MandrakeSoft has released the follow security updates for Mandrake Linux:
MDKSA-2003:007 : dhcp
Several potential vulnerabilities were detected by the ISC (Internet Software Consortium) in their dhcp server software. The vulnerabilities affect the minires library and may be exploitable as stack buffer overflows, which could lead to remote code execution. All Mandrake Linux users are encouraged to upgrade; only Mandrake Linux 8.0 came with dhcp 2.x and is not vulnerable.
Read more
MDKSA-2003:004-1 : kde
Multiple instances of improperly quoted shell command execution exist in KDE 2.x up to and including KDE 3.0.5. KDE fails to properly quote parameters of instructions passed to the shell for execution. These parameters may contain data such as filenames, URLs, email address, and so forth; this data may be provided remotely to a victim via email, web pages, files on a network filesystem, or other untrusted sources.
Read more
MDKSA-2003:007 : dhcp
Several potential vulnerabilities were detected by the ISC (Internet Software Consortium) in their dhcp server software. The vulnerabilities affect the minires library and may be exploitable as stack buffer overflows, which could lead to remote code execution. All Mandrake Linux users are encouraged to upgrade; only Mandrake Linux 8.0 came with dhcp 2.x and is not vulnerable.
Read more
MDKSA-2003:004-1 : kde
Multiple instances of improperly quoted shell command execution exist in KDE 2.x up to and including KDE 3.0.5. KDE fails to properly quote parameters of instructions passed to the shell for execution. These parameters may contain data such as filenames, URLs, email address, and so forth; this data may be provided remotely to a victim via email, web pages, files on a network filesystem, or other untrusted sources.
Read more