ID OPENVAS:870146 Type openvas Reporter Copyright (C) 2009 Greenbone Networks GmbH Modified 2017-07-12T00:00:00
Description
Check for the Version of libtiff
###############################################################################
# OpenVAS Vulnerability Test
#
# RedHat Update for libtiff RHSA-2008:0848-01
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
include("revisions-lib.inc");
tag_insight = "The libtiff packages contain a library of functions for manipulating Tagged
Image File Format (TIFF) files.
Multiple uses of uninitialized values were discovered in libtiff's
Lempel-Ziv-Welch (LZW) compression algorithm decoder. An attacker could
create a carefully crafted LZW-encoded TIFF file that would cause an
application linked with libtiff to crash or, possibly, execute arbitrary
code. (CVE-2008-2327)
Red Hat would like to thank Drew Yao of the Apple Product Security team for
reporting this issue.
A buffer overflow flaw was discovered in the tiff2pdf conversion program
distributed with libtiff. An attacker could create a TIFF file containing
UTF-8 characters that would, when converted to PDF format, cause tiff2pdf
to crash, or, possibly, execute arbitrary code. (CVE-2006-2193)
Additionally, these updated packages fix the following bug:
* the libtiff packages included manual pages for the sgi2tiff and tiffsv
commands, which are not included in these packages. These extraneous manual
pages were removed.
All libtiff users are advised to upgrade to these updated packages, which
contain backported patches to resolve these issues.";
tag_affected = "libtiff on Red Hat Enterprise Linux AS version 4,
Red Hat Enterprise Linux ES version 4,
Red Hat Enterprise Linux WS version 4";
tag_solution = "Please Install the Updated Packages.";
if(description)
{
script_xref(name : "URL" , value : "https://www.redhat.com/archives/rhsa-announce/2008-August/msg00026.html");
script_id(870146);
script_version("$Revision: 6683 $");
script_tag(name:"last_modification", value:"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $");
script_tag(name:"creation_date", value:"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)");
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_xref(name: "RHSA", value: "2008:0848-01");
script_cve_id("CVE-2008-2327", "CVE-2006-2193");
script_name( "RedHat Update for libtiff RHSA-2008:0848-01");
script_summary("Check for the Version of libtiff");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
script_family("Red Hat Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/rhel", "ssh/login/rpms");
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "insight" , value : tag_insight);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("pkg-lib-rpm.inc");
release = get_kb_item("ssh/login/release");
res = "";
if(release == NULL){
exit(0);
}
if(release == "RHENT_4")
{
if ((res = isrpmvuln(pkg:"libtiff", rpm:"libtiff~3.6.1~12.el4_7.2", rls:"RHENT_4")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libtiff-debuginfo", rpm:"libtiff-debuginfo~3.6.1~12.el4_7.2", rls:"RHENT_4")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libtiff-devel", rpm:"libtiff-devel~3.6.1~12.el4_7.2", rls:"RHENT_4")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
{"id": "OPENVAS:870146", "type": "openvas", "bulletinFamily": "scanner", "title": "RedHat Update for libtiff RHSA-2008:0848-01", "description": "Check for the Version of libtiff", "published": "2009-03-06T00:00:00", "modified": "2017-07-12T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=870146", "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "references": ["2008:0848-01", "https://www.redhat.com/archives/rhsa-announce/2008-August/msg00026.html"], "cvelist": ["CVE-2008-2327", "CVE-2006-2193"], "lastseen": "2017-07-27T10:55:34", "viewCount": 0, "enchantments": {"score": {"value": 6.8, "vector": "NONE", "modified": "2017-07-27T10:55:34", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-2327", "CVE-2006-2193"]}, {"type": "centos", "idList": ["CESA-2008:0848", "CESA-2008:0863-01", "CESA-2008:0863", "CESA-2008:0847"]}, {"type": "nessus", "idList": ["UBUNTU_USN-639-1.NASL", "SL_20080828_LIBTIFF_ON_SL3_X.NASL", "SUSE9_12229.NASL", "SUSE_11_0_LIBTIFF-080820.NASL", "CENTOS_RHSA-2008-0848.NASL", "MANDRAKE_MDKSA-2006-102.NASL", "ORACLELINUX_ELSA-2008-0863.NASL", "ORACLELINUX_ELSA-2008-0848.NASL", "REDHAT-RHSA-2008-0848.NASL", "CENTOS_RHSA-2008-0863.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2008-0863", "ELSA-2008-0848", "ELSA-2008-0847"]}, {"type": "openvas", "idList": ["OPENVAS:840355", "OPENVAS:880255", "OPENVAS:1361412562310870146", "OPENVAS:1361412562310880275", "OPENVAS:61589", "OPENVAS:1361412562310122557", "OPENVAS:136141256231065870", "OPENVAS:860370", "OPENVAS:1361412562310880159", "OPENVAS:136141256231065597"]}, {"type": "redhat", "idList": ["RHSA-2008:0863", "RHSA-2008:0847", "RHSA-2008:0848"]}, {"type": "osvdb", "idList": ["OSVDB:26031"]}, {"type": "seebug", "idList": ["SSV:3922"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1091-1:7FC74", "DEBIAN:DSA-1632-1:15151"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:20451", "SECURITYVULNS:VULN:9262"]}, {"type": "gentoo", "idList": ["GLSA-200809-07", "GLSA-200607-03"]}, {"type": "ubuntu", "idList": ["USN-639-1", "USN-289-1"]}, {"type": "vmware", "idList": ["VMSA-2008-0017"]}], "modified": "2017-07-27T10:55:34", "rev": 2}, "vulnersScore": 6.8}, "pluginID": "870146", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for libtiff RHSA-2008:0848-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The libtiff packages contain a library of functions for manipulating Tagged\n Image File Format (TIFF) files.\n\n Multiple uses of uninitialized values were discovered in libtiff's\n Lempel-Ziv-Welch (LZW) compression algorithm decoder. An attacker could\n create a carefully crafted LZW-encoded TIFF file that would cause an\n application linked with libtiff to crash or, possibly, execute arbitrary\n code. (CVE-2008-2327)\n \n Red Hat would like to thank Drew Yao of the Apple Product Security team for\n reporting this issue.\n \n A buffer overflow flaw was discovered in the tiff2pdf conversion program\n distributed with libtiff. An attacker could create a TIFF file containing\n UTF-8 characters that would, when converted to PDF format, cause tiff2pdf\n to crash, or, possibly, execute arbitrary code. (CVE-2006-2193)\n \n Additionally, these updated packages fix the following bug:\n \n * the libtiff packages included manual pages for the sgi2tiff and tiffsv\n commands, which are not included in these packages. These extraneous manual\n pages were removed.\n \n All libtiff users are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"libtiff on Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-August/msg00026.html\");\n script_id(870146);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2008:0848-01\");\n script_cve_id(\"CVE-2008-2327\", \"CVE-2006-2193\");\n script_name( \"RedHat Update for libtiff RHSA-2008:0848-01\");\n\n script_summary(\"Check for the Version of libtiff\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtiff\", rpm:\"libtiff~3.6.1~12.el4_7.2\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff-debuginfo\", rpm:\"libtiff-debuginfo~3.6.1~12.el4_7.2\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff-devel\", rpm:\"libtiff-devel~3.6.1~12.el4_7.2\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "naslFamily": "Red Hat Local Security Checks", "immutableFields": []}
{"cve": [{"lastseen": "2021-02-02T05:27:20", "description": "Buffer overflow in the t2p_write_pdf_string function in tiff2pdf in libtiff 3.8.2 and earlier allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a TIFF file with a DocumentName tag that contains UTF-8 characters, which triggers the overflow when a character is sign extended to an integer that produces more digits than expected in an sprintf call.", "edition": 6, "cvss3": {}, "published": "2006-06-08T19:06:00", "title": "CVE-2006-2193", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": true}, "cvelist": ["CVE-2006-2193"], "modified": "2018-10-03T21:40:00", "cpe": ["cpe:/a:libtiff:libtiff:3.6.1", "cpe:/a:libtiff:libtiff:3.8.2", "cpe:/a:libtiff:libtiff:3.5.1", "cpe:/a:libtiff:libtiff:3.5.4", "cpe:/a:libtiff:libtiff:3.4", "cpe:/a:libtiff:libtiff:3.6.0", "cpe:/a:libtiff:libtiff:3.7.1", "cpe:/a:libtiff:libtiff:3.7.0", "cpe:/a:libtiff:libtiff:3.5.3", "cpe:/a:libtiff:libtiff:3.5.7", "cpe:/a:libtiff:libtiff:3.8.1", "cpe:/a:libtiff:libtiff:3.5.6", "cpe:/a:libtiff:libtiff:3.5.2", "cpe:/a:libtiff:libtiff:3.5.5", "cpe:/a:libtiff:libtiff:3.8.0"], "id": "CVE-2006-2193", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-2193", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:libtiff:libtiff:3.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.4:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.5.5:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:35:14", "description": "Multiple buffer underflows in the (1) LZWDecode, (2) LZWDecodeCompat, and (3) LZWDecodeVector functions in tif_lzw.c in the LZW decoder in LibTIFF 3.8.2 and earlier allow context-dependent attackers to execute arbitrary code via a crafted TIFF file, related to improper handling of the CODE_CLEAR code.", "edition": 6, "cvss3": {}, "published": "2008-08-27T20:41:00", "title": "CVE-2008-2327", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-2327"], "modified": "2018-10-11T20:40:00", "cpe": ["cpe:/a:libtiff:libtiff:3.6.1", "cpe:/a:libtiff:libtiff:3.8.2", "cpe:/a:libtiff:libtiff:3.5.1", "cpe:/a:libtiff:libtiff:3.5.4", "cpe:/a:libtiff:libtiff:3.4", "cpe:/a:libtiff:libtiff:3.6.0", "cpe:/a:libtiff:libtiff:3.7.1", "cpe:/a:libtiff:libtiff:3.7.0", "cpe:/a:libtiff:libtiff:3.5.3", "cpe:/a:libtiff:libtiff:3.5.7", "cpe:/a:libtiff:libtiff:3.8.1", "cpe:/a:libtiff:libtiff:3.5.6", "cpe:/a:libtiff:libtiff:3.5.2", "cpe:/a:libtiff:libtiff:3.5.5", "cpe:/a:libtiff:libtiff:3.8.0"], "id": "CVE-2008-2327", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2327", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:libtiff:libtiff:3.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.4:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.5.5:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2018-04-09T11:38:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2327", "CVE-2006-2193"], "description": "Check for the Version of libtiff", "modified": "2018-04-06T00:00:00", "published": "2009-03-06T00:00:00", "id": "OPENVAS:1361412562310870146", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870146", "type": "openvas", "title": "RedHat Update for libtiff RHSA-2008:0848-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for libtiff RHSA-2008:0848-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The libtiff packages contain a library of functions for manipulating Tagged\n Image File Format (TIFF) files.\n\n Multiple uses of uninitialized values were discovered in libtiff's\n Lempel-Ziv-Welch (LZW) compression algorithm decoder. An attacker could\n create a carefully crafted LZW-encoded TIFF file that would cause an\n application linked with libtiff to crash or, possibly, execute arbitrary\n code. (CVE-2008-2327)\n \n Red Hat would like to thank Drew Yao of the Apple Product Security team for\n reporting this issue.\n \n A buffer overflow flaw was discovered in the tiff2pdf conversion program\n distributed with libtiff. An attacker could create a TIFF file containing\n UTF-8 characters that would, when converted to PDF format, cause tiff2pdf\n to crash, or, possibly, execute arbitrary code. (CVE-2006-2193)\n \n Additionally, these updated packages fix the following bug:\n \n * the libtiff packages included manual pages for the sgi2tiff and tiffsv\n commands, which are not included in these packages. These extraneous manual\n pages were removed.\n \n All libtiff users are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"libtiff on Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-August/msg00026.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870146\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2008:0848-01\");\n script_cve_id(\"CVE-2008-2327\", \"CVE-2006-2193\");\n script_name( \"RedHat Update for libtiff RHSA-2008:0848-01\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of libtiff\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtiff\", rpm:\"libtiff~3.6.1~12.el4_7.2\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff-debuginfo\", rpm:\"libtiff-debuginfo~3.6.1~12.el4_7.2\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff-devel\", rpm:\"libtiff-devel~3.6.1~12.el4_7.2\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:40:34", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2327"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n libtiff\n libtiff-devel\n tiff\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-13T00:00:00", "id": "OPENVAS:136141256231065870", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065870", "type": "openvas", "title": "SLES10: Security update for libtiff", "sourceData": "#\n#VID slesp2-libtiff-5538\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for libtiff\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n libtiff\n libtiff-devel\n tiff\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65870\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2008-2327\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"SLES10: Security update for libtiff\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libtiff\", rpm:\"libtiff~3.8.2~5.12\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libtiff-devel\", rpm:\"libtiff-devel~3.8.2~5.12\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tiff\", rpm:\"tiff~3.8.2~5.12\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:56:03", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2327"], "description": "Check for the Version of libtiff", "modified": "2017-07-06T00:00:00", "published": "2009-04-09T00:00:00", "id": "OPENVAS:830511", "href": "http://plugins.openvas.org/nasl.php?oid=830511", "type": "openvas", "title": "Mandriva Update for libtiff MDVSA-2008:184 (libtiff)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for libtiff MDVSA-2008:184 (libtiff)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Drew Yaro of the Apple Product Security Team reported multiple uses of\n uninitialized values in libtiff's LZW compression algorithm decoder.\n An attacker could create a carefully crafted LZW-encoded TIFF file that\n would cause an application linked to libtiff to crash or potentially\n execute arbitrary code (CVE-2008-2327).\n\n The updated packages have been patched to prevent this issue.\";\n\ntag_affected = \"libtiff on Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64,\n Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64,\n Mandriva Linux 2008.1,\n Mandriva Linux 2008.1/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2008-09/msg00002.php\");\n script_id(830511);\n script_version(\"$Revision: 6568 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:04:21 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:18:58 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"MDVSA\", value: \"2008:184\");\n script_cve_id(\"CVE-2008-2327\");\n script_name( \"Mandriva Update for libtiff MDVSA-2008:184 (libtiff)\");\n\n script_summary(\"Check for the Version of libtiff\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtiff3\", rpm:\"libtiff3~3.8.2~8.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff3-devel\", rpm:\"libtiff3-devel~3.8.2~8.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff3-static-devel\", rpm:\"libtiff3-static-devel~3.8.2~8.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff-progs\", rpm:\"libtiff-progs~3.8.2~8.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff\", rpm:\"libtiff~3.8.2~8.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tiff3\", rpm:\"lib64tiff3~3.8.2~8.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tiff3-devel\", rpm:\"lib64tiff3-devel~3.8.2~8.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tiff3-static-devel\", rpm:\"lib64tiff3-static-devel~3.8.2~8.