Executive Summary
Summary | |
---|---|
Title | libtiff security update |
Informations | |||
---|---|---|---|
Name | RHSA-2010:0520 | First vendor Publication | 2010-07-08 |
Vendor | RedHat | Last vendor Modification | 2010-07-08 |
Severity (Vendor) | Important | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 6.8 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated libtiff packages that fix two security issues are now available for Red Hat Enterprise Linux 3. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Description: The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Multiple integer overflow flaws, leading to a buffer overflow, were discovered in libtiff. An attacker could use these flaws to create a specially-crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. (CVE-2010-1411) An input validation flaw was discovered in libtiff. An attacker could use this flaw to create a specially-crafted TIFF file that, when opened, would cause an application linked against libtiff to crash. (CVE-2010-2598) Red Hat would like to thank Apple Product Security for responsibly reporting the CVE-2010-1411 flaw, who credit Kevin Finisterre of digitalmunition.com for the discovery of the issue. All libtiff users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. All running applications linked against libtiff must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 592361 - CVE-2010-1411 libtiff: integer overflows leading to heap overflow in Fax3SetupState 610786 - CVE-2010-2598 libtiff: crash when reading image with not configured compression |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2010-0520.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
50 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:12688 | |||
Oval ID: | oval:org.mitre.oval:def:12688 | ||
Title: | DSA-2084-1 tiff -- integer overflows | ||
Description: | Kevin Finisterre discovered that several integer overflows in the TIFF library could lead to the execution of arbitrary code. For the stable distribution, this problem has been fixed in version 3.8.2-11.3. For the unstable distribution, this problem has been fixed in version 3.9.4-1. We recommend that you upgrade your tiff packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2084-1 CVE-2010-1411 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | tiff |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-09-26 | Name : Gentoo Security Advisory GLSA 201209-02 (tiff) File : nvt/glsa_201209_02.nasl |
2011-08-09 | Name : CentOS Update for libtiff CESA-2010:0519 centos5 i386 File : nvt/gb_CESA-2010_0519_libtiff_centos5_i386.nasl |
2011-05-06 | Name : Fedora Update for mingw32-libtiff FEDORA-2011-5955 File : nvt/gb_fedora_2011_5955_mingw32-libtiff_fc13.nasl |
2011-04-19 | Name : Fedora Update for libtiff FEDORA-2011-3827 File : nvt/gb_fedora_2011_3827_libtiff_fc13.nasl |
2011-03-24 | Name : Ubuntu Update for tiff regression USN-1085-2 File : nvt/gb_ubuntu_USN_1085_2.nasl |
2011-03-15 | Name : Ubuntu Update for tiff vulnerabilities USN-1085-1 File : nvt/gb_ubuntu_USN_1085_1.nasl |
2010-08-21 | Name : Debian Security Advisory DSA 2084-1 (tiff) File : nvt/deb_2084_1.nasl |
2010-08-20 | Name : CentOS Update for libtiff CESA-2010:0520 centos3 i386 File : nvt/gb_CESA-2010_0520_libtiff_centos3_i386.nasl |
2010-08-09 | Name : Mandriva Update for libtiff MDVSA-2010:146 (libtiff) File : nvt/gb_mandriva_MDVSA_2010_146.nasl |
2010-08-09 | Name : Mandriva Update for libtiff MDVSA-2010:145 (libtiff) File : nvt/gb_mandriva_MDVSA_2010_145.nasl |
2010-07-12 | Name : Fedora Update for mingw32-libtiff FEDORA-2010-10460 File : nvt/gb_fedora_2010_10460_mingw32-libtiff_fc13.nasl |
2010-07-12 | Name : Fedora Update for mingw32-libtiff FEDORA-2010-10469 File : nvt/gb_fedora_2010_10469_mingw32-libtiff_fc12.nasl |
2010-07-12 | Name : RedHat Update for libtiff RHSA-2010:0520-01 File : nvt/gb_RHSA-2010_0520-01_libtiff.nasl |
2010-07-12 | Name : RedHat Update for libtiff RHSA-2010:0519-01 File : nvt/gb_RHSA-2010_0519-01_libtiff.nasl |
