Chris Evans reported to vendor-sec multiple buffer overflows in
libtiff. These issues could potentially lead to arbitrary code
execution from a malicious tiff image.
This issue also affects RHEL2.1
This issue has been embargoed until Oct 13.
fixed in 3.5.7-16.1
Did you happen to add LZW support while you were at it (bug 128212)?