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtiff3\", rpm:\"libtiff3~3.8.2~8.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff3-devel\", rpm:\"libtiff3-devel~3.8.2~8.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff3-static-devel\", rpm:\"libtiff3-static-devel~3.8.2~8.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff-progs\", rpm:\"libtiff-progs~3.8.2~8.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff\", rpm:\"libtiff~3.8.2~8.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tiff3\", rpm:\"lib64tiff3~3.8.2~8.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tiff3-devel\", rpm:\"lib64tiff3-devel~3.8.2~8.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tiff3-static-devel\", rpm:\"lib64tiff3-static-devel~3.8.2~8.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtiff3\", rpm:\"libtiff3~3.8.2~10.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff3-devel\", rpm:\"libtiff3-devel~3.8.2~10.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff3-static-devel\", rpm:\"libtiff3-static-devel~3.8.2~10.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff-progs\", rpm:\"libtiff-progs~3.8.2~10.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff\", rpm:\"libtiff~3.8.2~10.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tiff3\", rpm:\"lib64tiff3~3.8.2~10.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tiff3-devel\", rpm:\"lib64tiff3-devel~3.8.2~10.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tiff3-static-devel\", rpm:\"lib64tiff3-static-devel~3.8.2~10.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:39:08", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2327"], "description": "Check for the Version of libtiff", "modified": "2018-04-06T00:00:00", "published": "2009-03-06T00:00:00", "id": "OPENVAS:1361412562310870048", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870048", "type": "openvas", "title": "RedHat Update for libtiff RHSA-2008:0863-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for libtiff RHSA-2008:0863-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The libtiff packages contain a library of functions for manipulating Tagged\n Image File Format (TIFF) files.\n\n Multiple uses of uninitialized values were discovered in libtiff's\n Lempel-Ziv-Welch (LZW) compression algorithm decoder. An attacker could\n create a carefully crafted LZW-encoded TIFF file that would cause an\n application linked with libtiff to crash or, possibly, execute arbitrary\n code. (CVE-2008-2327)\n \n Red Hat would like to thank Drew Yao of the Apple Product Security team for\n reporting this issue.\n \n All libtiff users are advised to upgrade to these updated packages, which\n contain backported patches to resolve this issue.\";\n\ntag_affected = \"libtiff on Red Hat Enterprise Linux AS (Advanced Server) version 2.1,\n Red Hat Enterprise Linux ES version 2.1,\n Red Hat Enterprise Linux WS version 2.1,\n Red Hat Enterprise Linux AS version 3,\n Red Hat Enterprise Linux ES version 3,\n Red Hat Enterprise Linux WS version 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-August/msg00027.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870048\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2008:0863-01\");\n script_cve_id(\"CVE-2008-2327\");\n script_name( \"RedHat Update for libtiff RHSA-2008:0863-01\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of libtiff\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_2.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtiff\", rpm:\"libtiff~3.5.7~31.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff-devel\", rpm:\"libtiff-devel~3.5.7~31.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_3\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtiff\", rpm:\"libtiff~3.5.7~31.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff-debuginfo\", rpm:\"libtiff-debuginfo~3.5.7~31.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff-devel\", rpm:\"libtiff-devel~3.5.7~31.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2327"], "description": "Check for the Version of libtiff", "modified": "2017-07-10T00:00:00", "published": "2009-02-17T00:00:00", "id": "OPENVAS:860370", "href": "http://plugins.openvas.org/nasl.php?oid=860370", "type": "openvas", "title": "Fedora Update for libtiff FEDORA-2008-7388", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libtiff FEDORA-2008-7388\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The libtiff package contains a library of functions for manipulating\n TIFF (Tagged Image File Format) image format files. TIFF is a widely\n used file format for bitmapped images. TIFF files usually end in the\n .tif extension and they are often quite large.\n\n The libtiff package should be installed if you need to manipulate TIFF\n format image files.\";\n\ntag_affected = \"libtiff on Fedora 8\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00121.html\");\n script_id(860370);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-17 17:03:12 +0100 (Tue, 17 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2008-7388\");\n script_cve_id(\"CVE-2008-2327\");\n script_name( \"Fedora Update for libtiff FEDORA-2008-7388\");\n\n script_summary(\"Check for the Version of libtiff\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC8\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtiff\", rpm:\"libtiff~3.8.2~11.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:57:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2327"], "description": "Check for the Version of libtiff", "modified": "2017-07-10T00:00:00", "published": "2009-02-17T00:00:00", "id": "OPENVAS:860904", "href": "http://plugins.openvas.org/nasl.php?oid=860904", "type": "openvas", "title": "Fedora Update for libtiff FEDORA-2008-7370", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libtiff FEDORA-2008-7370\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The libtiff package contains a library of functions for manipulating\n TIFF (Tagged Image File Format) image format files. TIFF is a widely\n used file format for bitmapped images. TIFF files usually end in the\n .tif extension and they are often quite large.\n\n The libtiff package should be installed if you need to manipulate TIFF\n format image files.\";\n\ntag_affected = \"libtiff on Fedora 9\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00102.html\");\n script_id(860904);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-17 17:03:12 +0100 (Tue, 17 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2008-7370\");\n script_cve_id(\"CVE-2008-2327\");\n script_name( \"Fedora Update for libtiff FEDORA-2008-7370\");\n\n script_summary(\"Check for the Version of libtiff\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC9\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtiff\", rpm:\"libtiff~3.8.2~11.fc9\", rls:\"FC9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-04T11:28:12", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2327"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-639-1", "modified": "2017-12-01T00:00:00", "published": "2009-03-23T00:00:00", "id": "OPENVAS:840355", "href": "http://plugins.openvas.org/nasl.php?oid=840355", "type": "openvas", "title": "Ubuntu Update for tiff vulnerability USN-639-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_639_1.nasl 7969 2017-12-01 09:23:16Z santu $\n#\n# Ubuntu Update for tiff vulnerability USN-639-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Drew Yao discovered that the TIFF library did not correctly validate LZW\n compressed TIFF images. If a user or automated system were tricked into\n processing a malicious image, a remote attacker could execute arbitrary\n code or cause an application linked against libtiff to crash, leading\n to a denial of service.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-639-1\";\ntag_affected = \"tiff vulnerability on Ubuntu 6.06 LTS ,\n Ubuntu 7.04 ,\n Ubuntu 7.10 ,\n Ubuntu 8.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-639-1/\");\n script_id(840355);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-23 10:59:50 +0100 (Mon, 23 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"USN\", value: \"639-1\");\n script_cve_id(\"CVE-2008-2327\");\n script_name( \"Ubuntu Update for tiff vulnerability USN-639-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtiff-tools\", ver:\"3.7.4-1ubuntu3.3\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libtiff4-dev\", ver:\"3.7.4-1ubuntu3.3\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libtiff4\", ver:\"3.7.4-1ubuntu3.3\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libtiffxx0c2\", ver:\"3.7.4-1ubuntu3.3\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libtiff-opengl\", ver:\"3.7.4-1ubuntu3.3\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU7.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtiff-tools\", ver:\"3.8.2-6ubuntu1\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libtiff4-dev\", ver:\"3.8.2-6ubuntu1\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libtiff4\", ver:\"3.8.2-6ubuntu1\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libtiffxx0c2\", ver:\"3.8.2-6ubuntu1\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libtiff-opengl\", ver:\"3.8.2-6ubuntu1\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtiff-tools\", ver:\"3.8.2-7ubuntu3.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libtiff4-dev\", ver:\"3.8.2-7ubuntu3.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libtiff4\", ver:\"3.8.2-7ubuntu3.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libtiffxx0c2\", ver:\"3.8.2-7ubuntu3.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libtiff-opengl\", ver:\"3.8.2-7ubuntu3.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU7.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtiff-tools\", ver:\"3.8.2-7ubuntu2.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libtiff4-dev\", ver:\"3.8.2-7ubuntu2.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libtiff4\", ver:\"3.8.2-7ubuntu2.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libtiffxx0c2\", ver:\"3.8.2-7ubuntu2.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libtiff-opengl\", ver:\"3.8.2-7ubuntu2.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:39:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2327"], "description": "Check for the Version of libtiff", "modified": "2018-04-06T00:00:00", "published": "2009-02-27T00:00:00", "id": "OPENVAS:1361412562310880159", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880159", "type": "openvas", "title": "CentOS Update for libtiff CESA-2008:0863 centos3 x86_64", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libtiff CESA-2008:0863 centos3 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The libtiff packages contain a library of functions for manipulating Tagged\n Image File Format (TIFF) files.\n\n Multiple uses of uninitialized values were discovered in libtiff's\n Lempel-Ziv-Welch (LZW) compression algorithm decoder. An attacker could\n create a carefully crafted LZW-encoded TIFF file that would cause an\n application linked with libtiff to crash or, possibly, execute arbitrary\n code. (CVE-2008-2327)\n \n Red Hat would like to thank Drew Yao of the Apple Product Security team for\n reporting this issue.\n \n All libtiff users are advised to upgrade to these updated packages, which\n contain backported patches to resolve this issue.\";\n\ntag_affected = \"libtiff on CentOS 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-August/015221.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880159\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2008:0863\");\n script_cve_id(\"CVE-2008-2327\");\n script_name( \"CentOS Update for libtiff CESA-2008:0863 centos3 x86_64\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of libtiff\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtiff\", rpm:\"libtiff~3.5.7~31.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff-devel\", rpm:\"libtiff-devel~3.5.7~31.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:16", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2327"], "description": "Check for the Version of libtiff", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "id": "OPENVAS:880159", "href": "http://plugins.openvas.org/nasl.php?oid=880159", "type": "openvas", "title": "CentOS Update for libtiff CESA-2008:0863 centos3 x86_64", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libtiff CESA-2008:0863 centos3 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The libtiff packages contain a library of functions for manipulating Tagged\n Image File Format (TIFF) files.\n\n Multiple uses of uninitialized values were discovered in libtiff's\n Lempel-Ziv-Welch (LZW) compression algorithm decoder. An attacker could\n create a carefully crafted LZW-encoded TIFF file that would cause an\n application linked with libtiff to crash or, possibly, execute arbitrary\n code. (CVE-2008-2327)\n \n Red Hat would like to thank Drew Yao of the Apple Product Security team for\n reporting this issue.\n \n All libtiff users are advised to upgrade to these updated packages, which\n contain backported patches to resolve this issue.\";\n\ntag_affected = \"libtiff on CentOS 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-August/015221.html\");\n script_id(880159);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2008:0863\");\n script_cve_id(\"CVE-2008-2327\");\n script_name( \"CentOS Update for libtiff CESA-2008:0863 centos3 x86_64\");\n\n script_summary(\"Check for the Version of libtiff\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtiff\", rpm:\"libtiff~3.5.7~31.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff-devel\", rpm:\"libtiff-devel~3.5.7~31.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-26T08:55:43", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2327"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n libtiff\n tiff\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5034140 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:65597", "href": "http://plugins.openvas.org/nasl.php?oid=65597", "type": "openvas", "title": "SLES9: Security update for libtiff", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5034140.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for libtiff\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n libtiff\n tiff\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5034140 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65597);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2008-2327\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"SLES9: Security update for libtiff\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libtiff\", rpm:\"libtiff~3.6.1~38.38\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-01-17T12:44:13", "description": "From Red Hat Security Advisory 2008:0848 :\n\nUpdated libtiff packages that fix various security issues and a bug\nare now available for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe libtiff packages contain a library of functions for manipulating\nTagged Image File Format (TIFF) files.\n\nMultiple uses of uninitialized values were discovered in libtiff's\nLempel-Ziv-Welch (LZW) compression algorithm decoder. An attacker\ncould create a carefully crafted LZW-encoded TIFF file that would\ncause an application linked with libtiff to crash or, possibly,\nexecute arbitrary code. (CVE-2008-2327)\n\nRed Hat would like to thank Drew Yao of the Apple Product Security\nteam for reporting this issue.\n\nA buffer overflow flaw was discovered in the tiff2pdf conversion\nprogram distributed with libtiff. An attacker could create a TIFF file\ncontaining UTF-8 characters that would, when converted to PDF format,\ncause tiff2pdf to crash, or, possibly, execute arbitrary code.\n(CVE-2006-2193)\n\nAdditionally, these updated packages fix the following bug :\n\n* the libtiff packages included manual pages for the sgi2tiff and\ntiffsv commands, which are not included in these packages. These\nextraneous manual pages were removed.