Felix Doerre and Vladimir Klebanov from the Karlsruhe Institute of
Technology discovered a flaw in the mixing functions of GnuPG’s random
number generator. An attacker who obtains 4640 bits from the RNG can
trivially predict the next 160 bits of output.

Multiple vulnerabilities were discovered in the dissectors for NDS,
PacketBB, WSP, MMSE, RLC, LDSS, RLC and OpenFlow, which could result in
denial of service or the execution of arbitrary code.

Several vulnerabilities have been found in PostgreSQL-9.4, a SQL
database system.

Multiple security issues have been found in Icedove, Debian’s version of
the Mozilla Thunderbird mail client: Multiple memory safety errors may
lead to the execution of arbitrary code or denial of service.

Several vulnerabilites have been discovered in the chromium web browser.

Tobias Stoeckmann discovered that cache files are insufficiently
validated in fontconfig, a generic font configuration library. An
attacker can trigger arbitrary free() calls, which in turn allows double
free attacks and therefore arbitrary code execution. In combination with
setuid binaries using crafted cache files, this could allow privilege
escalation.

Andreas Cord-Landwehr discovered that kde4libs, the core libraries
for all KDE 4 applications, do not properly handle the extraction
of archives with “../” in the file paths. A remote attacker can
take advantage of this flaw to overwrite files outside of the
extraction folder, if a user is tricked into extracting a specially
crafted archive.

Dominic Scheirlinck and Scott Geary of Vend reported insecure behavior
in the lighttpd web server. Lighttpd assigned Proxy header values from
client requests to internal HTTP_PROXY environment variables, allowing
remote attackers to carry out Man in the Middle (MITM) attacks or
initiate connections to arbitrary hosts.

Several vulnerabilities have been discovered in OpenJDK, an
implementation of the Oracle Java platform, resulting in breakouts of
the Java sandbox or denial of service.

Multiple security issues have been found in the Mozilla Firefox web
browser: Multiple memory safety errors, buffer overflows and other
implementation errors may lead to the execution of arbitrary code,
cross-site scriping, information disclosure and bypass of the same-origin
policy.