Security 10745 Published by

New security updates for Gentoo Linux are available:

mod_php
PHP contains code for preventing direct access to the CGI binary with configure option "--enable-force-cgi-redirect" and php.ini option "cgi.force_redirect". In PHP 4.3.0 there is a bug which renders these options useless.

Read more

NetHack
Overflowing a buffer in nethack may lead to privelige escalation to games uid.

Read more

w3m
Hironori SAKAMOTO found another security vulnerability in w3m 0.3.2.x that w3m will miss to escape html tag in img alt attribute, so malicious frame html may deceive you to access your local files, cookies and so on.

Read more

SYSLINUX
Security flaws have been found in the SYSLINUX installer when running
setuid root.

Read more

Mailmain
The email variable and the default error page in mailmain 2.1 contains cross site scripting vulnerabilities.

Read more

bitchx
A denial of service vulnerability exists in BitchX. Sending a malformed RPL_NAMREPLY numeric 353 causes BitchX to segfault.

Read more