\n\nAll libtiff users are advised to upgrade to these updated packages,\nwhich contain backported patches to resolve these issues.", "edition": 24, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 4 : libtiff (ELSA-2008-0848)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2327", "CVE-2006-2193"], "modified": "2013-07-12T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:libtiff", "p-cpe:/a:oracle:linux:libtiff-devel", "cpe:/o:oracle:linux:4"], "id": "ORACLELINUX_ELSA-2008-0848.NASL", "href": "https://www.tenable.com/plugins/nessus/67740", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2008:0848 and \n# Oracle Linux Security Advisory ELSA-2008-0848 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67740);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-2193\", \"CVE-2008-2327\");\n script_bugtraq_id(18331, 30832);\n script_xref(name:\"RHSA\", value:\"2008:0848\");\n\n script_name(english:\"Oracle Linux 4 : libtiff (ELSA-2008-0848)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2008:0848 :\n\nUpdated libtiff packages that fix various security issues and a bug\nare now available for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe libtiff packages contain a library of functions for manipulating\nTagged Image File Format (TIFF) files.\n\nMultiple uses of uninitialized values were discovered in libtiff's\nLempel-Ziv-Welch (LZW) compression algorithm decoder. An attacker\ncould create a carefully crafted LZW-encoded TIFF file that would\ncause an application linked with libtiff to crash or, possibly,\nexecute arbitrary code. (CVE-2008-2327)\n\nRed Hat would like to thank Drew Yao of the Apple Product Security\nteam for reporting this issue.\n\nA buffer overflow flaw was discovered in the tiff2pdf conversion\nprogram distributed with libtiff. An attacker could create a TIFF file\ncontaining UTF-8 characters that would, when converted to PDF format,\ncause tiff2pdf to crash, or, possibly, execute arbitrary code.\n(CVE-2006-2193)\n\nAdditionally, these updated packages fix the following bug :\n\n* the libtiff packages included manual pages for the sgi2tiff and\ntiffsv commands, which are not included in these packages. These\nextraneous manual pages were removed.\n\nAll libtiff users are advised to upgrade to these updated packages,\nwhich contain backported patches to resolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2008-August/000723.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libtiff packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libtiff\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libtiff-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/08/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", reference:\"libtiff-3.6.1-12.el4_7.2\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"libtiff-devel-3.6.1-12.el4_7.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtiff / libtiff-devel\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T13:06:16", "description": "Updated libtiff packages that fix various security issues and a bug\nare now available for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe libtiff packages contain a library of functions for manipulating\nTagged Image File Format (TIFF) files.\n\nMultiple uses of uninitialized values were discovered in libtiff's\nLempel-Ziv-Welch (LZW) compression algorithm decoder. An attacker\ncould create a carefully crafted LZW-encoded TIFF file that would\ncause an application linked with libtiff to crash or, possibly,\nexecute arbitrary code. (CVE-2008-2327)\n\nRed Hat would like to thank Drew Yao of the Apple Product Security\nteam for reporting this issue.\n\nA buffer overflow flaw was discovered in the tiff2pdf conversion\nprogram distributed with libtiff. An attacker could create a TIFF file\ncontaining UTF-8 characters that would, when converted to PDF format,\ncause tiff2pdf to crash, or, possibly, execute arbitrary code.\n(CVE-2006-2193)\n\nAdditionally, these updated packages fix the following bug :\n\n* the libtiff packages included manual pages for the sgi2tiff and\ntiffsv commands, which are not included in these packages. These\nextraneous manual pages were removed.\n\nAll libtiff users are advised to upgrade to these updated packages,\nwhich contain backported patches to resolve these issues.", "edition": 27, "published": "2008-08-30T00:00:00", "title": "RHEL 4 : libtiff (RHSA-2008:0848)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2327", "CVE-2006-2193"], "modified": "2008-08-30T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:libtiff-devel", "cpe:/o:redhat:enterprise_linux:4", "p-cpe:/a:redhat:enterprise_linux:libtiff", "cpe:/o:redhat:enterprise_linux:4.7"], "id": "REDHAT-RHSA-2008-0848.NASL", "href": "https://www.tenable.com/plugins/nessus/34064", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0848. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(34064);\n script_version(\"1.24\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-2193\", \"CVE-2008-2327\");\n script_bugtraq_id(18331, 30832);\n script_xref(name:\"RHSA\", value:\"2008:0848\");\n\n script_name(english:\"RHEL 4 : libtiff (RHSA-2008:0848)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated libtiff packages that fix various security issues and a bug\nare now available for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe libtiff packages contain a library of functions for manipulating\nTagged Image File Format (TIFF) files.\n\nMultiple uses of uninitialized values were discovered in libtiff's\nLempel-Ziv-Welch (LZW) compression algorithm decoder. An attacker\ncould create a carefully crafted LZW-encoded TIFF file that would\ncause an application linked with libtiff to crash or, possibly,\nexecute arbitrary code. (CVE-2008-2327)\n\nRed Hat would like to thank Drew Yao of the Apple Product Security\nteam for reporting this issue.\n\nA buffer overflow flaw was discovered in the tiff2pdf conversion\nprogram distributed with libtiff. An attacker could create a TIFF file\ncontaining UTF-8 characters that would, when converted to PDF format,\ncause tiff2pdf to crash, or, possibly, execute arbitrary code.\n(CVE-2006-2193)\n\nAdditionally, these updated packages fix the following bug :\n\n* the libtiff packages included manual pages for the sgi2tiff and\ntiffsv commands, which are not included in these packages. These\nextraneous manual pages were removed.\n\nAll libtiff users are advised to upgrade to these updated packages,\nwhich contain backported patches to resolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-2193\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-2327\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2008:0848\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libtiff and / or libtiff-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libtiff\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libtiff-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/08/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/08/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2008:0848\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"libtiff-3.6.1-12.el4_7.2\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"libtiff-devel-3.6.1-12.el4_7.2\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtiff / libtiff-devel\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T13:44:00", "description": "Multiple uses of uninitialized values were discovered in libtiff's\nLempel-Ziv-Welch (LZW) compression algorithm decoder. An attacker\ncould create a carefully crafted LZW-encoded TIFF file that would\ncause an application linked with libtiff to crash or, possibly,\nexecute arbitrary code. (CVE-2008-2327)\n\nSL4: A buffer overflow flaw was discovered in the tiff2pdf conversion\nprogram distributed with libtiff. An attacker could create a TIFF file\ncontaining UTF-8 characters that would, when converted to PDF format,\ncause tiff2pdf to crash, or, possibly, execute arbitrary code.\n(CVE-2006-2193)\n\nSL4 & SL5: Additionally, these updated packages fix the following\nbug :\n\n - the libtiff packages included manual pages for the\n sgi2tiff and tiffsv commands, which are not included in\n these packages. These extraneous manual pages were\n removed.", "edition": 25, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : libtiff on SL3.x, SL4.x, SL5.x i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2327", "CVE-2006-2193"], "modified": "2012-08-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20080828_LIBTIFF_ON_SL3_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60471", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60471);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-2193\", \"CVE-2008-2327\");\n\n script_name(english:\"Scientific Linux Security Update : libtiff on SL3.x, SL4.x, SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple uses of uninitialized values were discovered in libtiff's\nLempel-Ziv-Welch (LZW) compression algorithm decoder. An attacker\ncould create a carefully crafted LZW-encoded TIFF file that would\ncause an application linked with libtiff to crash or, possibly,\nexecute arbitrary code. (CVE-2008-2327)\n\nSL4: A buffer overflow flaw was discovered in the tiff2pdf conversion\nprogram distributed with libtiff. An attacker could create a TIFF file\ncontaining UTF-8 characters that would, when converted to PDF format,\ncause tiff2pdf to crash, or, possibly, execute arbitrary code.\n(CVE-2006-2193)\n\nSL4 & SL5: Additionally, these updated packages fix the following\nbug :\n\n - the libtiff packages included manual pages for the\n sgi2tiff and tiffsv commands, which are not included in\n these packages. These extraneous manual pages were\n removed.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0808&L=scientific-linux-errata&T=0&P=2181\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fc281cfd\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libtiff and / or libtiff-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/08/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL3\", reference:\"libtiff-3.5.7-31.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"libtiff-devel-3.5.7-31.el3\")) flag++;\n\nif (rpm_check(release:\"SL4\", reference:\"libtiff-3.6.1-12.el4_7.2\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"libtiff-devel-3.6.1-12.el4_7.2\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"libtiff-3.8.2-7.el5_2.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"libtiff-devel-3.8.2-7.el5_2.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T09:25:24", "description": "Updated libtiff packages that fix various security issues and a bug\nare now available for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe libtiff packages contain a library of functions for manipulating\nTagged Image File Format (TIFF) files.\n\nMultiple uses of uninitialized values were discovered in libtiff's\nLempel-Ziv-Welch (LZW) compression algorithm decoder. An attacker\ncould create a carefully crafted LZW-encoded TIFF file that would\ncause an application linked with libtiff to crash or, possibly,\nexecute arbitrary code. (CVE-2008-2327)\n\nRed Hat would like to thank Drew Yao of the Apple Product Security\nteam for reporting this issue.\n\nA buffer overflow flaw was discovered in the tiff2pdf conversion\nprogram distributed with libtiff. An attacker could create a TIFF file\ncontaining UTF-8 characters that would, when converted to PDF format,\ncause tiff2pdf to crash, or, possibly, execute arbitrary code.\n(CVE-2006-2193)\n\nAdditionally, these updated packages fix the following bug :\n\n* the libtiff packages included manual pages for the sgi2tiff and\ntiffsv commands, which are not included in these packages. These\nextraneous manual pages were removed.\n\nAll libtiff users are advised to upgrade to these updated packages,\nwhich contain backported patches to resolve these issues.", "edition": 26, "published": "2013-06-29T00:00:00", "title": "CentOS 4 : libtiff (CESA-2008:0848)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2327", "CVE-2006-2193"], "modified": "2013-06-29T00:00:00", "cpe": ["cpe:/o:centos:centos:4", "p-cpe:/a:centos:centos:libtiff-devel", "p-cpe:/a:centos:centos:libtiff"], "id": "CENTOS_RHSA-2008-0848.NASL", "href": "https://www.tenable.com/plugins/nessus/67063", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0848 and \n# CentOS Errata and Security Advisory 2008:0848 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67063);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2006-2193\", \"CVE-2008-2327\");\n script_bugtraq_id(18331, 30832);\n script_xref(name:\"RHSA\", value:\"2008:0848\");\n\n script_name(english:\"CentOS 4 : libtiff (CESA-2008:0848)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated libtiff packages that fix various security issues and a bug\nare now available for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe libtiff packages contain a library of functions for manipulating\nTagged Image File Format (TIFF) files.\n\nMultiple uses of uninitialized values were discovered in libtiff's\nLempel-Ziv-Welch (LZW) compression algorithm decoder. An attacker\ncould create a carefully crafted LZW-encoded TIFF file that would\ncause an application linked with libtiff to crash or, possibly,\nexecute arbitrary code. (CVE-2008-2327)\n\nRed Hat would like to thank Drew Yao of the Apple Product Security\nteam for reporting this issue.\n\nA buffer overflow flaw was discovered in the tiff2pdf conversion\nprogram distributed with libtiff. An attacker could create a TIFF file\ncontaining UTF-8 characters that would, when converted to PDF format,\ncause tiff2pdf to crash, or, possibly, execute arbitrary code.\n(CVE-2006-2193)\n\nAdditionally, these updated packages fix the following bug :\n\n* the libtiff packages included manual pages for the sgi2tiff and\ntiffsv commands, which are not included in these packages. These\nextraneous manual pages were removed.\n\nAll libtiff users are advised to upgrade to these updated packages,\nwhich contain backported patches to resolve these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-August/015225.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6b29d83a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libtiff packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libtiff\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libtiff-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/08/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/06/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"libtiff-3.6.1-12.c4.2\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"libtiff-devel-3.6.1-12.c4.2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtiff / libtiff-devel\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T11:51:34", "description": "A buffer overflow in the t2p_write_pdf_string function in tiff2pdf in\nlibtiff 3.8.2 and earlier allows attackers to cause a denial of\nservice (crash) and possibly execute arbitrary code via a TIFF file\nwith a DocumentName tag that contains UTF-8 characters, which triggers\nthe overflow when a character is sign extended to an integer that\nproduces more digits than expected in a sprintf call.\n\nCorporate Server 3 and Corporate Desktop 3 are not affected by this\nvulnerability as tiff2pdf was not part of the libtiff version shipped\nin those products.\n\nThe updated packages have been patched to correct this issue.", "edition": 24, "published": "2006-06-16T00:00:00", "title": "Mandrake Linux Security Advisory : libtiff (MDKSA-2006:102)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-2193"], "modified": "2006-06-16T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:libtiff3-static-devel", "p-cpe:/a:mandriva:linux:lib64tiff3-devel", "p-cpe:/a:mandriva:linux:libtiff3-devel", "p-cpe:/a:mandriva:linux:libtiff-progs", "cpe:/o:mandriva:linux:2006", "x-cpe:/o:mandrakesoft:mandrake_linux:le2005", "p-cpe:/a:mandriva:linux:lib64tiff3", "p-cpe:/a:mandriva:linux:libtiff3", "p-cpe:/a:mandriva:linux:lib64tiff3-static-devel"], "id": "MANDRAKE_MDKSA-2006-102.NASL", "href": "https://www.tenable.com/plugins/nessus/21717", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2006:102. