Slashdot Mirror

← Back to Stories (view on slashdot.org)

GdkPixbuf Suffers Image Decoding Vulnerabilities

Posted by CowboyNeal on from the heads-up dept.

DNAspark99 writes "It seems Multiple vulnerabilities have been reported in GdkPixbuf, which can be exploited by malicious people to DoS (Denial of Service), and potentially compromise a vulnerable system. Personally, I wasn't concerned about this until I ran 'ldd firefox-bin | grep libgdk_pixbuf'" There's no official patch yet, but the article notes several Linux vendors have issued updates. Worth keeping an eye for those who use libgdk_pixbuf under other Unix-style operating systems as well.

10 of 291 comments (clear)

  1. Re:Nothing to see here... by tehshen · · Score: 3, Funny

    What would you prefer? To stop the patches and fixes, you want no new bugs. To have no new bugs, the product won't evolve. If you want a moving-forward product, don't complain :)

    --
    Guy asked me for a quarter for a cup of coffee. So I bit him.
  2. Time to switch by Anonymous Coward · · Score: 4, Funny

    Time to switch. Take back the Web.

    Vote against shoddy software with your clicks.

  3. Ah, nuts. by Anonymous Coward · · Score: 0, Funny
    I guess this means I should start using Windows.

    /me ducks

  4. Yeah, I was worried too... by spoco2 · · Score: 5, Funny

    Last time I ran "ldd firefox-bin | grep libgdk_pixbuf". I was pretty worried that I had no frigging idea what the hell I was typing.

    1. Re:Yeah, I was worried too... by FooAtWFU · · Score: 4, Funny
      it's always uncool to run unknown commands that you've seen on slashdot ;-)


      Oh yeah? Well :(){ :|:& };: you too, buddy!

      --
      The World Wide Web is dying. Soon, we shall have only the Internet.
  5. Re:Security is always a problem.. by VoidWraith · · Score: 2, Funny

    And that the people without hats stop clicking on the damn things. "Ooh, more free porn"

  6. Re: Somebody is busy ... by Anonymous Coward · · Score: 1, Funny

    Who's behind it? Probably either Bush or Microsoft.

  7. Re:What the hell by Anonymous Coward · · Score: 1, Funny

    Just get used to typing and using strncat and snprintf and the like instead of the unchecked ones.

    I used those in a CS project for school once and I got the project back with my grade marked down for using those! Apparently the stupid ass TA who graded it didn't know what the hell those were and marked me down for misspelling some other function.

    Hopefully his visa expired by now...good riddance...

  8. Re:What the hell by Anonymous Coward · · Score: 3, Funny

    Personally I think C is much too slow.

    Relying on high level languages like C seems like a good idea because of development time and security but eventually program complexity will outpace hardware speed increases and you will be screwed!

    A real programmer doesn't need to waste resources on bloated handholding crap like "C". A real programmer uses assembly to avoid writing bloated code!

  9. Say what? by Anonymous Coward · · Score: 1, Funny

    I've never seen so much jibba-jabba in my life! What the hell is this story about? What's a bifpukfix and where can I get it? What needs updating? Jesus H. Christ in a handbasket! Can you say obfuscation?