Multiple security issues have been found in Iceweasel, Debian’s version
of the Mozilla Firefox web browser: Multiple memory safety errors, buffer
overflows, use-after-frees and other implementation errors may lead to
the execution of arbitrary code, the bypass of security restrictions or
denial of service.

Paolo Bonzini of Red Hat discovered that the blit region checks were
insufficient in the Cirrus VGA emulator in qemu-kvm, a full
virtualization solution on x86 hardware. A privileged guest user could
use this flaw to write into qemu address space on the host, potentially
escalating their privileges to those of the qemu host process.

Several vulnerabilities have been discovered in tcpdump, a command-line
network traffic analyzer. These vulnerabilities might result in denial
of service, leaking sensitive information from memory or, potentially,
execution of arbitrary code.

Multiple security issues have been discovered in WordPress, a web
blogging tool, resulting in denial of service or information disclosure.
More information can be found in the upstream advisory at

Dragana Damjanovic discovered that an authenticated client could crash
an OpenVPN server by sending a control packet containing less than
four bytes as payload.

Michele Spagnuolo, of Google Security Team, and Miroslav Lichvar, of
Red Hat, discovered two issues in flac, a library handling Free
Lossless Audio Codec media: by providing a specially crafted FLAC
file, an attacker could execute arbitrary code.

A flaw was discovered in mutt, a text-based mailreader. A specially
crafted mail header could cause mutt to crash, leading to a denial of
service condition.

Several vulnerabilities have been discovered in libvncserver, a library to
implement VNC server functionality. These vulnerabilities might result in the
execution of arbitrary code or denial of service in both the client and the
server side.

Several vulnerabilities have been discovered in OpenJDK, an
implementation of the Oracle Java platform, resulting in the execution
of arbitrary code, information disclosure or denial of service.

A vulnerability was discovered in ppp, an implementation of the
Point-to-Point Protocol: an integer overflow in the routine
responsible for parsing user-supplied options potentially allows a
local attacker to gain root privileges.