Secunia has posted this advisory for rPath users to point out an update to several packages including gd, php, php-mysql, and php-pgsql.

rPath has issued an update for gd, php, php-mysql, and php-pgsql. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

Users can grab the updated packages as linked to from the original advisory notice on the rPath mailing list:

Previous versions of the gd and php packages are vulnerable to a Denial of Service attack in which an attacker can use a truncated PNG image to cause unbounded CPU consumption. The libgd library is not exposed via any privileged or remote interfaces within rPath Linux per se, but it is exposed by some web applications, such as php (which provides its own internal version of libgd).