Debian Security Advisory DSA 1632-1 (tiff) Network Vulnerability

Summary

The remote host is missing an update to tiff announced via advisory DSA 1632-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201632-1

Insight

Drew Yao discovered that libTIFF, a library for handling the Tagged Image File Format, is vulnerable to a programming error allowing malformed tiff files to lead to a crash or execution of arbitrary code. For the stable distribution (etch), this problem has been fixed in version 3.8.2-7+etch1. For the testing distribution (lenny), this problem has been fixed in version 3.8.2-10+lenny1. The unstable distribution (sid) will be fixed soon. We recommend that you upgrade your tiff package.

Severity

Classification

CVE CVE-2008-2327
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Debian Security Advisory DSA 114-1 (gnujsp)
Debian Security Advisory DSA 1105-1 (xine-lib)
Debian Security Advisory DSA 1121-1 (postgrey)
Debian Security Advisory DSA 052-1 (sendfile)
Debian Security Advisory DSA 103-1 (glibc)

Take action and discover your vulnerabilities