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(21717);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2006-2193\");\n script_bugtraq_id(18331);\n script_xref(name:\"MDKSA\", value:\"2006:102\");\n\n script_name(english:\"Mandrake Linux Security Advisory : libtiff (MDKSA-2006:102)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A buffer overflow in the t2p_write_pdf_string function in tiff2pdf in\nlibtiff 3.8.2 and earlier allows attackers to cause a denial of\nservice (crash) and possibly execute arbitrary code via a TIFF file\nwith a DocumentName tag that contains UTF-8 characters, which triggers\nthe overflow when a character is sign extended to an integer that\nproduces more digits than expected in a sprintf call.\n\nCorporate Server 3 and Corporate Desktop 3 are not affected by this\nvulnerability as tiff2pdf was not part of the libtiff version shipped\nin those products.\n\nThe updated packages have been patched to correct this issue.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64tiff3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64tiff3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64tiff3-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libtiff-progs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libtiff3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libtiff3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libtiff3-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2006\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:mandrakesoft:mandrake_linux:le2005\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/06/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/06/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK10.2\", cpu:\"x86_64\", reference:\"lib64tiff3-3.6.1-11.5.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"x86_64\", reference:\"lib64tiff3-devel-3.6.1-11.5.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"x86_64\", reference:\"lib64tiff3-static-devel-3.6.1-11.5.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"libtiff-progs-3.6.1-11.5.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"libtiff3-3.6.1-11.5.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"libtiff3-devel-3.6.1-11.5.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"libtiff3-static-devel-3.6.1-11.5.102mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK2006.0\", cpu:\"x86_64\", reference:\"lib64tiff3-3.6.1-12.4.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"x86_64\", reference:\"lib64tiff3-devel-3.6.1-12.4.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"x86_64\", reference:\"lib64tiff3-static-devel-3.6.1-12.4.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"libtiff-progs-3.6.1-12.4.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"i386\", reference:\"libtiff3-3.6.1-12.4.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"i386\", reference:\"libtiff3-devel-3.6.1-12.4.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"i386\", reference:\"libtiff3-static-devel-3.6.1-12.4.20060mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T14:46:30", "description": "A buffer underflow (CVE-2008-2327) has been fixed in libtiff.", "edition": 21, "published": "2008-09-03T00:00:00", "title": "SuSE 10 Security Update : libtiff (ZYPP Patch Number 5538)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2327"], "modified": "2008-09-03T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_LIBTIFF-5538.NASL", "href": "https://www.tenable.com/plugins/nessus/34074", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(34074);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-2327\");\n\n script_name(english:\"SuSE 10 Security Update : libtiff (ZYPP Patch Number 5538)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\"A buffer underflow (CVE-2008-2327) has been fixed in libtiff.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-2327.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 5538.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/08/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/09/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"libtiff-3.8.2-5.12\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"libtiff-devel-3.8.2-5.12\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"tiff-3.8.2-5.12\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, cpu:\"x86_64\", reference:\"libtiff-32bit-3.8.2-5.12\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"libtiff-3.8.2-5.12\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"libtiff-devel-3.8.2-5.12\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"tiff-3.8.2-5.12\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"x86_64\", reference:\"libtiff-32bit-3.8.2-5.12\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"libtiff-3.8.2-5.12\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"libtiff-devel-3.8.2-5.12\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"tiff-3.8.2-5.12\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, cpu:\"x86_64\", reference:\"libtiff-32bit-3.8.2-5.12\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, cpu:\"x86_64\", reference:\"libtiff-devel-32bit-3.8.2-5.12\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"libtiff-3.8.2-5.12\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"libtiff-devel-3.8.2-5.12\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"tiff-3.8.2-5.12\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"x86_64\", reference:\"libtiff-32bit-3.8.2-5.12\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"x86_64\", reference:\"libtiff-devel-32bit-3.8.2-5.12\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T14:02:16", "description": "A buffer underflow (CVE-2008-2327) has been fixed in libtiff.", "edition": 21, "published": "2009-09-24T00:00:00", "title": "SuSE9 Security Update : libtiff (YOU Patch Number 12229)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2327"], "modified": "2009-09-24T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE9_12229.NASL", "href": "https://www.tenable.com/plugins/nessus/41236", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41236);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-2327\");\n\n script_name(english:\"SuSE9 Security Update : libtiff (YOU Patch Number 12229)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\"A buffer underflow (CVE-2008-2327) has been fixed in libtiff.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-2327.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 12229.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/08/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", reference:\"libtiff-3.6.1-38.38\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"tiff-3.6.1-38.38\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"x86_64\", reference:\"libtiff-32bit-9-200808201417\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T15:44:15", "description": "Drew Yao discovered that the TIFF library did not correctly validate\nLZW compressed TIFF images. If a user or automated system were tricked\ninto processing a malicious image, a remote attacker could execute\narbitrary code or cause an application linked against libtiff to\ncrash, leading to a denial of service.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2008-09-03T00:00:00", "title": "Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : tiff vulnerability (USN-639-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2327"], "modified": "2008-09-03T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libtiff4", "cpe:/o:canonical:ubuntu_linux:7.10", "p-cpe:/a:canonical:ubuntu_linux:libtiffxx0c2", "p-cpe:/a:canonical:ubuntu_linux:libtiff-opengl", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:libtiff-tools", "p-cpe:/a:canonical:ubuntu_linux:libtiff4-dev", "cpe:/o:canonical:ubuntu_linux:7.04", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts"], "id": "UBUNTU_USN-639-1.NASL", "href": "https://www.tenable.com/plugins/nessus/34080", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-639-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(34080);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2008-2327\");\n script_bugtraq_id(30832);\n script_xref(name:\"USN\", value:\"639-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : tiff vulnerability (USN-639-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Drew Yao discovered that the TIFF library did not correctly validate\nLZW compressed TIFF images. If a user or automated system were tricked\ninto processing a malicious image, a remote attacker could execute\narbitrary code or cause an application linked against libtiff to\ncrash, leading to a denial of service.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/639-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libtiff-opengl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libtiff-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libtiff4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libtiff4-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libtiffxx0c2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/09/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/09/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(6\\.06|7\\.04|7\\.10|8\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 7.04 / 7.10 / 8.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libtiff-opengl\", pkgver:\"3.7.4-1ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libtiff-tools\", pkgver:\"3.7.4-1ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libtiff4\", pkgver:\"3.7.4-1ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libtiff4-dev\", pkgver:\"3.7.4-1ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libtiffxx0c2\", pkgver:\"3.7.4-1ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"libtiff-opengl\", pkgver:\"3.8.2-6ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"libtiff-tools\", pkgver:\"3.8.2-6ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"libtiff4\", pkgver:\"3.8.2-6ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"libtiff4-dev\", pkgver:\"3.8.2-6ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"libtiffxx0c2\", pkgver:\"3.8.2-6ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"libtiff-opengl\", pkgver:\"3.8.2-7ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"libtiff-tools\", pkgver:\"3.8.2-7ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"libtiff4\", pkgver:\"3.8.2-7ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"libtiff4-dev\", pkgver:\"3.8.2-7ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"libtiffxx0c2\", pkgver:\"3.8.2-7ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libtiff-opengl\", pkgver:\"3.8.2-7ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libtiff-tools\", pkgver:\"3.8.2-7ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libtiff4\", pkgver:\"3.8.2-7ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libtiff4-dev\", pkgver:\"3.8.2-7ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libtiffxx0c2\", pkgver:\"3.8.2-7ubuntu3.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtiff-opengl / libtiff-tools / libtiff4 / libtiff4-dev / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T09:25:24", "description": "Updated libtiff packages that fix a security issue are now available\nfor Red Hat Enterprise Linux 2.1 and 3.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe libtiff packages contain a library of functions for manipulating\nTagged Image File Format (TIFF) files.\n\nMultiple uses of uninitialized values were discovered in libtiff's\nLempel-Ziv-Welch (LZW) compression algorithm decoder. An attacker\ncould create a carefully crafted LZW-encoded TIFF file that would\ncause an application linked with libtiff to crash or, possibly,\nexecute arbitrary code. (CVE-2008-2327)\n\nRed Hat would like to thank Drew Yao of the Apple Product Security\nteam for reporting this issue.\n\nAll libtiff users are advised to upgrade to these updated packages,\nwhich contain backported patches to resolve this issue.", "edition": 26, "published": "2008-08-30T00:00:00", "title": "CentOS 3 : libtiff (CESA-2008:0863)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2327"], "modified": "2008-08-30T00:00:00", "cpe": ["p-cpe:/a:centos:centos:libtiff-devel", "p-cpe:/a:centos:centos:libtiff", "cpe:/o:centos:centos:3"], "id": "CENTOS_RHSA-2008-0863.NASL", "href": "https://www.tenable.com/plugins/nessus/34062", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0863 and \n# CentOS Errata and Security Advisory 2008:0863 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(34062);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2008-2327\");\n script_bugtraq_id(30832);\n script_xref(name:\"RHSA\", value:\"2008:0863\");\n\n script_name(english:\"CentOS 3 : libtiff (CESA-2008:0863)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated libtiff packages that fix a security issue are now available\nfor Red Hat Enterprise Linux 2.1 and 3.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe libtiff packages contain a library of functions for manipulating\nTagged Image File Format (TIFF) files.\n\nMultiple uses of uninitialized values were discovered in libtiff's\nLempel-Ziv-Welch (LZW) compression algorithm decoder. An attacker\ncould create a carefully crafted LZW-encoded TIFF file that would\ncause an application linked with libtiff to crash or, possibly,\nexecute arbitrary code. (CVE-2008-2327)\n\nRed Hat would like to thank Drew Yao of the Apple Product Security\nteam for reporting this issue.\n\nAll libtiff users are advised to upgrade to these updated packages,\nwhich contain backported patches to resolve this issue.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-August/015220.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?024068a8\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-August/015221.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f6544b12\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-August/015223.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?aa99c2c9\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libtiff packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libtiff\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libtiff-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/08/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/08/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/08/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 3.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-3\", reference:\"libtiff-3.5.7-31.el3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"libtiff-devel-3.5.7-31.el3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtiff / libtiff-devel\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:06:39", "description": "Fixes LZW decoding vulnerabilities described in CVE-2008-2327\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2008-09-10T00:00:00", "title": "Fedora 9 : libtiff-3.8.2-11.fc9 (2008-7370)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2327"], "modified": "2008-09-10T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:libtiff", "cpe:/o:fedoraproject:fedora:9"], "id": "FEDORA_2008-7370.NASL", "href": "https://www.tenable.com/plugins/nessus/34128", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-7370.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(34128);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-2327\");\n script_bugtraq_id(30832);\n script_xref(name:\"FEDORA\", value:\"2008-7370\");\n\n script_name(english:\"Fedora 9 : libtiff-3.8.2-11.fc9 (2008-7370)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fixes LZW decoding vulnerabilities described in CVE-2008-2327\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=458674\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-September/013633.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7912403e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libtiff package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libtiff\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:9\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/09/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/09/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 9.