Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.69350 |
Kategorie: | Ubuntu Local Security Checks |
Titel: | Ubuntu USN-1085-2 (tiff) |
Zusammenfassung: | NOSUMMARY |
Beschreibung: | Description: The remote host is missing an update to tiff announced via advisory USN-1085-2. Details follow: USN-1085-1 fixed vulnerabilities in the system TIFF library. The upstream fixes were incomplete and created problems for certain CCITTFAX4 files. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Sauli Pahlman discovered that the TIFF library incorrectly handled invalid td_stripbytecount fields. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service. This issue only affected Ubuntu 10.04 LTS and 10.10. (CVE-2010-2482) Sauli Pahlman discovered that the TIFF library incorrectly handled TIFF files with an invalid combination of SamplesPerPixel and Photometric values. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service. This issue only affected Ubuntu 10.10. (CVE-2010-2482) Nicolae Ghimbovschi discovered that the TIFF library incorrectly handled invalid ReferenceBlackWhite values. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service. (CVE-2010-2595) Sauli Pahlman discovered that the TIFF library incorrectly handled certain default fields. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service. (CVE-2010-2597, CVE-2010-2598) It was discovered that the TIFF library incorrectly validated certain data types. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service. (CVE-2010-2630) It was discovered that the TIFF library incorrectly handled downsampled JPEG data. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could execute arbitrary code with user privileges, or crash the application, leading to a denial of service. This issue only affected Ubuntu 10.04 LTS and 10.10. (CVE-2010-3087) It was discovered that the TIFF library incorrectly handled certain JPEG data. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could execute arbitrary code with user privileges, or crash the application, leading to a denial of service. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS and 9.10. (CVE-2011-0191) It was discovered that the TIFF library incorrectly handled certain TIFF FAX images. If a user or automated system were tricked into opening a specially crafted TIFF FAX image, a remote attacker could execute arbitrary code with user privileges, or crash the application, leading to a denial of service. (CVE-2011-0191) Solution: The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libtiff4 3.7.4-1ubuntu3.10 Ubuntu 8.04 LTS: libtiff4 3.8.2-7ubuntu3.8 Ubuntu 9.10: libtiff4 3.8.2-13ubuntu0.5 Ubuntu 10.04 LTS: libtiff4 3.9.2-2ubuntu0.5 Ubuntu 10.10: libtiff4 3.9.4-2ubuntu0.2 After a standard system update you need to restart your session to make all the necessary changes. http://www.securityspace.com/smysecure/catid.html?in=USN-1085-2 Risk factor : Critical CVSS Score: 9.3 |
Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2010-2482 Debian Security Information: DSA-2552 (Google Search) http://www.debian.org/security/2012/dsa-2552 http://security.gentoo.org/glsa/glsa-201209-02.xml http://marc.info/?l=oss-security&m=127736307002102&w=2 http://marc.info/?l=oss-security&m=127738540902757&w=2 http://www.openwall.com/lists/oss-security/2010/06/30/22 http://marc.info/?l=oss-security&m=127797353202873&w=2 http://secunia.com/advisories/40422 http://secunia.com/advisories/50726 Common Vulnerability Exposure (CVE) ID: CVE-2010-2595 http://marc.info/?l=oss-security&m=127731610612908&w=2 http://www.redhat.com/support/errata/RHSA-2010-0519.html http://secunia.com/advisories/40527 http://www.vupen.com/english/advisories/2010/1761 Common Vulnerability Exposure (CVE) ID: CVE-2010-2597 Common Vulnerability Exposure (CVE) ID: CVE-2010-2598 http://www.redhat.com/support/errata/RHSA-2010-0520.html http://secunia.com/advisories/40536 Common Vulnerability Exposure (CVE) ID: CVE-2010-2630 Common Vulnerability Exposure (CVE) ID: CVE-2010-3087 SuSE Security Announcement: SUSE-SR:2010:017 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html Common Vulnerability Exposure (CVE) ID: CVE-2011-0191 http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html http://lists.apple.com/archives/security-announce/2011//Mar/msg00005.html http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html BugTraq ID: 46657 http://www.securityfocus.com/bid/46657 Debian Security Information: DSA-2210 (Google Search) http://www.debian.org/security/2011/dsa-2210 http://www.mandriva.com/security/advisories?name=MDVSA-2011:064 http://secunia.com/advisories/43934 SuSE Security Announcement: SUSE-SR:2011:005 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html SuSE Security Announcement: SUSE-SR:2011:009 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html http://www.vupen.com/english/advisories/2011/0845 http://www.vupen.com/english/advisories/2011/0859 |
Copyright | Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |