/2009/2143 Common Vulnerability Exposure (CVE) ID: CVE-2009-2285 http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html http://lists.apple.com/archives/security-announce/2010/Feb/msg00000.html http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.html Debian Security Information: DSA-1835 (Google Search) http://www.debian.org/security/2009/dsa-1835 https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00142.html https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00161.html https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00230.html https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00655.html https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00714.html http://security.gentoo.org/glsa/glsa-200908-03.xml http://www.lan.st/showthread.php?t=1856&page=3 http://www.openwall.com/lists/oss-security/2009/06/22/1 http://www.openwall.com/lists/oss-security/2009/06/23/1 http://www.openwall.com/lists/oss-security/2009/06/29/5 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10145 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7049 http://www.redhat.com/support/errata/RHSA-2009-1159.html http://secunia.com/advisories/35695 http://secunia.com/advisories/35716 http://secunia.com/advisories/35866 http://secunia.com/advisories/35883 http://secunia.com/advisories/35912 http://secunia.com/advisories/36194 http://secunia.com/advisories/36831 http://secunia.com/advisories/38241 http://secunia.com/advisories/39135 http://sunsolve.sun.com/search/document.do?assetkey=1-66-267808-1 https://usn.ubuntu.com/797-1/ http://www.vupen.com/english/advisories/2009/1637 http://www.vupen.com/english/advisories/2009/2727 http://www.vupen.com/english/advisories/2009/3184 http://www.vupen.com/english/advisories/2010/0173 Common Vulnerability Exposure (CVE) ID: CVE-2009-2347 BugTraq ID: 35652 http://www.securityfocus.com/bid/35652 Bugtraq: 20090713 [oCERT-2009-012] libtiff tools integer overflows (Google Search) http://www.securityfocus.com/archive/1/504892/100/0/threaded https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00663.html https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00724.html http://security.gentoo.org/glsa/glsa-201209-02.xml http://www.mandriva.com/security/advisories?name=MDVSA-2009:150 http://www.mandriva.com/security/advisories?name=MDVSA-2011:043 http://www.ocert.org/advisories/ocert-2009-012.html http://osvdb.org/55821 http://osvdb.org/55822 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10988 http://www.securitytracker.com/id?1022539 http://secunia.com/advisories/35811 http://secunia.com/advisories/35817 http://secunia.com/advisories/35911 http://secunia.com/advisories/50726 http://www.ubuntu.com/usn/USN-801-1 http://www.vupen.com/english/advisories/2009/1870 http://www.vupen.com/english/advisories/2011/0621 XForce ISS Database: libtiff-rgb2ycbcr-tiff2rgba-bo(51688) https://exchange.xforce.ibmcloud.com/vulnerabilities/51688
Copyright	Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.