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC9\", reference:\"libtiff-3.8.2-11.fc9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtiff\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2019-12-20T18:26:11", "bulletinFamily": "unix", "cvelist": ["CVE-2008-2327", "CVE-2006-2193"], "description": "**CentOS Errata and Security Advisory** CESA-2008:0848\n\n\nThe libtiff packages contain a library of functions for manipulating Tagged\nImage File Format (TIFF) files.\n\nMultiple uses of uninitialized values were discovered in libtiff's\nLempel-Ziv-Welch (LZW) compression algorithm decoder. An attacker could\ncreate a carefully crafted LZW-encoded TIFF file that would cause an\napplication linked with libtiff to crash or, possibly, execute arbitrary\ncode. (CVE-2008-2327)\n\nRed Hat would like to thank Drew Yao of the Apple Product Security team for\nreporting this issue.\n\nA buffer overflow flaw was discovered in the tiff2pdf conversion program\ndistributed with libtiff. An attacker could create a TIFF file containing\nUTF-8 characters that would, when converted to PDF format, cause tiff2pdf\nto crash, or, possibly, execute arbitrary code. (CVE-2006-2193)\n\nAdditionally, these updated packages fix the following bug:\n\n* the libtiff packages included manual pages for the sgi2tiff and tiffsv\ncommands, which are not included in these packages. These extraneous manual\npages were removed.\n\nAll libtiff users are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-August/027263.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-August/027267.html\n\n**Affected packages:**\nlibtiff\nlibtiff-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2008-0848.html", "edition": 4, "modified": "2008-08-30T15:19:14", "published": "2008-08-30T14:21:20", "href": "http://lists.centos.org/pipermail/centos-announce/2008-August/027263.html", "id": "CESA-2008:0848", "title": "libtiff security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-20T18:26:42", "bulletinFamily": "unix", "cvelist": ["CVE-2008-2327"], "description": "**CentOS Errata and Security Advisory** CESA-2008:0863-01\n\n\nThe libtiff packages contain a library of functions for manipulating Tagged\nImage File Format (TIFF) files.\n\nMultiple uses of uninitialized values were discovered in libtiff's\nLempel-Ziv-Welch (LZW) compression algorithm decoder. An attacker could\ncreate a carefully crafted LZW-encoded TIFF file that would cause an\napplication linked with libtiff to crash or, possibly, execute arbitrary\ncode. (CVE-2008-2327)\n\nRed Hat would like to thank Drew Yao of the Apple Product Security team for\nreporting this issue.\n\nAll libtiff users are advised to upgrade to these updated packages, which\ncontain backported patches to resolve this issue.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-August/027257.html\n\n**Affected packages:**\nlibtiff\nlibtiff-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "edition": 3, "modified": "2008-08-29T00:41:41", "published": "2008-08-29T00:41:41", "href": "http://lists.centos.org/pipermail/centos-announce/2008-August/027257.html", "id": "CESA-2008:0863-01", "title": "libtiff security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-20T18:24:36", "bulletinFamily": "unix", "cvelist": ["CVE-2008-2327"], "description": "**CentOS Errata and Security Advisory** CESA-2008:0847\n\n\nThe libtiff packages contain a library of functions for manipulating Tagged\nImage File Format (TIFF) files.\n\nMultiple uses of uninitialized values were discovered in libtiff's\nLempel-Ziv-Welch (LZW) compression algorithm decoder. An attacker could\ncreate a carefully crafted LZW-encoded TIFF file that would cause an\napplication linked with libtiff to crash or, possibly, execute arbitrary\ncode. (CVE-2008-2327)\n\nRed Hat would like to thank Drew Yao of the Apple Product Security team for\nreporting this issue.\n\nAdditionally, these updated packages fix the following bug:\n\n* the libtiff packages included manual pages for the sgi2tiff and tiffsv\ncommands, which are not included in these packages. These extraneous manual\npages were removed.\n\nAll libtiff users are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-October/027324.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-October/027325.html\n\n**Affected packages:**\nlibtiff\nlibtiff-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2008-0847.html", "edition": 3, "modified": "2008-10-03T18:34:01", "published": "2008-10-03T18:34:01", "href": "http://lists.centos.org/pipermail/centos-announce/2008-October/027324.html", "id": "CESA-2008:0847", "title": "libtiff security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-20T18:27:42", "bulletinFamily": "unix", "cvelist": ["CVE-2008-2327"], "description": "**CentOS Errata and Security Advisory** CESA-2008:0863\n\n\nThe libtiff packages contain a library of functions for manipulating Tagged\nImage File Format (TIFF) files.\n\nMultiple uses of uninitialized values were discovered in libtiff's\nLempel-Ziv-Welch (LZW) compression algorithm decoder. An attacker could\ncreate a carefully crafted LZW-encoded TIFF file that would cause an\napplication linked with libtiff to crash or, possibly, execute arbitrary\ncode. (CVE-2008-2327)\n\nRed Hat would like to thank Drew Yao of the Apple Product Security team for\nreporting this issue.\n\nAll libtiff users are advised to upgrade to these updated packages, which\ncontain backported patches to resolve this issue.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-August/027258.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-August/027259.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-August/027261.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-August/027265.html\n\n**Affected packages:**\nlibtiff\nlibtiff-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2008-0863.html", "edition": 3, "modified": "2008-08-30T14:47:04", "published": "2008-08-29T21:30:43", "href": "http://lists.centos.org/pipermail/centos-announce/2008-August/027258.html", "id": "CESA-2008:0863", "title": "libtiff security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:47:03", "bulletinFamily": "unix", "cvelist": ["CVE-2006-2193", "CVE-2008-2327"], "description": "The libtiff packages contain a library of functions for manipulating Tagged\nImage File Format (TIFF) files.\n\nMultiple uses of uninitialized values were discovered in libtiff's\nLempel-Ziv-Welch (LZW) compression algorithm decoder. An attacker could\ncreate a carefully crafted LZW-encoded TIFF file that would cause an\napplication linked with libtiff to crash or, possibly, execute arbitrary\ncode. (CVE-2008-2327)\n\nRed Hat would like to thank Drew Yao of the Apple Product Security team for\nreporting this issue.\n\nA buffer overflow flaw was discovered in the tiff2pdf conversion program\ndistributed with libtiff. An attacker could create a TIFF file containing\nUTF-8 characters that would, when converted to PDF format, cause tiff2pdf\nto crash, or, possibly, execute arbitrary code. (CVE-2006-2193)\n\nAdditionally, these updated packages fix the following bug:\n\n* the libtiff packages included manual pages for the sgi2tiff and tiffsv\ncommands, which are not included in these packages. These extraneous manual\npages were removed.\n\nAll libtiff users are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues.", "modified": "2017-09-08T12:19:55", "published": "2008-08-28T04:00:00", "id": "RHSA-2008:0848", "href": "https://access.redhat.com/errata/RHSA-2008:0848", "type": "redhat", "title": "(RHSA-2008:0848) Important: libtiff security and bug fix update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:46:55", "bulletinFamily": "unix", "cvelist": ["CVE-2008-2327"], "description": "The libtiff packages contain a library of functions for manipulating Tagged\nImage File Format (TIFF) files.\n\nMultiple uses of uninitialized values were discovered in libtiff's\nLempel-Ziv-Welch (LZW) compression algorithm decoder. An attacker could\ncreate a carefully crafted LZW-encoded TIFF file that would cause an\napplication linked with libtiff to crash or, possibly, execute arbitrary\ncode. (CVE-2008-2327)\n\nRed Hat would like to thank Drew Yao of the Apple Product Security team for\nreporting this issue.\n\nAll libtiff users are advised to upgrade to these updated packages, which\ncontain backported patches to resolve this issue.", "modified": "2019-03-22T23:43:27", "published": "2008-08-28T04:00:00", "id": "RHSA-2008:0863", "href": "https://access.redhat.com/errata/RHSA-2008:0863", "type": "redhat", "title": "(RHSA-2008:0863) Important: libtiff security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:46:44", "bulletinFamily": "unix", "cvelist": ["CVE-2008-2327"], "description": "The libtiff packages contain a library of functions for manipulating Tagged\nImage File Format (TIFF) files.\n\nMultiple uses of uninitialized values were discovered in libtiff's\nLempel-Ziv-Welch (LZW) compression algorithm decoder. An attacker could\ncreate a carefully crafted LZW-encoded TIFF file that would cause an\napplication linked with libtiff to crash or, possibly, execute arbitrary\ncode. (CVE-2008-2327)\n\nRed Hat would like to thank Drew Yao of the Apple Product Security team for\nreporting this issue.\n\nAdditionally, these updated packages fix the following bug:\n\n* the libtiff packages included manual pages for the sgi2tiff and tiffsv\ncommands, which are not included in these packages. These extraneous manual\npages were removed.\n\nAll libtiff users are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues.", "modified": "2017-09-08T11:51:52", "published": "2008-08-28T04:00:00", "id": "RHSA-2008:0847", "href": "https://access.redhat.com/errata/RHSA-2008:0847", "type": "redhat", "title": "(RHSA-2008:0847) Important: libtiff security and bug fix update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:35:22", "bulletinFamily": "unix", "cvelist": ["CVE-2008-2327", "CVE-2006-2193"], "description": "[3.6.1-12.el4.2]\n- Get rid of html pages for un-shipped programs, too\nResolves: #459404\n[3.6.1-12.el4.1]\n- Fix LZW decoding vulnerabilities (CVE-2008-2327)\nResolves: #458814\n- Back-port fix for CVE-2006-2193\nResolves: #458814\n- Remove sgi2tiff.1 and tiffsv.1, since they are for programs we don't ship\nResolves: #459404\n- Remove fuzz in existing patches tiff-3.6.1-color.patch, tiffsplit-overflow.patch", "edition": 4, "modified": "2008-08-28T00:00:00", "published": "2008-08-28T00:00:00", "id": "ELSA-2008-0848", "href": "http://linux.oracle.com/errata/ELSA-2008-0848.html", "title": "libtiff security and bug fix update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:09", "bulletinFamily": "unix", "cvelist": ["CVE-2008-2327"], "description": "[3.8.2-7.el5.2]\n- Use -fno-strict-aliasing per rpmdiff recommendation\n[3.8.2-7.el5.1]\n- Fix LZW decoding vulnerabilities (CVE-2008-2327)\nResolves: #458812\n- Remove sgi2tiff.1 and tiffsv.1, since they are for programs we don't ship\nResolves: #460120", "edition": 4, "modified": "2008-08-28T00:00:00", "published": "2008-08-28T00:00:00", "id": "ELSA-2008-0847", "href": "http://linux.oracle.com/errata/ELSA-2008-0847.html", "title": "libtiff security and bug fix update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:03", "bulletinFamily": "unix", "cvelist": ["CVE-2008-2327"], "description": "[3.5.7-31.el3]\n- Fix some additional LZW decoding vulnerabilities (back-port from tiff-3.6.1)\nResolves: #458810\n- Force debug symbols to be generated by adding GCOPTS=-g; the test\n used by this old configure script is too easily confused\n[3.5.7-25.el3.5]\n- Fix LZW decoding vulnerabilities (CVE-2008-2327)\nResolves: #458810", "edition": 4, "modified": "2008-08-28T00:00:00", "published": "2008-08-28T00:00:00", "id": "ELSA-2008-0863", "href": "http://linux.oracle.com/errata/ELSA-2008-0863.html", "title": "libtiff security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:22", "bulletinFamily": "software", "cvelist": ["CVE-2006-2193"], "edition": 1, "description": "# No description provided by the source\n\n## References:\nVendor Specific News/Changelog Entry: http://bugzilla.remotesensing.org/show_bug.cgi?id=1196\nVendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=370355\n[Vendor Specific Advisory URL](http://www.ubuntu.com/usn/usn-289-1)\n[Vendor Specific Advisory URL](http://www.trustix.org/errata/2006/0036/)\n[Vendor Specific Advisory URL](http://www.mandriva.com/security/advisories?name=MDKSA-2006:102)\n[Vendor Specific Advisory URL](http://www.us.debian.org/security/2006/dsa-1091)\n[Secunia Advisory ID:20501](https://secuniaresearch.flexerasoftware.com/advisories/20501/)\n[Secunia Advisory ID:20766](https://secuniaresearch.flexerasoftware.com/advisories/20766/)\n[Secunia Advisory ID:27181](https://secuniaresearch.flexerasoftware.com/advisories/27181/)\n[Secunia Advisory ID:20715](https://secuniaresearch.flexerasoftware.com/advisories/20715/)\n[Secunia Advisory ID:21002](https://secuniaresearch.flexerasoftware.com/advisories/21002/)\n[Secunia Advisory ID:27222](https://secuniaresearch.flexerasoftware.com/advisories/27222/)\n[Secunia Advisory ID:20488](https://secuniaresearch.flexerasoftware.com/advisories/20488/)\n[Secunia Advisory ID:20520](https://secuniaresearch.flexerasoftware.com/advisories/20520/)\n[Secunia Advisory ID:20693](https://secuniaresearch.flexerasoftware.com/advisories/20693/)\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200607-03.xml\nOther Advisory URL: http://bugzilla.remotesensing.org/show_bug.cgi?id=1196\nOther Advisory URL: http://lists.suse.com/archive/suse-security-announce/2006-Jun/0008.html\nOther Advisory URL: http://sunsolve.sun.com/search/document.do?assetkey=1-26-103099-1\nFrSIRT Advisory: ADV-2006-2197\n[CVE-2006-2193](https://vulners.com/cve/CVE-2006-2193)\n", "modified": "2006-06-04T04:34:11", "published": "2006-06-04T04:34:11", "href": "https://vulners.com/osvdb/OSVDB:26031", "id": "OSVDB:26031", "type": "osvdb", "title": "LibTIFF tiff2pdf t2p_write_pdf_string Function Overflow", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2020-07-09T00:25:54", "bulletinFamily": "unix", "cvelist": ["CVE-2008-2327"], "description": "Drew Yao discovered that the TIFF library did not correctly validate LZW \ncompressed TIFF images. If a user or automated system were tricked into \nprocessing a malicious image, a remote attacker could execute arbitrary \ncode or cause an application linked against libtiff to crash, leading \nto a denial of service.", "edition": 5, "modified": "2008-09-02T00:00:00", "published": "2008-09-02T00:00:00", "id": "USN-639-1", "href": "https://ubuntu.com/security/notices/USN-639-1", "title": "tiff vulnerability", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-08-10T09:57:05", "bulletinFamily": "unix", "cvelist": ["CVE-2006-2656", "CVE-2006-2193"], "description": "A buffer overflow has been found in the tiff2pdf utility. By tricking \nan user into processing a specially crafted TIF file with tiff2pdf, \nthis could potentially be exploited to execute arbitrary code with the \nprivileges of the user. (CVE-2006-2193)\n\nA. Alejandro Hern\u00e1ndez discovered a buffer overflow in the tiffsplit \nutility. By calling tiffsplit with specially crafted long arguments, \nan user can execute arbitrary code. If tiffsplit is used in e. g. a \nweb-based frontend or similar automated system, this could lead to \nremote arbitary code execution with the privileges of that system. (In \nnormal interactive command line usage this is not a vulnerability.) \n(CVE-2006-2656)", "edition": 70, "modified": "2006-06-08T00:00:00", "published": "2006-06-08T00:00:00", "id": "USN-289-1", "href": "https://ubuntu.com/security/notices/USN-289-1", "title": "tiff vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:27", "bulletinFamily": "software", "cvelist": ["CVE-2008-2327"], "description": "\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2008:184\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n\r\n Package : libtiff\r\n Date : September 3, 2008\r\n Affected: 2007.1, 2008.0, 2008.1, Corporate 3.0, Corporate 4.0,\r\n Multi Network Firewall 2.