Chris Evans reported to vendor-sec multiple buffer overflows in libtiff. These issues could potentially lead to arbitrary code execution from a malicious tiff image. This issue also affects RHEL2.1 This issue has been embargoed until Oct 13.
fixed in 3.5.7-16.1
removing embargo
Did you happen to add LZW support while you were at it (bug 128212)?