fnord / dhcp / KDE Updates for Gentoo
Posted on: 01/18/2003 11:06 PM
Three new security updates for Gentoo Linux are available:PACKAGE : fnord
fnord 1.6 contained a buffer overrun in the CGI code. However, since the function does not return, this does not appear to be exploitableRead morePACKAGE : dhcp
The Internet Software Consortium (ISC) has discovered several buffer overflow vulnerabilities in their implementation of DHCP (ISC DHCPD). These vulnerabilities may allow remote attackers to execute arbitrary code on affected systems. At this time, we are not aware of any exploits.Read morePACKAGE : kde-2.2.x
In some instances KDE fails to properly quote parameters of instructions passed to a command shell for execution.
These parameters may incorporate data such as URLs, filenames and e-mail addresses, and this data may be provided remotely to a victim in an e-mail, a webpage or files on a network filesystem or other untrusted source. Read more