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Drew Yaro of the Apple Product Security Team reported multiple uses of\r\n uninitialized values in libtiff's LZW compression algorithm decoder.\r\n An attacker could create a carefully crafted LZW-encoded TIFF file that\r\n would cause an application linked to libtiff to crash or potentially\r\n execute arbitrary code (CVE-2008-2327).\r\n \r\n The updated packages have been patched to prevent this issue.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2327\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Linux 2007.1:\r\n 5453e1e862c9516bf754ff5dd0510e99 2007.1/i586/libtiff3-3.8.2-8.1mdv2007.1.i586.rpm\r\n c41cc4f89c2a576b31f55604020686b9 2007.1/i586/libtiff3-devel-3.8.2-8.1mdv2007.1.i586.rpm\r\n 3a84a5b36810fc04266b0e8db40cf95a 2007.1/i586/libtiff3-static-devel-3.8.2-8.1mdv2007.1.i586.rpm\r\n 2e184a5e809f31357e1238d4ffb0e7e7 2007.1/i586/libtiff-progs-3.8.2-8.1mdv2007.1.i586.rpm \r\n 6f0b7a336c92b3f6026882f16fea8e36 2007.1/SRPMS/libtiff-3.8.2-8.1mdv2007.1.src.rpm\r\n\r\n Mandriva Linux 2007.1/X86_64:\r\n 712950c98f929999cb7a53dad56db456 2007.1/x86_64/lib64tiff3-3.8.2-8.1mdv2007.1.x86_64.rpm\r\n 820be023570529dbcbc4682a687aa59d 2007.1/x86_64/lib64tiff3-devel-3.8.2-8.1mdv2007.1.x86_64.rpm\r\n 741e09ecc07a42f95ba97f99daf8b474 2007.1/x86_64/lib64tiff3-static-devel-3.8.2-8.1mdv2007.1.x86_64.rpm\r\n 5f44d3ec3d223be06ecdeacae2fc3c04 2007.1/x86_64/libtiff-progs-3.8.2-8.1mdv2007.1.x86_64.rpm \r\n 6f0b7a336c92b3f6026882f16fea8e36 2007.1/SRPMS/libtiff-3.8.2-8.1mdv2007.1.src.rpm\r\n\r\n Mandriva Linux 2008.0:\r\n f48e75c73b1485dd999147f6916d714b 2008.0/i586/libtiff3-3.8.2-8.1mdv2008.0.i586.rpm\r\n 1f81e09035972f2dd658b740913027f8 2008.0/i586/libtiff3-devel-3.8.2-8.1mdv2008.0.i586.rpm\r\n 38cb329a1841478e36a4c2f78c2b9d0f 2008.0/i586/libtiff3-static-devel-3.8.2-8.1mdv2008.0.i586.rpm\r\n a69b25380f8eb9dff4cae5731aa1576b 2008.0/i586/libtiff-progs-3.8.2-8.1mdv2008.0.i586.rpm \r\n 4062ab04fafcc0b310643bdbcc39e343 2008.0/SRPMS/libtiff-3.8.2-8.1mdv2008.0.src.rpm\r\n\r\n Mandriva Linux 2008.0/X86_64:\r\n e06c6562905343841510dc6149321ea7 2008.0/x86_64/lib64tiff3-3.8.2-8.1mdv2008.0.x86_64.rpm\r\n 2645a673dd22ff97b87f315e228a6e8a 2008.0/x86_64/lib64tiff3-devel-3.8.2-8.1mdv2008.0.x86_64.rpm\r\n 3b35439a9606085a451c85fb87762476 2008.0/x86_64/lib64tiff3-static-devel-3.8.2-8.1mdv2008.0.x86_64.rpm\r\n 712fa17a6debde8aaa02b6b63f25e99c 2008.0/x86_64/libtiff-progs-3.8.2-8.1mdv2008.0.x86_64.rpm \r\n 4062ab04fafcc0b310643bdbcc39e343 2008.0/SRPMS/libtiff-3.8.2-8.1mdv2008.0.src.rpm\r\n\r\n Mandriva Linux 2008.1:\r\n 96ab6a2cbd02a41d51d28852ba8c542a 2008.1/i586/libtiff3-3.8.2-10.1mdv2008.1.i586.rpm\r\n 586ed80dcca4c1512fa0a8f344c4b1ca 2008.1/i586/libtiff3-devel-3.8.2-10.1mdv2008.1.i586.rpm\r\n 8536b2918799e028e92946ae5a9f8bfa 2008.1/i586/libtiff3-static-devel-3.8.2-10.1mdv2008.1.i586.rpm\r\n 0e311bd531287bd6f71aede0ab233375 2008.1/i586/libtiff-progs-3.8.2-10.1mdv2008.1.i586.rpm \r\n 991200fe0e312eb8532e76a42a5f5f36 2008.1/SRPMS/libtiff-3.8.2-10.1mdv2008.1.src.rpm\r\n\r\n Mandriva Linux 2008.1/X86_64:\r\n 67aba91807aa52b92baefac9f51e5991 2008.1/x86_64/lib64tiff3-3.8.2-10.1mdv2008.1.x86_64.rpm\r\n 60bfa4862afb7b8719fa17c7661a422f 2008.1/x86_64/lib64tiff3-devel-3.8.2-10.1mdv2008.1.x86_64.rpm\r\n 6e96394972e36c83768433e2b2ad36a7 \r\n2008.1/x86_64/lib64tiff3-static-devel-3.8.2-10.1mdv2008.1.x86_64.rpm\r\n 0a16cd2b222893004166293534b9edde 2008.1/x86_64/libtiff-progs-3.8.2-10.1mdv2008.1.x86_64.rpm \r\n 991200fe0e312eb8532e76a42a5f5f36 2008.1/SRPMS/libtiff-3.8.2-10.1mdv2008.1.src.rpm\r\n\r\n Corporate 3.0:\r\n 518e89f46b971a1bb21ae1c014247924 corporate/3.0/i586/libtiff3-3.5.7-11.14.C30mdk.i586.rpm\r\n d60decb8c0b256b22f78aadbe8eebe0c corporate/3.0/i586/libtiff3-devel-3.5.7-11.14.C30mdk.i586.rpm\r\n b3f257066e07132549b2d5027736c028 \r\ncorporate/3.0/i586/libtiff3-static-devel-3.5.7-11.14.C30mdk.i586.rpm\r\n 2907ac3739e1718f7908ce64c3fd7867 corporate/3.0/i586/libtiff-progs-3.5.7-11.14.C30mdk.i586.rpm \r\n e08892c5ded68d96e16862f8b69946ab corporate/3.0/SRPMS/libtiff-3.5.7-11.14.C30mdk.src.rpm\r\n\r\n Corporate 3.0/X86_64:\r\n bec82cc9258d4500374b06871f420492 corporate/3.0/x86_64/lib64tiff3-3.5.7-11.14.C30mdk.x86_64.rpm\r\n 3baa1d2a9aef965ec71ed15ba8bf1a20 corporate/3.0/x86_64/lib64tiff3-devel-3.5.7-11.14.C30mdk.x86_64.rpm\r\n 02a22843046e7a3a3208e20ff95f633a \r\ncorporate/3.0/x86_64/lib64tiff3-static-devel-3.5.7-11.14.C30mdk.x86_64.rpm\r\n 529cb32db1c9e2f21278ec3154498278 corporate/3.0/x86_64/libtiff-progs-3.5.7-11.14.C30mdk.x86_64.rpm \r\n e08892c5ded68d96e16862f8b69946ab corporate/3.0/SRPMS/libtiff-3.5.7-11.14.C30mdk.src.rpm\r\n\r\n Corporate 4.0:\r\n 700cb8f74636fbb25f2dd2a8d73c3841 corporate/4.0/i586/libtiff3-3.6.1-12.7.20060mlcs4.i586.rpm\r\n 305bb87c84edf3261491526a9deef8f9 corporate/4.0/i586/libtiff3-devel-3.6.1-12.7.20060mlcs4.i586.rpm\r\n 46bdebacb26f5f05ce572e7de85277e8 \r\ncorporate/4.0/i586/libtiff3-static-devel-3.6.1-12.7.20060mlcs4.i586.rpm\r\n b637cbfec742d8a2c06106cb94c36b5a corporate/4.0/i586/libtiff-progs-3.6.1-12.7.20060mlcs4.i586.rpm \r\n bb4663c662718a57113cf78d7e8c7b13 corporate/4.0/SRPMS/libtiff-3.6.1-12.7.20060mlcs4.src.rpm\r\n\r\n Corporate 4.0/X86_64:\r\n e655bb4c3a7b87eb363dcfd24f139dcf corporate/4.0/x86_64/lib64tiff3-3.6.1-12.7.20060mlcs4.x86_64.rpm\r\n f9676f4f1400c9311d320a88d67d8b91 \r\ncorporate/4.0/x86_64/lib64tiff3-devel-3.6.1-12.7.20060mlcs4.x86_64.rpm\r\n 5c0dccb5f0168c4e43672d9d7982d49f \r\ncorporate/4.0/x86_64/lib64tiff3-static-devel-3.6.1-12.7.20060mlcs4.x86_64.rpm\r\n 87a216a31e01f158135a23095fd341a1 \r\ncorporate/4.0/x86_64/libtiff-progs-3.6.1-12.7.20060mlcs4.x86_64.rpm \r\n bb4663c662718a57113cf78d7e8c7b13 corporate/4.0/SRPMS/libtiff-3.6.1-12.7.20060mlcs4.src.rpm\r\n\r\n Multi Network Firewall 2.0:\r\n 5acf2c9864c31560ac109574e94caef0 mnf/2.0/i586/libtiff3-3.5.7-11.14.C30mdk.i586.rpm \r\n b2f1fc5125dd9e951d6d38ead8050461 mnf/2.0/SRPMS/libtiff-3.5.7-11.14.C30mdk.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_(at)_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n <security*mandriva.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 (GNU/Linux)\r\n\r\niD8DBQFIvrMbmqjQ0CJFipgRAqv6AJ9eEBD7LXdc9E8dpYGimLzumWjvUgCgxA3+\r\ngSpOlHU8sZnY2OoFJ9KzkMw=\r\n=8p0b\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2008-09-04T00:00:00", "published": "2008-09-04T00:00:00", "id": "SECURITYVULNS:DOC:20451", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20451", "title": "[ MDVSA-2008:184 ] libtiff", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:30", "bulletinFamily": "software", "cvelist": ["CVE-2008-2327"], "description": "Memory corruption on LZW decoding.", "edition": 1, "modified": "2008-09-04T00:00:00", "published": "2008-09-04T00:00:00", "id": "SECURITYVULNS:VULN:9262", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:9262", "title": "libtiff memory corruption", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:51", "bulletinFamily": "unix", "cvelist": ["CVE-2008-2327"], "description": "### Background\n\nlibTIFF provides support for reading and manipulating TIFF (Tagged Image File Format) images. \n\n### Description\n\nDrew Yao (Apple Product Security) and Clay Wood reported multiple buffer underflows in the LZWDecode() and LZWDecodeCompat() functions in tif_lzw.c when processing TIFF files. \n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted TIFF file with an application making use of libTIFF, possibly resulting in the remote execution of arbitrary code with the privileges of the user running the application. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll libTIFF users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/tiff-3.8.2-r4\"", "edition": 1, "modified": "2008-09-08T00:00:00", "published": "2008-09-08T00:00:00", "id": "GLSA-200809-07", "href": "https://security.gentoo.org/glsa/200809-07", "type": "gentoo", "title": "libTIFF: User-assisted execution of arbitrary code", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-06T19:46:35", "bulletinFamily": "unix", "cvelist": ["CVE-2006-2656", "CVE-2006-2193"], "edition": 1, "description": "### Background\n\nlibTIFF provides support for reading and manipulating TIFF images. \n\n### Description\n\nA buffer overflow has been found in the t2p_write_pdf_string function in tiff2pdf, which can been triggered with a TIFF file containing a DocumentName tag with UTF-8 characters. An additional buffer overflow has been found in the handling of the parameters in tiffsplit. \n\n### Impact\n\nA remote attacker could entice a user to load a specially crafted TIFF file, resulting in the possible execution of arbitrary code. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll libTIFF users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/tiff-3.8.2-r1\"", "modified": "2006-07-09T00:00:00", "published": "2006-07-09T00:00:00", "id": "GLSA-200607-03", "href": "https://security.gentoo.org/glsa/200607-03", "type": "gentoo", "title": "libTIFF: Multiple buffer overflows", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "fedora": [{"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-2327"], "description": "The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. The libtiff package should be installed if you need to manipulate TIFF format image files. ", "modified": "2008-09-10T06:37:24", "published": "2008-09-10T06:37:24", "id": "FEDORA:E2A74208DBF", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 9 Update: libtiff-3.8.2-11.fc9", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-2327"], "description": "The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. The libtiff package should be installed if you need to manipulate TIFF format image files. ", "modified": "2008-09-10T06:39:57", "published": "2008-09-10T06:39:57", "id": "FEDORA:C45312D002E", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 8 Update: libtiff-3.8.2-11.fc8", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-2327", "CVE-2009-2285"], "description": "The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. The libtiff package should be installed if you need to manipulate TIFF format image files. ", "modified": "2009-07-03T19:41:40", "published": "2009-07-03T19:41:40", "id": "FEDORA:3F55610F896", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 9 Update: libtiff-3.8.2-13.fc9", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "seebug": [{"lastseen": "2017-11-19T21:30:30", "description": "BUGTRAQ ID:30832\r\nCVE ID\uff1aCVE-2008-2327\r\nCNCVE ID\uff1aCNCVE-20082327\r\n\r\nLibTiff\u662f\u4e00\u6b3e\u8d1f\u8d23\u5bf9TIFF\u56fe\u8c61\u683c\u5f0f\u8fdb\u884c\u7f16\u7801/\u89e3\u7801\u7684\u5e94\u7528\u5e93\u3002\r\nLibTIFF 'tif_lzw.c'\u5b58\u5728\u6574\u6570\u4e0b\u6ea2\u95ee\u9898\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6f0f\u6d1e\u4ee5\u94fe\u63a5\u6b64\u5e93\u7684\u5e94\u7528\u7a0b\u5e8f\u6743\u9650\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002\r\nlibtiff/tif_lzw.c\u4ee3\u7801\u4e2d\u7684"LZWDecode()"\u548c"LZWDecodeCompat()"\u51fd\u6570\u5b58\u5728\u9519\u8bef\uff0c\u901a\u8fc7\u6784\u5efa\u7279\u6b8a\u7684TIFF\u6587\u4ef6\uff0c\u8bf1\u4f7f\u7528\u6237\u8bbf\u95ee\uff0c\u53ef\u89e6\u53d1\u7f13\u51b2\u533a\u4e0b\u6ea2\uff0c\u5bfc\u81f4\u4ee5\u94fe\u63a5\u6b64\u5e93\u7684\u5e94\u7528\u7a0b\u5e8f\u6743\u9650\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002\n\nLibTIFF LibTIFF 3.8.2 \r\n+ Debian Linux 3.1 sparc\r\n+ Debian Linux 3.1 s/390\r\n+ Debian Linux 3.1 ppc\r\n+ Debian Linux 3.1 mipsel\r\n+ Debian Linux 3.1 mips\r\n+ Debian Linux 3.1 m68k\r\n+ Debian Linux 3.1 ia-64\r\n+ Debian Linux 3.1 ia-32\r\n+ Debian Linux 3.1 hppa\r\n+ Debian Linux 3.1 arm\r\n+ Debian Linux 3.1 alpha\r\n+ Debian Linux 3.1 \r\nLibTIFF LibTIFF 3.7.2 \r\n+ Debian Linux 3.1 sparc\r\n+ Debian Linux 3.1 s/390\r\n+ Debian Linux 3.1 ppc\r\n+ Debian Linux 3.1 mipsel\r\n+ Debian Linux 3.1 mips\r\n+ Debian Linux 3.1 m68k\r\n+ Debian Linux 3.1 ia-64\r\n+ Debian Linux 3.1 ia-32\r\n+ Debian Linux 3.1 hppa\r\n+ Debian Linux 3.1 arm\r\n+ Debian Linux 3.1 alpha\r\n+ Debian Linux 3.1 \r\nDebian Linux 4.0 sparc\r\nDebian Linux 4.0 s/390\r\nDebian Linux 4.0 powerpc\r\nDebian Linux 4.0 mipsel\r\nDebian Linux 4.0 mips\r\nDebian Linux 4.0 m68k\r\nDebian Linux 4.0 ia-64\r\nDebian Linux 4.0 ia-32\r\nDebian Linux 4.0 hppa\r\nDebian Linux 4.0 arm\r\nDebian Linux 4.0 amd64\r\nDebian Linux 4.0 alpha\r\nDebian Linux 4.0\r\n \n Debian Linux\u64cd\u4f5c\u7cfb\u7edf\u53ef\u53c2\u8003\u5982\u4e0b\u5347\u7ea7\u7a0b\u5e8f\uff1a\r\nDebian Linux 4.0 amd64\r\nDebian libtiff-opengl_3.8.2-7+etch1_amd64.deb\r\n<a href=http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8 target=_blank>http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8</a> .2-7+etch1_amd64.deb\r\nDebian libtiff-tools_3.8.2-7+etch1_amd64.deb\r\n<a href=http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8. target=_blank>http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.</a> 2-7+etch1_amd64.deb\r\nDebian libtiff4-dev_3.8.2-7+etch1_amd64.deb\r\n<a href=http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2 target=_blank>http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2</a> -7+etch1_amd64.deb\r\nDebian libtiff4_3.8.2-7+etch1_amd64.deb\r\n<a href=http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+e target=_blank>http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+e</a> tch1_amd64.deb\r\nDebian libtiffxx0c2_3.8.2-7+etch1_amd64.deb\r\n<a href=http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2 target=_blank>http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2</a> -7+etch1_amd64.deb\r\nDebian Linux 4.0 mipsel\r\nDebian libtiff-opengl_3.8.2-7+etch1_mipsel.deb\r\n<a href=http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8 target=_blank>http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8</a> .2-7+etch1_mipsel.deb\r\nDebian libtiff-tools_3.8.2-7+etch1_mipsel.deb\r\n<a href=http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8. target=_blank>http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.</a> 2-7+etch1_mipsel.deb\r\nDebian libtiff4-dev_3.8.2-7+etch1_mipsel.deb\r\n<a href=http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2 target=_blank>http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2</a> -7+etch1_mipsel.deb\r\nDebian libtiff4_3.8.2-7+etch1_mipsel.deb\r\n<a href=http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+e target=_blank>http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+e</a> tch1_mipsel.deb\r\nDebian libtiffxx0c2_3.8.2-7+etch1_mipsel.deb\r\n<a href=http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2 target=_blank>http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2</a> -7+etch1_mipsel.deb\r\nDebian Linux 4.0 ia-32\r\nDebian libtiff-opengl_3.8.2-7+etch1_i386.deb\r\n<a href=http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8 target=_blank>http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8</a> .2-7+etch1_i386.deb\r\nDebian libtiff-tools_3.8.2-7+etch1_i386.deb\r\n<a href=http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8. target=_blank>http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.</a> 2-7+etch1_i386.deb\r\nDebian libtiff4-dev_3.8.2-7+etch1_i386.deb\r\n<a href=http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2 target=_blank>http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2</a> -7+etch1_i386.deb\r\nDebian libtiff4_3.8.2-7+etch1_i386.deb\r\n<a href=http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+e target=_blank>http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+e</a> tch1_i386.deb\r\nDebian libtiffxx0c2_3.8.2-7+etch1_i386.deb\r\n<a href=http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2 target=_blank>http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2</a> -7+etch1_i386.deb\r\nDebian Linux 4.0 hppa\r\nDebian libtiff-opengl_3.8.2-7+etch1_hppa.deb\r\n<a href=http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8 target=_blank>http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8</a> .2-7+etch1_hppa.deb\r\nDebian libtiff-tools_3.8.2-7+etch1_hppa.deb\r\n<a href=http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8. target=_blank>http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.