Description: Przemyslaw Frasunek has reported some vulnerabilities in Heimdal ftpd, which potentially can be exploited by malicious users to gain escalated privileges or compromise a vulnerable system. The vulnerabilities are caused due to various race condition errors within the out-of-band signal handling code. Successful exploitation may allow execution of FTP commands or arbitrary code with the privileges of the ftpd process. This has been reported in version 0.6.2. Other versions may also be affected. Solution: Use another FTP service.
Mandrake released the following: Problem Description: Chris Evans discovered a heap-based overflow in the QT library when handling 8-bit RLE encoded BMP files. This vulnerability could allow for the compromise of the account used to view or browse malicious BMP files. On subsequent investigation, it was also found that the handlers for XPM, GIF, and JPEG image types were also faulty. These problems affect all applications that use QT to handle image files, such as QT-based image viewers, the Konqueror web browser, and others.
kde please wether 3.3.3 solves this problem? I'm not sure that the lines below from the Changelog fixes this problem: - QImage Included fix for buffer overflow in libPNG. Fixed bug that made copy constructor not copy the entire image. Allow XPM images with colors that have more than one word in the name. Fixed crash when trying to load a corrupt/invalid BMP image. Fixed crash when trying to load a corrupt/invalid GIF image. Fixed crash when trying to load a JPEG image that is too big. Fixed bug that caused dotsPerMeter() to be ignored when saving JPEG images.
Bummer! Disregard comments. New bug coming up.
Continuing as bug #61412 to avoid any confusion. *** This bug has been marked as a duplicate of 61412 ***
