There are a number of critical security holes in any pre-September linux code that handles JPEGs and BMPs. That includes Mozilla, gtk+2.0 , gdk-pixbuf , kdelibs , and libpng.
See http://secunia.com/advisories/12526/ , 12586, 12564, 12311, 12221. These holes have not been exploited as of 28 Sep 2004, but similar holes are being exploited in windoze now, and will certainly be a problem for Linux/Knoppix before Knoppix 3.8 is available.

I pass out hundreds of Knoppix disks per year, and don't want to pass out exploitable versions of Mozilla and others. I would like to remaster a Knoppix "version 3.6A". I can manage the Mozilla 1.7.3 upgrade, but I am not sure I can get all the libraries right, and if any recompiles are needed, I'm not sure I can find all the applications that are affected.

Is there anyone skilled and willing to work with me to remaster a more secure version of 3.6?

Keith Lofstrom (keithl at keithl dot com)