Conectiva has fixed image loading vulnerabilities in versions 9 and 10 of the gdk-pixbuf library that could allow a specially crafted .bmp image to "hang applications in an infinite loop." . . .
Conectiva fixes image loading flaws in gdk-pixbuf library
Conectiva has fixed image loading vulnerabilities in versions 9 and 10 of the gdk-pixbuf library that could allow a specially crafted .bmp image to "hang applications in an infinite loop." According to the Conectiva advisory, researcher Chris Evans found a heap-based overflow and a stack-based overflow on gdk-pixbuf's .xpm loader and an integer overflow in its "ico" loader. All gdk-pixbuf and/or gtk+2 users are advised to upgrade their packages. Conectiva noted that all applications linked against gdk-pixbuf or gtk+2 must be restarted after the upgrade to close the vulnerabilities.

Gentoo reports phpMyAdmin vulnerability
Gentoo Linux recommends users upgrade to the latest version of phpMyAdmin to close a security hole in the Web-based MySQL administration tool's MIME-based transformation system. An attacker could use the vulnerability to remotely execute arbitrary commands if php's "safe mode" is disabled. "A defect was found in phpMyAdmin's MIME-based transformation system when used with external transformations," Gentoo's advisory said. "A remote attacker could exploit this vulnerability to execute arbitrary commands on the server with the rights of the HTTP server user." Enabling php safe mode ("safe_mode = On" in php.ini) may serve as a temporary workaround, but all users are advised to upgrade to the latest version.

The link for this article located at SearchSecurity.com is no longer available.