Marcin Noga discovered an integer underflow in Lhasa, a lzh archive
decompressor, which might result in the execution of arbitrary code if
a malformed archive is processed.

Randell Jesup and the Firefox team discovered that srtp, Cisco’s
reference implementation of the Secure Real-time Transport Protocol
(SRTP), does not properly handle RTP header CSRC count and extension
header length. A remote attacker can exploit this vulnerability to crash
an application linked against libsrtp, resulting in a denial of service.

Several vulnerabilities were discovered in imlib2, an image
manipulation library.

It was discovered that libstruts1.2-java, a Java framework for MVC
applications, contains a bug in its multi-page validation code. This
allows input validation to be bypassed, even if MPV is not used
directly.

Several vulnerabilities were discovered in libebml, a library for
manipulating Extensible Binary Meta Language files.

Stelios Tsampas discovered a buffer overflow in the Kamailio SIP proxy
which might result in the execution of arbitrary code.

Kashyap Thimmaraju and Bhargava Shastry discovered a remotely
triggerable buffer overflow vulnerability in openvswitch, a production
quality, multilayer virtual switch implementation. Specially crafted
MPLS packets could overflow the buffer reserved for MPLS labels in an
OVS internal data structure. A remote attacker can take advantage of
this flaw to cause a denial of service, or potentially, execution of
arbitrary code.

Guido Vranken discovered several vulnerabilities in dhcpcd, a DHCP
client, which may result in denial of service.

Kostya Kortchinsky discovered a stack-based buffer overflow
vulnerability in the VPNv4 NLRI parser in bgpd in quagga, a BGP/OSPF/RIP
routing daemon. A remote attacker can exploit this flaw to cause a
denial of service (daemon crash), or potentially, execution of arbitrary
code, if bgpd is configured with BGP peers enabled for VPNv4.

Multiple security vulnerabilities have been fixed in the Tomcat servlet
and JSP engine, which may result on bypass of security manager
restrictions, information disclosure, denial of service or session
fixation.