Anton Rager and Jonathan Brossard from the Salesforce.com Product
Security Team and Ben Laurie of Google discovered a denial of service
vulnerability in xerces-c, a validating XML parser library for C++. The
parser mishandles certain kinds of malformed input documents, resulting
in a segmentation fault during a parse operation. An unauthenticated
attacker could use this flaw to cause an application using the
xerces-c library to crash.

Multiple vulnerabilities have been discovered in the PHP language:

Multiple vulnerabilities have been discovered in OpenSSL, a Secure
Sockets Layer toolkit. The Common Vulnerabilities and Exposures project
identifies the following issues:

Hanno Boeck discovered that file’s ELF parser is suspectible to denial
of service.

Multiple vulnerabilities have been discovered in the PHP language:

Several vulnerabilities have been discovered in tcpdump, a command-line
network traffic analyzer. These vulnerabilities might result in denial
of service (application crash) or, potentially, execution of arbitrary
code.

Ilja van Sprundel, Alan Coopersmith and William Robinet discovered
multiple issues in libxfont’s code to process BDF fonts, which might
result in privilege escalation.

Hiroya Ito of GMO Pepabo, Inc. reported that checkpw, a password
authentication program, has a flaw in processing account names which
contain double dashes. A remote attacker can use this flaw to cause a
denial of service (infinite loop).

Mateusz Jurczyk discovered multiple vulnerabilities in Freetype. Opening
malformed fonts may result in denial of service or the execution of
arbitrary code.

Multiple vulnerabilities have been discovered in GnuTLS, a library
implementing the TLS and SSL protocols. The Common Vulnerabilities and
Exposures project identifies the following problems: