New security updates for Gentoo Linux are available:
mod_php
PHP contains code for preventing direct access to the CGI binary with configure option "--enable-force-cgi-redirect" and php.ini option "cgi.force_redirect". In PHP 4.3.0 there is a bug which renders these options useless.
Read more
NetHack
Overflowing a buffer in nethack may lead to privelige escalation to games uid.
Read more
w3m
Hironori SAKAMOTO found another security vulnerability in w3m 0.3.2.x that w3m will miss to escape html tag in img alt attribute, so malicious frame html may deceive you to access your local files, cookies and so on.
Read more
SYSLINUX
Security flaws have been found in the SYSLINUX installer when running
setuid root.
Read more
Mailmain
The email variable and the default error page in mailmain 2.1 contains cross site scripting vulnerabilities.
Read more
bitchx
A denial of service vulnerability exists in BitchX. Sending a malformed RPL_NAMREPLY numeric 353 causes BitchX to segfault.
Read more
mod_php
PHP contains code for preventing direct access to the CGI binary with configure option "--enable-force-cgi-redirect" and php.ini option "cgi.force_redirect". In PHP 4.3.0 there is a bug which renders these options useless.
Read more
NetHack
Overflowing a buffer in nethack may lead to privelige escalation to games uid.
Read more
w3m
Hironori SAKAMOTO found another security vulnerability in w3m 0.3.2.x that w3m will miss to escape html tag in img alt attribute, so malicious frame html may deceive you to access your local files, cookies and so on.
Read more
SYSLINUX
Security flaws have been found in the SYSLINUX installer when running
setuid root.
Read more
Mailmain
The email variable and the default error page in mailmain 2.1 contains cross site scripting vulnerabilities.
Read more
bitchx
A denial of service vulnerability exists in BitchX. Sending a malformed RPL_NAMREPLY numeric 353 causes BitchX to segfault.
Read more
