Synopsis :

The remote Mandrake Linux host is missing one or more security
updates.

Description :

A vulnerability was found in the gdk-pixbug bmp loader where a bad BMP
image could send the bmp loader into an infinite loop (CVE-2004-0753).

Chris Evans found a heap-based overflow and a stack-based overflow in
the xpm loader of gdk-pixbuf (CVE-2004-0782 and CVE-2004-0783).

Chris Evans also discovered an integer overflow in the ico loader of
gdk-pixbuf (CVE-2004-0788).

All four problems have been corrected in these updated packages.

Update :

The previous package had an incorrect patch applied that would cause
some problems with other programs. The updated packages have the
correct patch applied.

As well, patched gtk+2 packages, which also contain gdk-pixbuf, are
now provided.

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)