A buffer overflow in the "man" package has been found. As a result of this bug, a local user could gain effective gid of "man" by manipulating the MANPATH environment variable. After doing so, the user could alter system manual pages to execute arbitrary code.
Download the following RPM packages to the NetWinder into a temporary
directory, then install them with the command "rpm -Uvh *.rpm". Be sure
there are no other files ending in ".rpm" in the temporary directory. See
http://www.netwinder.org/security/install.html for more help.
REFERENCESBugTraq (Michal Zalewski) http://www.securityfocus.com/vdb/bottom.html?vid=1011