WordPress is a PHP and MySQL based content management and publishing system.
rgod discovered that WordPress insufficiently checks the format of cached username data.
An attacker could exploit this vulnerability to execute arbitrary commands by sending a specially crafted username. As of Wordpress 2.0.2 the user data cache is disabled by default.
There are no known workarounds at this time.
All WordPress users should upgrade to the latest available version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-apps/wordpress-2.0.3"