Mandriva Linux Security Advisory : libtiff (MDVSA-2011:043)

high Nessus Plugin ID 52592

Synopsis

The remote Mandriva Linux host is missing one or more security updates.

Description

A buffer overflow was discovered in libtiff which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with CCITT Group 4 encoding (CVE-2011-0192).

Additionally it was discovered that the fixes for CVE-2009-2347 and CVE-2010-2065 were incomplete for Mandriva Linux 2010.0 and 2010.2 and being resolved as well.

Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149 products_id=490

The updated packages have been patched to correct these issues.

Solution

Update the affected packages.

See Also

https://support.apple.com/en-us/HT4554

Plugin Details

Severity: High

ID: 52592

File Name: mandriva_MDVSA-2011-043.nasl

Version: 1.13

Type: local

Published: 3/9/2011

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:lib64tiff-devel, p-cpe:/a:mandriva:linux:lib64tiff-static-devel, p-cpe:/a:mandriva:linux:lib64tiff3, p-cpe:/a:mandriva:linux:lib64tiff3-devel, p-cpe:/a:mandriva:linux:lib64tiff3-static-devel, p-cpe:/a:mandriva:linux:libtiff-devel, p-cpe:/a:mandriva:linux:libtiff-progs, p-cpe:/a:mandriva:linux:libtiff-static-devel, p-cpe:/a:mandriva:linux:libtiff3, p-cpe:/a:mandriva:linux:libtiff3-devel, p-cpe:/a:mandriva:linux:libtiff3-static-devel, cpe:/o:mandriva:linux:2009.0, cpe:/o:mandriva:linux:2010.0, cpe:/o:mandriva:linux:2010.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 3/8/2011

Reference Information

CVE: CVE-2009-2347, CVE-2010-2065, CVE-2011-0192

BID: 35652, 41011, 46658

CWE: 189

MDVSA: 2011:043