It was discovered that YADIFA, an authoritative DNS server, did not sufficiently check its input. This allowed a remote attacker to cause a denial-of-service by forcing the daemon to enter an infinite loop.
It was discovered discovered that SSL connections with client certificates stopped working after the DSA-2795-1 update of lighttpd. An upstream patch has now been applied that provides an appropriate identifier for client certificate verification.
Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development. The vulnerabilities are addressed by upgrading PHP to the new upstream version 5.6.27, which includes additional bug fixes. Please refer to the upstream changelog for more information: https://php.net/ChangeLog-5.php#5.6.27
Thomas Gerbet discovered that viewvc, a web interface for CVS and Subversion repositories, did not properly sanitize user input. This problem resulted in a potential Cross-Site Scripting vulnerability.
George Noseevich discovered that firebird2.5, a relational database system, did not properly check User-Defined Functions , thus allowing remote authenticated users to execute arbitrary code on the firebird server.
The previous subversion security update, DSA-3107-1, introduced a regression which causes Apache httpd to fail to start due to an undefined symbol dav_svn__new_error in configurations which used mod_dav_svn.
It was discovered that libgtk2-perl, a Perl interface to the 2.x series of the Gimp Toolkit library, incorrectly frees memory which GTK+ still holds onto and might access later, leading to denial of service or, potentially, to arbitrary code execution.
Multiple vulnerabilities were discovered in GnuPG, the GNU Privacy Guard: CVE-2014-3591 The Elgamal decryption routine was susceptible to a side-channel attack discovered by researchers of Tel Aviv University. Ciphertext blinding was enabled to counteract it. Note that this may have a quite noticeable impact on Elgamal decryption performance. CVE-2015-0837 The modular exponentiation routine mpi_po ...