2010-07-06 | Name : Fedora Update for libtiff FEDORA-2010-10333 File : nvt/gb_fedora_2010_10333_libtiff_fc12.nasl |
2010-07-06 | Name : FreeBSD Ports: tiff File : nvt/freebsd_tiff6.nasl |
2010-07-02 | Name : Fedora Update for libtiff FEDORA-2010-10334 File : nvt/gb_fedora_2010_10334_libtiff_fc13.nasl |
2010-06-25 | Name : Fedora Update for libtiff FEDORA-2010-10359 File : nvt/gb_fedora_2010_10359_libtiff_fc11.nasl |
2010-06-25 | Name : Ubuntu Update for tiff vulnerabilities USN-954-1 File : nvt/gb_ubuntu_USN_954_1.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2010-180-02 libtiff File : nvt/esoft_slk_ssa_2010_180_02.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
65972 | LibTIFF on RHEL Unconfigured Compression Functionality Downsampled OJPEG Inpu... |
65296 | Apple Safari ImageIO TIFF File Handling Multiple Overflows |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0520.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0519.nasl - Type : ACT_GATHER_INFO |
2012-09-24 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201209-02.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100708_libtiff_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2011-03-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1085-2.nasl - Type : ACT_GATHER_INFO |
2011-03-08 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1085-1.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_libtiff-7052.nasl - Type : ACT_GATHER_INFO |
2010-08-17 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0520.nasl - Type : ACT_GATHER_INFO |
2010-08-09 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-146.nasl - Type : ACT_GATHER_INFO |
2010-08-09 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-145.nasl - Type : ACT_GATHER_INFO |
2010-08-04 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2084.nasl - Type : ACT_GATHER_INFO |
2010-07-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0520.nasl - Type : ACT_GATHER_INFO |
2010-07-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0519.nasl - Type : ACT_GATHER_INFO |
2010-07-16 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0519.nasl - Type : ACT_GATHER_INFO |
2010-07-07 | Name : The remote Fedora host is missing a security update. File : fedora_2010-10469.nasl - Type : ACT_GATHER_INFO |
2010-07-07 | Name : The remote Fedora host is missing a security update. File : fedora_2010-10460.nasl - Type : ACT_GATHER_INFO |
2010-07-06 | Name : The remote Fedora host is missing a security update. File : fedora_2010-10333.nasl - Type : ACT_GATHER_INFO |
2010-07-02 | Name : The remote Fedora host is missing a security update. File : fedora_2010-10334.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-10359.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2010-180-02.nasl - Type : ACT_GATHER_INFO |
2010-06-22 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-954-1.nasl - Type : ACT_GATHER_INFO |
2010-06-17 | Name : The remote host contains a multimedia application that has multiple vulnerabi... File : itunes_9_2_banner.nasl - Type : ACT_GATHER_INFO |
2010-06-17 | Name : The remote host contains an application that is affected by multiple vulnerab... File : itunes_9_2.nasl - Type : ACT_GATHER_INFO |
2010-06-15 | Name : The remote host is missing a Mac OS X update that fixes a security issue. File : macosx_SecUpd2010-004.nasl - Type : ACT_GATHER_INFO |
2010-06-15 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_6_4.nasl - Type : ACT_GATHER_INFO |
2010-06-15 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12618.nasl - Type : ACT_GATHER_INFO |
2010-06-15 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_libtiff-devel-100525.nasl - Type : ACT_GATHER_INFO |
2010-06-15 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_libtiff-devel-100524.nasl - Type : ACT_GATHER_INFO |
2010-06-15 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_libtiff-devel-100525.nasl - Type : ACT_GATHER_INFO |
2010-06-14 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_313da7dc763b11dfbcce0018f3e2eb82.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:53:36 |
|