It was discovered that PCSCD, a daemon to access smart cards, was vulnerable to a buffer overflow allowing a local attacker to elevate his privileges to root.

Several vulnerabilities have been discovered in the GNU C Library (aka glibc) and its derivatives. The Common Vulnerabilities and Exposures project identifies the following problems:

Several vulnerabilities have been discovered in the MySQL database server. The Common Vulnerabilities and Exposures project identifies the following problems:

It was discovered that in zonecheck, a tool to check DNS configurations, the CGI does not perform sufficient sanitation of user input; an attacker can take advantage of this and pass script code in order to perform cross-site scripting attacks.

It was discovered that OpenOffice.org, a full-featured office productivity suite that provides a near drop-in replacement for Microsoft® Office, is not properly handling python macros embedded in an office document. This allows an attacker to perform user-assisted execution of arbitrary code in certain use cases of the python macro viewer component.

Several cache-poisoning vulnerabilities have been discovered in BIND. These vulnerabilities apply only if DNSSEC validation is enabled and trust anchors have been installed, which is not the default.

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems:

Shawn Emery discovered that in MIT Kerberos 5 (krb5), a system for authenticating users and services on a network, a null pointer dereference flaw in the Generic Security Service Application Program Interface (GSS-API) library could allow an authenticated remote attacker to crash any server application using the GSS-API authentication mechanism, by sending a specially-crafted GSS-API token with a missing checksum field.

Several local vulnerabilities have been discovered in PostgreSQL, an object-relational SQL database. The Common Vulnerabilities and Exposures project identifies the following problems:

Several local vulnerabilities have been discovered in KPDF, a PDF viewer for KDE, which allow the execution of arbitrary code or denial of service if a user is tricked into opening a crafted PDF document.

It has been discovered that barnowl, a curses-based tty Jabber, IRC, AIM and Zephyr client, is prone to a buffer overflow via its "CC:" handling, which could lead to the execution of arbitrary code.

Dan Rosenberg discovered that in dvipng, a utility that converts DVI files to PNG graphics, several array index errors allow context-dependent attackers, via a specially crafted DVI file, to cause a denial of service (crash of the application), and possibly arbitrary code execution.