Debian Security Advisory DSA 1054-1 (tiff)

The remote host is missing an update to tiff announced via advisory DSA 1054-1. Tavis Ormandy discovered several vulnerabilities in the TIFF library that can lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2006-2024 Multiple vulnerabilities allow attackers to cause a denial of service. CVE-2006-2025 An integer overflows allows attackers to cause a denial of service and possibly execute arbitrary code. CVE-2006-2026 A double-free vulnerability allows attackers to cause a denial of service and possibly execute arbitrary code. For the old stable distribution (woody) these problems have been fixed in version 3.5.5-7woody1.

For the stable distribution (sarge) these problems have been fixed in version 3.7.2-3sarge1. For the unstable distribution (sid) these problems will be fixed soon. We recommend that you upgrade your libtiff packages. https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201054-1