These updated packages fix a buffer overflow in the faces reader. This is normally not a security problem; however, xloadimage is called by the 'plugger' program from inside Netscape to handle some image types. Hence, a remote site could cause arbitrary code to be executed as the user running Netscape. It is recommended that users of Netscape and plugger update to the fixed xloadimage packages. Plugger was shipped in Red Hat Powertools 6.2; if you have only installed packages from Red Hat Linux 6.2, you are not vulnerable to this exploit.
A buffer overflow existed in the faces reader for xloadimage. By making a specially constructed invalid faces file, and then having the server serve this file as a .tif file, arbitrary code could be executed on the client computer running Netscape. Thanks go to firstname.lastname@example.org for bringing this problem to our attention.