| 54426 |
nessus-scan-192-168-10-10#20170210#1.csv |
28888 |
96929 |
CVE-2015-8870 |
7.5 |
High |
192.168.10.10 |
tcp |
0 |
CentOS 6 / 7 : libtiff (CESA-2017:0225) |
The remote CentOS host is missing one or more security updates. |
An update for libtiff is now available for Red Hat Enterprise Linux 6
and Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security
impact of Moderate. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.
The libtiff packages contain a library of functions for manipulating
Tagged Image File Format (TIFF) files.
Security Fix(es) :
* Multiple flaws have been discovered in libtiff. A remote attacker
could exploit these flaws to cause a crash or memory corruption and,
possibly, execute arbitrary code by tricking an application linked
against libtiff into processing specially crafted files.
(CVE-2016-9533, CVE-2016-9534, CVE-2016-9535)
* Multiple flaws have been discovered in various libtiff tools
(tiff2pdf, tiffcrop, tiffcp, bmp2tiff). By tricking a user into
processing a specially crafted file, a remote attacker could exploit
these flaws to cause a crash or memory corruption and, possibly,
execute arbitrary code with the privileges of the user running the
libtiff tool. (CVE-2015-8870, CVE-2016-5652, CVE-2016-9540,
CVE-2016-9537, CVE-2016-9536) |
Update the affected libtiff packages. |
http://www.nessus.org/u?83cc297b
http://www.nessus.org/u?3d2e1948 |
Remote package installed : libtiff-3.9.4-10.el6_5 Should be : libtiff-3.9.4-21.el6_8 |
|