</a> 2-7+etch1_hppa.deb\r\nDebian libtiff4-dev_3.8.2-7+etch1_hppa.deb\r\n<a href=http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2 target=_blank>http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2</a> -7+etch1_hppa.deb\r\nDebian libtiff4_3.8.2-7+etch1_hppa.deb\r\n<a href=http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+e target=_blank>http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+e</a> tch1_hppa.deb\r\nDebian libtiffxx0c2_3.8.2-7+etch1_hppa.deb\r\n<a href=http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2 target=_blank>http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2</a> -7+etch1_hppa.deb\r\nDebian Linux 4.0 sparc\r\nDebian libtiff-opengl_3.8.2-7+etch1_sparc.deb\r\n<a href=http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8 target=_blank>http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8</a> .2-7+etch1_sparc.deb\r\nDebian libtiff-tools_3.8.2-7+etch1_sparc.deb\r\n<a href=http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8. target=_blank>http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.</a> 2-7+etch1_sparc.deb\r\nDebian libtiff4-dev_3.8.2-7+etch1_sparc.deb\r\n<a href=http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2 target=_blank>http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2</a> -7+etch1_sparc.deb\r\nDebian libtiff4_3.8.2-7+etch1_sparc.deb\r\n<a href=http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+e target=_blank>http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+e</a> tch1_sparc.deb\r\nDebian libtiffxx0c2_3.8.2-7+etch1_sparc.deb\r\n<a href=http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2 target=_blank>http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2</a> -7+etch1_sparc.deb\r\nDebian Linux 4.0 s/390\r\nDebian libtiff-opengl_3.8.2-7+etch1_s390.deb\r\n<a href=http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8 target=_blank>http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8</a> .2-7+etch1_s390.deb\r\nDebian libtiff-tools_3.8.2-7+etch1_s390.deb\r\n<a href=http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8. target=_blank>http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.</a> 2-7+etch1_s390.deb\r\nDebian libtiff4-dev_3.8.2-7+etch1_s390.deb\r\n<a href=http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2 target=_blank>http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2</a> -7+etch1_s390.deb\r\nDebian libtiff4_3.8.2-7+etch1_s390.deb\r\n<a href=http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+e target=_blank>http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+e</a> tch1_s390.deb\r\nDebian libtiffxx0c2_3.8.2-7+etch1_s390.deb\r\n<a href=http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2 target=_blank>http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2</a> -7+etch1_s390.deb\r\nDebian Linux 4.0 powerpc\r\nDebian libtiff-opengl_3.8.2-7+etch1_powerpc.deb\r\n<a href=http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8 target=_blank>http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8</a> .2-7+etch1_powerpc.deb\r\nDebian libtiff-tools_3.8.2-7+etch1_powerpc.deb\r\n<a href=http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8. target=_blank>http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.</a> 2-7+etch1_powerpc.deb\r\nDebian libtiff4-dev_3.8.2-7+etch1_powerpc.deb\r\n<a href=http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2 target=_blank>http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2</a> -7+etch1_powerpc.deb\r\nDebian libtiff4_3.8.2-7+etch1_powerpc.deb\r\n<a href=http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+e target=_blank>http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+e</a> tch1_powerpc.deb\r\nDebian libtiffxx0c2_3.8.2-7+etch1_powerpc.deb\r\n<a href=http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2 target=_blank>http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2</a> -7+etch1_powerpc.deb\r\nDebian Linux 4.0 alpha\r\nDebian libtiff-opengl_3.8.2-7+etch1_alpha.deb\r\n<a href=http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8 target=_blank>http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8</a> .2-7+etch1_alpha.deb\r\nDebian libtiff-tools_3.8.2-7+etch1_alpha.deb\r\n<a href=http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8. target=_blank>http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.</a> 2-7+etch1_alpha.deb\r\nDebian libtiff4-dev_3.8.2-7+etch1_alpha.deb\r\n<a href=http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2 target=_blank>http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2</a> -7+etch1_alpha.deb\r\nDebian libtiff4_3.8.2-7+etch1_alpha.deb\r\n<a href=http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+e target=_blank>http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+e</a> tch1_alpha.deb\r\nDebian libtiffxx0c2_3.8.2-7+etch1_alpha.deb\r\n<a href=http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2 target=_blank>http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2</a> -7+etch1_alpha.deb\r\nDebian Linux 4.0 ia-64\r\nDebian libtiff-opengl_3.8.2-7+etch1_ia64.deb\r\n<a href=http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8 target=_blank>http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8</a> .2-7+etch1_ia64.deb\r\nDebian libtiff-tools_3.8.2-7+etch1_ia64.deb\r\n<a href=http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8. target=_blank>http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.</a> 2-7+etch1_ia64.deb\r\nDebian libtiff4-dev_3.8.2-7+etch1_ia64.deb\r\n<a href=http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2 target=_blank>http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2</a> -7+etch1_ia64.deb\r\nDebian libtiff4_3.8.2-7+etch1_ia64.deb\r\n<a href=http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+e target=_blank>http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+e</a> tch1_ia64.deb\r\nDebian libtiffxx0c2_3.8.2-7+etch1_ia64.deb\r\n<a href=http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2 target=_blank>http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2</a> -7+etch1_ia64.deb\r\nDebian Linux 4.0 mips\r\nDebian libtiff-opengl_3.8.2-7+etch1_mips.deb\r\n<a href=http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8 target=_blank>http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8</a> .2-7+etch1_mips.deb\r\nDebian libtiff-tools_3.8.2-7+etch1_mips.deb\r\n<a href=http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8. target=_blank>http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.</a> 2-7+etch1_mips.deb\r\nDebian libtiff4-dev_3.8.2-7+etch1_mips.deb\r\n<a href=http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2 target=_blank>http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2</a> -7+etch1_mips.deb\r\nDebian libtiff4_3.8.2-7+etch1_mips.deb\r\n<a href=http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+e target=_blank>http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+e</a> tch1_mips.deb\r\nDebian libtiffxx0c2_3.8.2-7+etch1_mips.deb\r\n<a href=http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2 target=_blank>http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2</a> -7+etch1_mips.deb", "published": "2008-08-27T00:00:00", "title": "LibTIFF 'tif_lzw.c'\u8fdc\u7a0b\u6574\u6570\u4e0b\u6ea2\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-2327"], "modified": "2008-08-27T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-3922", "id": "SSV:3922", "sourceData": "", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": ""}], "debian": [{"lastseen": "2020-11-11T13:17:56", "bulletinFamily": "unix", "cvelist": ["CVE-2008-2327"], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1632-1 security@debian.org\nhttp://www.debian.org/security/ Thijs Kinkhorst\nAugust 26, 2008 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : tiff\nVulnerability : buffer underflow\nProblem type : local (remote)\nDebian-specific: no\nCVE Id(s) : CVE-2008-2327\n\nDrew Yao discovered that libTIFF, a library for handling the Tagged Image\nFile Format, is vulnerable to a programming error allowing malformed\ntiff files to lead to a crash or execution of arbitrary code.\n\nFor the stable distribution (etch), this problem has been fixed in\nversion 3.8.2-7+etch1.\n\nFor the testing distribution (lenny), this problem has been fixed in\nversion 3.8.2-10+lenny1.\n\nThe unstable distribution (sid) will be fixed soon.\n\nWe recommend that you upgrade your tiff package.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/t/tiff/tiff_3.8.2.orig.tar.gz\n Size/MD5 checksum: 1333780 e6ec4ab957ef49d5aabc38b7a376910b\n http://security.debian.org/pool/updates/main/t/tiff/tiff_3.8.2-7+etch1.dsc\n Size/MD5 checksum: 770 ae7a380959585d8a5034db1d488fe92d\n http://security.debian.org/pool/updates/main/t/tiff/tiff_3.8.2-7+etch1.diff.gz\n Size/MD5 checksum: 17476 7a2b7064067f462fe3c3e0212b7e59bf\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+etch1_alpha.deb\n Size/MD5 checksum: 521350 e9a8d515beea436f1c5714d5d55621c4\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-7+etch1_alpha.deb\n Size/MD5 checksum: 296784 d25a95a2ee04ddf56245ec2f05f17cfb\n http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-7+etch1_alpha.deb\n Size/MD5 checksum: 5148 7d6f398e75ef40e29b8c8ca5d8cc634e\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-7+etch1_alpha.deb\n Size/MD5 checksum: 11284 7aae8c6f10cf564b87f6ae0bf586b533\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-7+etch1_alpha.deb\n Size/MD5 checksum: 206802 3b78d5d7c37c68c287c1f47758df1a37\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+etch1_amd64.deb\n Size/MD5 checksum: 503074 3546846c37da9d10d92a0bee3b9e47e5\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-7+etch1_amd64.deb\n Size/MD5 checksum: 10290 6362cc149e9d0303bf01d249f082e1c4\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-7+etch1_amd64.deb\n Size/MD5 checksum: 184662 4011f0f2cca3a6ae0753a24fe2528c00\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-7+etch1_amd64.deb\n Size/MD5 checksum: 248376 c7b256d38da9d497a677fac2f50359f5\n http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-7+etch1_amd64.deb\n Size/MD5 checksum: 4926 4c30200928ab374c285135243960e347\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-7+etch1_hppa.deb\n Size/MD5 checksum: 5996 1ea4fc581e861fc4310b506ba38f7fd1\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-7+etch1_hppa.deb\n Size/MD5 checksum: 10876 7952d1695b12c4f94a441e0bbc7e0841\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+etch1_hppa.deb\n Size/MD5 checksum: 515280 790d82258fb2aeac736f16dc969fb83e\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-7+etch1_hppa.deb\n Size/MD5 checksum: 195268 7586a29e6dac1a5fb792569ecdaf1ad2\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-7+etch1_hppa.deb\n Size/MD5 checksum: 267664 5482149084635adb52a67f65c9ec73c7\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-7+etch1_i386.deb\n Size/MD5 checksum: 5004 8843b208a604bdf206959659b80f12f9\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+etch1_i386.deb\n Size/MD5 checksum: 483094 446c73c10b990c8fe254d344b74d720e\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-7+etch1_i386.deb\n Size/MD5 checksum: 9852 8345bd93b3e97de766952efb7402d11d\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-7+etch1_i386.deb\n Size/MD5 checksum: 175592 bd7a1cc32a60a78b600326c141168bd1\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-7+etch1_i386.deb\n Size/MD5 checksum: 233456 7974f2bbc21c436cd1cbd8a18c091c7e\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+etch1_ia64.deb\n Size/MD5 checksum: 552216 fa4a4dc20e9aae562cf45d162252bcec\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-7+etch1_ia64.deb\n Size/MD5 checksum: 250698 7a15422b465b3e5a18e4a067095f06d0\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-7+etch1_ia64.deb\n Size/MD5 checksum: 13168 d7f8222f2b5045171fb06b9d672527b6\n http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-7+etch1_ia64.deb\n Size/MD5 checksum: 6716 ed072e26f3798dd178c33d6b6ad4983b\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-7+etch1_ia64.deb\n Size/MD5 checksum: 326164 27b4d01afafe60fded61f4c379d4efa9\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-7+etch1_mips.deb\n Size/MD5 checksum: 187416 18ba62f6a4edc236cffdff42b9b0cc63\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-7+etch1_mips.deb\n Size/MD5 checksum: 10658 5dab9237ca90f9799665626566380630\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+etch1_mips.deb\n Size/MD5 checksum: 500242 a178091c78f3961d62b6ff5ef00de2cd\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-7+etch1_mips.deb\n Size/MD5 checksum: 265370 e941ddaa662094b74d2f69b9c782b702\n http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-7+etch1_mips.deb\n Size/MD5 checksum: 5150 c94c2621a78b8cc5879a7f1bf2e6eb5c\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-7+etch1_mipsel.deb\n Size/MD5 checksum: 5136 7819c5b07599b8181eb8fff0691eb0d5\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-7+etch1_mipsel.deb\n Size/MD5 checksum: 188706 1715b19d851ced32bb631e4eb757f7c0\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-7+etch1_mipsel.deb\n Size/MD5 checksum: 10642 a811021ca1277f6b11561e98b11b205f\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+etch1_mipsel.deb\n Size/MD5 checksum: 485238 e63ac232935f95b5cb7855f82d5af997\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-7+etch1_mipsel.deb\n Size/MD5 checksum: 264550 3d180d616ec03bbfa1ca2f39dd56015f\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-7+etch1_powerpc.deb\n Size/MD5 checksum: 254574 2bd571a468e7c681210903adee826373\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+etch1_powerpc.deb\n Size/MD5 checksum: 491216 d8ce2c65e8f70e074d0b1e8cac400d9c\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-7+etch1_powerpc.deb\n Size/MD5 checksum: 11814 52071581845d3cd43b36ee5bf94dabe2\n http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-7+etch1_powerpc.deb\n Size/MD5 checksum: 6698 3ce576847f1aeee554fda52f52bb9594\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-7+etch1_powerpc.deb\n Size/MD5 checksum: 203230 5922ac34b5f5d07c94908cbfb6a57113\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-7+etch1_s390.deb\n Size/MD5 checksum: 10722 4c80a47c46ce6f699f0e9ee0ce72045e\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+etch1_s390.deb\n Size/MD5 checksum: 497566 a892a93efd34ba59116e99f282c0f4a3\n http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-7+etch1_s390.deb\n Size/MD5 checksum: 5228 00cec143b258139345450da7c02afb7b\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-7+etch1_s390.deb\n Size/MD5 checksum: 248718 3296c0c882a523bf167c2f66002bea29\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-7+etch1_s390.deb\n Size/MD5 checksum: 182484 4786b0495cd7a749d89f1232dad42247\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-7+etch1_sparc.deb\n Size/MD5 checksum: 236460 49927df44f21d7c705a103c7179627e8\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+etch1_sparc.deb\n Size/MD5 checksum: 480938 3b2e36a5cbed1413decdd67e69e18b54\n http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-7+etch1_sparc.deb\n Size/MD5 checksum: 4698 3cf416179f49186c54585f469356b625\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-7+etch1_sparc.deb\n Size/MD5 checksum: 172524 3ec7e582b1bdcdd53dafa46af50b9ce6\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-7+etch1_sparc.deb\n Size/MD5 checksum: 10236 a76e27d0c4a80ce0e7d585491ceec44e\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 9, "modified": "2008-08-26T16:22:31", "published": "2008-08-26T16:22:31", "id": "DEBIAN:DSA-1632-1:15151", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2008/msg00218.html", "title": "[SECURITY] [DSA 1632-1] New tiff packages fix arbitrary code execution", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-11-11T13:25:32", "bulletinFamily": "unix", "cvelist": ["CVE-2006-2656", "CVE-2006-2193"], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 1091-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nJune 8th, 2006 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : tiff\nVulnerability : buffer overflows\nProblem type : none or remote\nDebian-specific: no\nCVE ID : CVE-2006-2656 CVE-2006-2193\nDebian Bug : 369819\n\nSeveral problems have been discovered in the TIFF library. The Common\nVulnerabilities and Exposures project identifies the following issues:\n\nCVE-2006-2193\n\n SuSE discovered a buffer overflow in the conversion of TIFF files\n into PDF documents which could be exploited when tiff2pdf is used\n e.g. in a printer filter.