RedHat Update for libtiff RHSA-2008:0848-01

RedHat Update for libtiff RHSA-2008:0848-01 - Multiple security vulnerabilities and bug fi

Reporter	Title	Published	Views	Family All 158
ALT Linux	Security fix for the ALT Linux 10 package libtiff version 3.8.2-alt2	31 Aug 200800:00	–	altlinux
ALT Linux	Security fix for the ALT Linux 5 package libtiff version 3.8.2-alt2	31 Aug 200800:00	–	altlinux
Tenable Nessus	Mac OS X < 10.5.5 Multiple Vulnerabilities	16 Sep 200800:00	–	nessus
Tenable Nessus	Safari < 3.2 Multiple Vulnerabilities	14 Nov 200800:00	–	nessus
Tenable Nessus	CentOS 5 : libtiff (CESA-2008:0847)	6 Jan 201000:00	–	nessus
Tenable Nessus	CentOS 4 : libtiff (CESA-2008:0848)	29 Jun 201300:00	–	nessus
Tenable Nessus	CentOS 3 : libtiff (CESA-2008:0863)	30 Aug 200800:00	–	nessus
Tenable Nessus	Debian DSA-1091-1 : tiff - buffer overflows	14 Oct 200600:00	–	nessus
Tenable Nessus	Debian DSA-1632-1 : tiff - buffer underflow	27 Aug 200800:00	–	nessus
Tenable Nessus	Fedora Core 5 : libtiff-3.8.2-1.fc5 (2006-952)	17 Jan 200700:00	–	nessus

Source	Link
redhat	www.redhat.com/archives/rhsa-announce/2008-August/msg00026.html

###############################################################################
# OpenVAS Vulnerability Test
#
# RedHat Update for libtiff RHSA-2008:0848-01
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

include("revisions-lib.inc");
tag_insight = "The libtiff packages contain a library of functions for manipulating Tagged
  Image File Format (TIFF) files.

  Multiple uses of uninitialized values were discovered in libtiff's
  Lempel-Ziv-Welch (LZW) compression algorithm decoder. An attacker could
  create a carefully crafted LZW-encoded TIFF file that would cause an
  application linked with libtiff to crash or, possibly, execute arbitrary
  code. (CVE-2008-2327)
  
  Red Hat would like to thank Drew Yao of the Apple Product Security team for
  reporting this issue.
  
  A buffer overflow flaw was discovered in the tiff2pdf conversion program
  distributed with libtiff. An attacker could create a TIFF file containing
  UTF-8 characters that would, when converted to PDF format, cause tiff2pdf
  to crash, or, possibly, execute arbitrary code. (CVE-2006-2193)
  
  Additionally, these updated packages fix the following bug:
  
  * the libtiff packages included manual pages for the sgi2tiff and tiffsv
  commands, which are not included in these packages. These extraneous manual
  pages were removed.
  
  All libtiff users are advised to upgrade to these updated packages, which
  contain backported patches to resolve these issues.";

tag_affected = "libtiff on Red Hat Enterprise Linux AS version 4,
  Red Hat Enterprise Linux ES version 4,
  Red Hat Enterprise Linux WS version 4";
tag_solution = "Please Install the Updated Packages.";



if(description)
{
  script_xref(name : "URL" , value : "https://www.redhat.com/archives/rhsa-announce/2008-August/msg00026.html");
  script_id(870146);
  script_version("$Revision: 6683 $");
  script_tag(name:"last_modification", value:"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $");
  script_tag(name:"creation_date", value:"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)");
  script_tag(name:"cvss_base", value:"7.5");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_xref(name: "RHSA", value: "2008:0848-01");
  script_cve_id("CVE-2008-2327", "CVE-2006-2193");
  script_name( "RedHat Update for libtiff RHSA-2008:0848-01");

  script_summary("Check for the Version of libtiff");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
  script_family("Red Hat Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/rhel", "ssh/login/rpms");
  script_tag(name : "affected" , value : tag_affected);
  script_tag(name : "solution" , value : tag_solution);
  script_tag(name : "insight" , value : tag_insight);
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");
  exit(0);
}


include("pkg-lib-rpm.inc");

release = get_kb_item("ssh/login/release");


res = "";
if(release == NULL){
  exit(0);
}

if(release == "RHENT_4")
{

  if ((res = isrpmvuln(pkg:"libtiff", rpm:"libtiff~3.6.1~12.el4_7.2", rls:"RHENT_4")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"libtiff-debuginfo", rpm:"libtiff-debuginfo~3.6.1~12.el4_7.2", rls:"RHENT_4")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"libtiff-devel", rpm:"libtiff-devel~3.6.1~12.el4_7.2", rls:"RHENT_4")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}

12 Jul 2017 00:00Current

0.1Low risk

Vulners AI Score0.1

EPSS0.05358