ELA-16-1 tiff security update

DoS vulnerability

Packagetiff
Version4.0.2-6+deb7u22
Related CVE CVE-2018-10963

The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF allows remote attackers to cause a denial of service (assertion failure and application crash) via a crafted file, a different vulnerability than CVE-2017-13726.

For Debian 7 Wheezy, these problems have been fixed in version 4.0.2-6+deb7u22.

We recommend that you upgrade your tiff packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/