- --------------------------------------------------------------------------
Debian-Edu/Skolelinux Security Advisory DESA 2005-002
http://www.skolelinux.org/security/                       Finn-Arne Johansen
January 6th, 2005               debian-edu-security@lists.alioth.debian.org
- --------------------------------------------------------------------------

Package             : tiff (libtiff3g)
Vulnerability       : unsanitised input
Problem-Type        : remote
Need reboot         : no
Debian-Edu-specific : no
CVE ID              : CAN-2004-1183
DSA ID              : DSA-626-1

Dmitry V. Levin discovered a buffer overflow in libtiff, the Tag Image
File Format library for processing TIFF graphics files.  Upon reading
a TIFF file it is possible to crash the application, and maybe also to
execute arbitrary code.

We recommend that you upgrade your libtiff3g packages.

Upgrade Instructions
- --------------------

Make sure the line

  deb http://security.debian.org/ stable/updates main contrib non-free

is present in your /etc/apt/sources.list and run 'apt-get update' to
update your package lists. 
If you only want to upgrade libtiff3g, you may run 'apt-get install
libtiff3g' to upgrade your package.

- --------------------------------------------------------------------------
Mailing list: bruker@skolelinux.no, debian-edu@lists.debian.org,
              linuxiskolen@skolelinux.no, user@skolelinux.de,
              admin-discuss@skolelinux.org
Package info: `apt-cache show <pkg>'