fnord / dhcp / KDE Updates for Gentoo
Posted on: 01/19/2003 12:06 AM

Three new security updates for Gentoo Linux are available:

PACKAGE : fnord

fnord 1.6 contained a buffer overrun in the CGI code. However, since the function does not return, this does not appear to be exploitable

Read more

PACKAGE : dhcp

The Internet Software Consortium (ISC) has discovered several buffer overflow vulnerabilities in their implementation of DHCP (ISC DHCPD). These vulnerabilities may allow remote attackers to execute arbitrary code on affected systems. At this time, we are not aware of any exploits.

Read more

PACKAGE : kde-2.2.x

In some instances KDE fails to properly quote parameters of instructions passed to a command shell for execution.

These parameters may incorporate data such as URLs, filenames and e-mail addresses, and this data may be provided remotely to a victim in an e-mail, a webpage or files on a network filesystem or other untrusted source.

Read more

Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/fnord_dhcp_kde_updates_for_gentoo.html)