Three new security updates for Gentoo Linux are available:
PACKAGE : fnord
fnord 1.6 contained a buffer overrun in the CGI code. However, since the function does not return, this does not appear to be exploitable
Read more
PACKAGE : dhcp
The Internet Software Consortium (ISC) has discovered several buffer overflow vulnerabilities in their implementation of DHCP (ISC DHCPD). These vulnerabilities may allow remote attackers to execute arbitrary code on affected systems. At this time, we are not aware of any exploits.
Read more
PACKAGE : kde-2.2.x
In some instances KDE fails to properly quote parameters of instructions passed to a command shell for execution.
These parameters may incorporate data such as URLs, filenames and e-mail addresses, and this data may be provided remotely to a victim in an e-mail, a webpage or files on a network filesystem or other untrusted source.
Read more
PACKAGE : fnord
fnord 1.6 contained a buffer overrun in the CGI code. However, since the function does not return, this does not appear to be exploitable
Read more
PACKAGE : dhcp
The Internet Software Consortium (ISC) has discovered several buffer overflow vulnerabilities in their implementation of DHCP (ISC DHCPD). These vulnerabilities may allow remote attackers to execute arbitrary code on affected systems. At this time, we are not aware of any exploits.
Read more
PACKAGE : kde-2.2.x
In some instances KDE fails to properly quote parameters of instructions passed to a command shell for execution.
These parameters may incorporate data such as URLs, filenames and e-mail addresses, and this data may be provided remotely to a victim in an e-mail, a webpage or files on a network filesystem or other untrusted source.
Read more
