Debian Security Advisory DSA 1632-1 (tiff) Network Vulnerability

Summary

The remote host is missing an update to tiff announced via advisory DSA 1632-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201632-1

Insight

Drew Yao discovered that libTIFF, a library for handling the Tagged Image File Format, is vulnerable to a programming error allowing malformed tiff files to lead to a crash or execution of arbitrary code. For the stable distribution (etch), this problem has been fixed in version 3.8.2-7+etch1. For the testing distribution (lenny), this problem has been fixed in version 3.8.2-10+lenny1. The unstable distribution (sid) will be fixed soon. We recommend that you upgrade your tiff package.

Severity

Classification

CVE CVE-2008-2327

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Debian Security Advisory DSA 1079-1 (mysql-dfsg)
Debian Security Advisory DSA 068-1 (openldap)
Debian Security Advisory DSA 035-1 (man2html)
Debian Security Advisory DSA 1054-1 (tiff)
Debian Security Advisory DSA 1094-1 (gforge)

Take action and discover your vulnerabilities