Scientific Linux Security Update : libtiff on SL4.x i386/x86_64

This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.

Synopsis :

The remote Scientific Linux host is missing one or more security

Description :

A heap-based buffer overflow flaw was found in the way libtiff
processed certain TIFF files encoded with a 4-bit run-length encoding
scheme from ThunderScan. An attacker could use this flaw to create a
specially crafted TIFF file that, when opened, would cause an
application linked against libtiff to crash or, possibly, execute
arbitrary code. (CVE-2011-1167)

This update also fixes the following bug :

- A prior libtiff update introduced a regression that
prevented certain TIFF Internet Fax image files,
compressed with the CCITT Group 4 compression algorithm,
from being read. (BZ#688825)

See also :

Solution :

Update the affected libtiff and / or libtiff-devel packages.

Risk factor :

Medium / CVSS Base Score : 6.8

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 60999 ()

Bugtraq ID:

CVE ID: CVE-2011-1167

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now