A vulnerability was discovered and corrected in libmbfl : * Fix bug #53273 . The updated packages have been patched to correct these issues. Update: The MDVSA-2010:225 advisory used the wrong patch to address the problem, however it did fix the issue. This advisory provides the correct upstream patch.