RedHat Update for libtiff RHSA-2008:0848-01

2009-03-06T00:00:00
ID OPENVAS:1361412562310870146
Type openvas
Reporter Copyright (C) 2009 Greenbone Networks GmbH
Modified 2018-04-06T00:00:00

Description

Check for the Version of libtiff

                                        
                                            ###############################################################################
# OpenVAS Vulnerability Test
#
# RedHat Update for libtiff RHSA-2008:0848-01
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

include("revisions-lib.inc");
tag_insight = "The libtiff packages contain a library of functions for manipulating Tagged
  Image File Format (TIFF) files.

  Multiple uses of uninitialized values were discovered in libtiff's
  Lempel-Ziv-Welch (LZW) compression algorithm decoder. An attacker could
  create a carefully crafted LZW-encoded TIFF file that would cause an
  application linked with libtiff to crash or, possibly, execute arbitrary
  code. (CVE-2008-2327)
  
  Red Hat would like to thank Drew Yao of the Apple Product Security team for
  reporting this issue.
  
  A buffer overflow flaw was discovered in the tiff2pdf conversion program
  distributed with libtiff. An attacker could create a TIFF file containing
  UTF-8 characters that would, when converted to PDF format, cause tiff2pdf
  to crash, or, possibly, execute arbitrary code. (CVE-2006-2193)
  
  Additionally, these updated packages fix the following bug:
  
  * the libtiff packages included manual pages for the sgi2tiff and tiffsv
  commands, which are not included in these packages. These extraneous manual
  pages were removed.
  
  All libtiff users are advised to upgrade to these updated packages, which
  contain backported patches to resolve these issues.";

tag_affected = "libtiff on Red Hat Enterprise Linux AS version 4,
  Red Hat Enterprise Linux ES version 4,
  Red Hat Enterprise Linux WS version 4";
tag_solution = "Please Install the Updated Packages.";



if(description)
{
  script_xref(name : "URL" , value : "https://www.redhat.com/archives/rhsa-announce/2008-August/msg00026.html");
  script_oid("1.3.6.1.4.1.25623.1.0.870146");
  script_version("$Revision: 9370 $");
  script_tag(name:"last_modification", value:"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $");
  script_tag(name:"creation_date", value:"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)");
  script_tag(name:"cvss_base", value:"7.5");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_xref(name: "RHSA", value: "2008:0848-01");
  script_cve_id("CVE-2008-2327", "CVE-2006-2193");
  script_name( "RedHat Update for libtiff RHSA-2008:0848-01");

  script_tag(name:"summary", value:"Check for the Version of libtiff");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
  script_family("Red Hat Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/rhel", "ssh/login/rpms");
  script_tag(name : "affected" , value : tag_affected);
  script_tag(name : "solution" , value : tag_solution);
  script_tag(name : "insight" , value : tag_insight);
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");
  exit(0);
}


include("pkg-lib-rpm.inc");

release = get_kb_item("ssh/login/release");


res = "";
if(release == NULL){
  exit(0);
}

if(release == "RHENT_4")
{

  if ((res = isrpmvuln(pkg:"libtiff", rpm:"libtiff~3.6.1~12.el4_7.2", rls:"RHENT_4")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"libtiff-debuginfo", rpm:"libtiff-debuginfo~3.6.1~12.el4_7.2", rls:"RHENT_4")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"libtiff-devel", rpm:"libtiff-devel~3.6.1~12.el4_7.2", rls:"RHENT_4")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}