\n\nCVE-2006-2656\n\n The tiffsplit command from the TIFF library contains a buffer\n overflow in the commandline handling which could be exploited when\n the program is executed automatically on unknown filenames.\n\nFor the old stable distribution (woody) this problem has been fixed in\nversion 3.5.5-7woody2.\n\nFor the stable distribution (sarge) this problem has been fixed in\nversion 3.7.2-5.\n\nFor the unstable distribution (sid) this problem has been fixed in\nversion 3.8.2-4.\n\nWe recommend that you upgrade your tiff packages.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given at the end of this advisory:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5-7woody2.dsc\n Size/MD5 checksum: 635 63c05c844a00a57f87f1804dc668ccbf\n http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5-7woody2.diff.gz\n Size/MD5 checksum: 38682 5905ba8ea39b409b4aa2893b697f35bc\n http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5.orig.tar.gz\n Size/MD5 checksum: 693641 3b7199ba793dec6ca88f38bb0c8cc4d8\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody2_alpha.deb\n Size/MD5 checksum: 141478 2e995b46f312ecf35858f06e50c2ae2e\n http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody2_alpha.deb\n Size/MD5 checksum: 106182 c383b1a1f292525e60efa68750bda5ae\n http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody2_alpha.deb\n Size/MD5 checksum: 423868 da0015dd297de4f4128488fca92c3a88\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody2_arm.deb\n Size/MD5 checksum: 117012 fe039271e5e9a94f56a2ca4c8a38a373\n http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody2_arm.deb\n Size/MD5 checksum: 91610 d52006c179bfc3a13a779dfab1afa8fd\n http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody2_arm.deb\n Size/MD5 checksum: 404850 69dd0252a4e15f0bc84ddb0d53ce5c96\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody2_i386.deb\n Size/MD5 checksum: 112058 cc978252d32d2e853ed08a655940b15b\n http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody2_i386.deb\n Size/MD5 checksum: 82070 22733411e25f7fac444f148dcfb685a7\n http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody2_i386.deb\n Size/MD5 checksum: 387442 dc8f36b0bfed0cc69d53c14f6b6e2fd4\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody2_ia64.deb\n Size/MD5 checksum: 158834 dda97df687d64fef045e7dd425a9b01e\n http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody2_ia64.deb\n Size/MD5 checksum: 136678 e43c8ca8bcbdb54d09cee79f7c2f5665\n http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody2_ia64.deb\n Size/MD5 checksum: 447048 100db6566cc42766d93fd67913834096\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody2_hppa.deb\n Size/MD5 checksum: 128284 43c94055d54efb3d3d0708f527617ca8\n http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody2_hppa.deb\n Size/MD5 checksum: 107708 089f41dfe3629250ddc02cbe1c76c649\n http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody2_hppa.deb\n Size/MD5 checksum: 420730 018d785c7890016dfab3cba41e949dc5\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody2_m68k.deb\n Size/MD5 checksum: 107282 1719b7463ef81d07075c39453f793080\n http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody2_m68k.deb\n Size/MD5 checksum: 80748 2020a4999f141c2b5ba47090c551de36\n http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody2_m68k.deb\n Size/MD5 checksum: 380718 d75aa876cef53d488178caae1dc160f2\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody2_mips.deb\n Size/MD5 checksum: 124022 7deeb5d1d0b5eb2c536143949e507fb0\n http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody2_mips.deb\n Size/MD5 checksum: 88820 ef4eed05b2bb2f853c74997141bab9e6\n http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody2_mips.deb\n Size/MD5 checksum: 411210 d9a0dd8ae266524ff80efcd88e74365a\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody2_mipsel.deb\n Size/MD5 checksum: 123536 88738fa15be0cb199c006503a12e13df\n http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody2_mipsel.deb\n Size/MD5 checksum: 89122 beaf555e5d72f290852777b750a676cc\n http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody2_mipsel.deb\n Size/MD5 checksum: 411326 61a6b79d2fd527d1c3fcd41eac1bd408\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody2_powerpc.deb\n Size/MD5 checksum: 116102 5bb725af64e1f4c2d4a9bc90ab2cc8e0\n http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody2_powerpc.deb\n Size/MD5 checksum: 90618 2e4cfb7cd4e2dee6418fa7f88f01c68f\n http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody2_powerpc.deb\n Size/MD5 checksum: 403142 39f179238a6d70f1a755c7a7751c6b1d\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody2_s390.deb\n Size/MD5 checksum: 116912 a4c1ef170588a8be47985338e6f99074\n http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody2_s390.deb\n Size/MD5 checksum: 92814 c33810f1cae1535ceb0d2f06a2cc4875\n http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody2_s390.deb\n Size/MD5 checksum: 395670 0925a01ed6e686c24aecba121ee12a7f\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody2_sparc.deb\n Size/MD5 checksum: 132896 653921fed0879588e859ec05555d25ad\n http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody2_sparc.deb\n Size/MD5 checksum: 89798 7097a2950a1a40f46c91cccd97e9fef3\n http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody2_sparc.deb\n Size/MD5 checksum: 397444 82752cc23951fc4e26838a704fd18561\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/t/tiff/tiff_3.7.2-5.dsc\n Size/MD5 checksum: 736 a818c1d8f13bba145e33b79f5b476707\n http://security.debian.org/pool/updates/main/t/tiff/tiff_3.7.2-5.diff.gz\n Size/MD5 checksum: 11836 91da082b84456d159fcea664b99012d2\n http://security.debian.org/pool/updates/main/t/tiff/tiff_3.7.2.orig.tar.gz\n Size/MD5 checksum: 1252995 221679f6d5c15670b3c242cbfff79a00\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-5_alpha.deb\n Size/MD5 checksum: 46922 0c35a8df000764e528ae384ac325b8ad\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-5_alpha.deb\n Size/MD5 checksum: 243676 b8745078cb5af1773f1b28e97a787343\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-5_alpha.deb\n Size/MD5 checksum: 478368 6aa0652b69c62bfc7e51c6781d06fa19\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-5_alpha.deb\n Size/MD5 checksum: 309918 adb7022423ccd165188e8071e19cc442\n http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-5_alpha.deb\n Size/MD5 checksum: 41048 72d163b97923c66a8b632e1907bc0865\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-5_amd64.deb\n Size/MD5 checksum: 45848 f79893646f9c74fdef624f949fea88ad\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-5_amd64.deb\n Size/MD5 checksum: 217914 b4abe50b4c24e899cbb961612ff3bdb2\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-5_amd64.deb\n Size/MD5 checksum: 459378 d01fdb8c0c066e5e4503b006b696658d\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-5_amd64.deb\n Size/MD5 checksum: 266960 a13564cc4b1ab7cfe8e956a556c8ee25\n http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-5_amd64.deb\n Size/MD5 checksum: 40618 9114caa1d68c7197f9fa24c1747cd99d\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-5_arm.deb\n Size/MD5 checksum: 45362 fce43634a68f4a8867764f9b8649f07a\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-5_arm.deb\n Size/MD5 checksum: 208490 64553848b27faef1fc6072623904db18\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-5_arm.deb\n Size/MD5 checksum: 453542 16cde56a8e4d74ff39fec6f1cc664171\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-5_arm.deb\n Size/MD5 checksum: 265224 c1e43bfa93d33ea20c970485c2559ec1\n http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-5_arm.deb\n Size/MD5 checksum: 40112 835f54888f47687d80bd283956b6a433\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-5_i386.deb\n Size/MD5 checksum: 45226 fb6a72018e538b9c01be4f1d7b83f5ee\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-5_i386.deb\n Size/MD5 checksum: 206256 bc2113c8fa422bfa43770aff225ef6a2\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-5_i386.deb\n Size/MD5 checksum: 452596 ecd7de1fd8b95c90a20e8418781c129b\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-5_i386.deb\n Size/MD5 checksum: 251726 5d7ab853c833dbf09fecb7da82a90f1d\n http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-5_i386.deb\n Size/MD5 checksum: 40666 94f82a8a5aa26e51e6cb5d8dd2b2d6d7\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-5_ia64.deb\n Size/MD5 checksum: 48314 eced941bad1e44163b1732e7d140e47f\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-5_ia64.deb\n Size/MD5 checksum: 268978 791e5bdfdc7ffc390156b80715c76511\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-5_ia64.deb\n Size/MD5 checksum: 511152 6c74c5b71ae314d7332e5c717edb4a0b\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-5_ia64.deb\n Size/MD5 checksum: 330884 e73f9cd34760e6e90705a22a082e701b\n http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-5_ia64.deb\n Size/MD5 checksum: 42252 6b66dd7679be12ffe5927e6fb4fea6df\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-5_hppa.deb\n Size/MD5 checksum: 46654 d8f619cfa26dde8579513f6d0b81a0f1\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-5_hppa.deb\n Size/MD5 checksum: 230166 1321bf6e1d105ddd339b7e5557aa5719\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-5_hppa.deb\n Size/MD5 checksum: 473080 ab55bbf0033b1b650ee927d21ce9c738\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-5_hppa.deb\n Size/MD5 checksum: 281620 93cf9c2dfa23e2c20e8795dd62dfc1ff\n http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-5_hppa.deb\n Size/MD5 checksum: 41294 6ff9f727d5da771f334f75d58e118bfe\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-5_m68k.deb\n Size/MD5 checksum: 45238 4020963162aeba32e183855003f5282c\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-5_m68k.deb\n Size/MD5 checksum: 193466 dd132dae95518b681b29f18dc72b5126\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-5_m68k.deb\n Size/MD5 checksum: 442750 64ec9d1c9e3cc0bcf916b685437af60d\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-5_m68k.deb\n Size/MD5 checksum: 234514 7a50d86d056760ff37bbd585b136df14\n http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-5_m68k.deb\n Size/MD5 checksum: 40270 491986255b51eaccb5ddcece25ecc732\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-5_mips.deb\n Size/MD5 checksum: 46118 2a6f6b1f5e1557c3ef4297ee0eabc985\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-5_mips.deb\n Size/MD5 checksum: 252258 a21f9c0fc9c53b13b14efd641a3cb8ae\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-5_mips.deb\n Size/MD5 checksum: 458604 30db35156ea16a19a75edfb35ad2a14d\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-5_mips.deb\n Size/MD5 checksum: 280506 53f30322a6fc900b4f0ebc5f3d492676\n http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-5_mips.deb\n Size/MD5 checksum: 40894 170ea7645a3c5543cc5caae43ad5c0a6\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-5_mipsel.deb\n Size/MD5 checksum: 46080 43c5a8ea470cb03a0d2ef8b9933c7857\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-5_mipsel.deb\n Size/MD5 checksum: 252690 857f1625966dbc12f508700a471ac831\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-5_mipsel.deb\n Size/MD5 checksum: 458972 6f4c7d7ffe16f8c99ab81924da944985\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-5_mipsel.deb\n Size/MD5 checksum: 280370 cd2a531fa482b3e48c539e2dd3561494\n http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-5_mipsel.deb\n Size/MD5 checksum: 40880 a81fef82f1d0a9d7d1001e7a325fee30\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-5_powerpc.deb\n Size/MD5 checksum: 47288 24f1d1ac568afd55118a1fc57f903394\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-5_powerpc.deb\n Size/MD5 checksum: 235464 69addcbeaeeba30abe98dcb1efc1a285\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-5_powerpc.deb\n Size/MD5 checksum: 460614 651e56b2fd88160d3a43b92aba8875eb\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-5_powerpc.deb\n Size/MD5 checksum: 272120 17b13db9ffe5f47941db64522210a26e\n http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-5_powerpc.deb\n Size/MD5 checksum: 42466 eaa2cce3db4913037c21d73e59cfed63\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-5_s390.deb\n Size/MD5 checksum: 46240 826c2293b0729b990ee4e78f5d44d5c4\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-5_s390.deb\n Size/MD5 checksum: 213880 b4caf3c3eec6f7261af4eaff0f764bbf\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-5_s390.deb\n Size/MD5 checksum: 466012 2371e8d875c366fe532d447f9e4d185a\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-5_s390.deb\n Size/MD5 checksum: 266758 7b6b6981382dccaede04ffef2f5cfea1\n http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-5_s390.deb\n Size/MD5 checksum: 40886 9e4f621bc83ac85dcf2a56fa7aa59e88\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-5_sparc.deb\n Size/MD5 checksum: 45530 a6cc6e6db7136497800635f5cd991381\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-5_sparc.deb\n Size/MD5 checksum: 205358 8f72175e2f33bc5ab15ea5e9b5c77b91\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-5_sparc.deb\n Size/MD5 checksum: 454782 229cc03ccc4397b839a9545cbe6e6500\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-5_sparc.deb\n Size/MD5 checksum: 257914 f99730a57980cf56a28dc1ce2a74e016\n http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-5_sparc.deb\n Size/MD5 checksum: 40616 8d38793d5c79a5498f7c5e0e2f9c37fe\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n\n", "edition": 3, "modified": "2006-06-08T00:00:00", "published": "2006-06-08T00:00:00", "id": "DEBIAN:DSA-1091-1:7FC74", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2006/msg00177.html", "title": "[SECURITY] [DSA 1091-1] New TIFF packages fix arbitrary code execution", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "vmware": [{"lastseen": "2019-11-06T16:05:51", "bulletinFamily": "unix", "cvelist": ["CVE-2008-3529", "CVE-2008-0960", "CVE-2008-2327", "CVE-2008-3281"], "description": "a. Updated ESX Service Console package libxml2 \n \nA denial of service flaw was found in the way libxml2 processes \ncertain content. If an application that is linked against \nlibxml2 processes malformed XML content, the XML content might \ncause the application to stop responding. \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) \nhas assigned the name CVE-2008-3281 to this issue. \nAdditionally the following was also fixed, but was missing in the \nsecurity advisory. \nA heap-based buffer overflow flaw was found in the way libxml2 \nhandled long XML entity names. If an application linked against \nlibxml2 processed untrusted malformed XML content, it could cause \nthe application to crash or, possibly, execute arbitrary code. \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) \nhas assigned the name CVE-2008-3529 to this issue. \nThe following table lists what action remediates the vulnerability \n(column 4) if a solution is available. \n\n", "edition": 4, "modified": "2008-12-02T00:00:00", "published": "2008-10-31T00:00:00", "id": "VMSA-2008-0017", "href": "https://www.vmware.com/security/advisories/VMSA-2008-0017.html", "title": "Updated ESX packages for libxml2, ucd-snmp, libtiff", "type": "vmware", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
