Comments on: Image flaw pierces PC security

Six vulnerabilities in a common code that handles an open-source image format could open the doors to intruders.

[Fray9]

Misleading title

The title of this article implies that there is a security flaw in the Linux operating system but in reality there is a flaw in an image standard that effects all programs on all operating systems that can display the image format.

So why was Linux singled out?

Consider why

The person who discovered the vunerability only tested this on
Linux. I think the title is a bit off, but it made you read it didn't
it? It is possible other systems are not vunerable, but I doubt it.

[David Arbogast]

Title is just fine

whenever a file or application presents a security or stability problem on Windows, the open-source crowd uses it as an opportunity to decry windows security and stability. But when the .png file format introduces a security threat to Linux, open-source people very quickly show up and suggest that Linux is not the problem, .png is the problem. Double standard? If Linux was secure, it would not allow any applications or programs to create buffer overflows. Wow.. imagine that... a safe, secure operating system... not on this planet.

[Fray9]

Title was changed

The title of the story was changed from "Linux" to "PC" for those playing along at home scratching their heads over what the fuss is all about.

Thanks CNet for being attentive to our concerns over needlessly sensationalist and/or inaccurate headlines/stories.

As a neutral party in the whole Linux/Windows battle (both are good at what they were designed for.. the right tool for the job and such) even I disapprove of attacks or misinformation against either platform. Let each individual try both and make up their own minds. When people start taking sides and thinking their way is the best way things get needlessly ugly.

Windows was designed to be easy to use.
Linux was designed for stability and security.

Please just give each the credit their due and dont fault them for what they werent meant to do.

[Dachi]

Advocate.

Because Internet Explorer does not use LibPNG, and LibPNG does not ship with Windows.

Linux is vulnerable on default install as it actually ships LibPNG.

What, if it is not a kernel vuln than the "Linux Operating System" is not vulnerable?

Sounds like a cheap way to dodge the fact that Linux has security vulns too.

Linux isn't perfect?

Wow, and I thought it was made by superhumans incapable of
mistake making. Vunerabilities are something any computer has
to deal with. I bet there are even vunerabilities in a TiVo if you
think about it.

[Damienkeith]

Mozilla-Firefox fix?

I think the PNG image vulnerability has been addressed in the latest updates of Mozilla, Firefox and Thunderbird - http://www.mozilla.org/projects/security/known-
vulnerabilities.html#mozilla1.7.2

[bluefoxicy]

PaX, ProPolice

Easily deflected by using PaX (for the executable space proctections' memory policy and ASLR) and Stack Smash Protection/ProPolice. I'm not explaining these again; I've written articles on this crap, go read 'em.

http://en.wikipedia.org/wiki/PaX
http://en.wikipedia.org/wiki/ProPolice

You want to know why we need these? THIS is why.

[JadisOne]

Apple released Security Update 2004-08-09 today

Apple has released a security update today (9 Aug 2004) to
address the issue. It can be downloaded using the Software
Update application.