ID de Prueba:	1.3.6.1.4.1.25623.1.0.72589
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2012:174 (libtiff)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to libtiff announced via advisory MDVSA-2012:174. Multiple vulnerabilities was found and corrected in libtiff: Heap-based buffer overflow in tif_pixarlog.c in LibTIFF before 4.0.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted TIFF image using the PixarLog Compression format (CVE-2012-4447). ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PPM image that triggers an integer overflow, a zero-memory allocation, and a heap-based buffer overflow (CVE-2012-4564). The updated packages have been patched to correct these issues. Affected: 2011., Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2012:174 Risk factor : High
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-4447 49938 http://secunia.com/advisories/49938 51049 http://secunia.com/advisories/51049 55673 http://www.securityfocus.com/bid/55673 DSA-2561 http://www.debian.org/security/2012/dsa-2561 RHSA-2012:1590 http://rhn.redhat.com/errata/RHSA-2012-1590.html USN-1631-1 http://www.ubuntu.com/usn/USN-1631-1 [oss-security] 20120925 CVE Request: libtiff: Heap-buffer overflow when processing a TIFF image with PixarLog Compression http://www.openwall.com/lists/oss-security/2012/09/25/9 [oss-security] 20120925 Re: CVE Request: libtiff: Heap-buffer overflow when processing a TIFF image with PixarLog Compression http://www.openwall.com/lists/oss-security/2012/09/25/14 http://www.remotesensing.org/libtiff/v4.0.3.html https://bugzilla.redhat.com/show_bug.cgi?id=860198 openSUSE-SU-2013:0187 http://lists.opensuse.org/opensuse-updates/2013-01/msg00076.html Common Vulnerability Exposure (CVE) ID: CVE-2012-4564 51133 http://secunia.com/advisories/51133 56372 http://www.securityfocus.com/bid/56372 86878 http://www.osvdb.org/86878 DSA-2575 http://www.debian.org/security/2012/dsa-2575 [oss-security] 20121102 Re: libtiff: Missing return value check in ppm2tiff leading to heap-buffer overflow when reading a tiff file http://www.openwall.com/lists/oss-security/2012/11/02/7 [oss-security] 20121102 libtiff: Missing return value check in ppm2tiff leading to heap-buffer overflow when reading a tiff file http://www.openwall.com/lists/oss-security/2012/11/02/3 https://bugzilla.redhat.com/show_bug.cgi?id=871700 libtiff-ppm2tiff-bo(79750) https://exchange.xforce.ibmcloud.com/vulnerabilities/79750
Copyright	Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.