Mandrake Linux Security Advisory : libtiff (MDKSA-2006:095)
High Nessus Plugin ID 21661
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionA stack-based buffer overflow in the tiffsplit command in libtiff 3.8.2 and earlier might might allow attackers to execute arbitrary code via a long filename.
NOTE: tiffsplit is not setuid, and there may not be a common scenario under which tiffsplit is called with attacker-controlled command line arguments.
The updated packages have been patched to correct this issue.
SolutionUpdate the affected packages.