Dirk Nehring discovered a vulnerability in the IPsec code that allows
remote users to cause a denial of service by sending a specially crafted
ESP packet.
Note that only specific configurations are vulnerable; the default
Debian installation is not affected. Only a configuration meeting
the following requirements is vulnerable:
* The mail delivery style is mailbox, with the Postfix built-in
local(8) or virtual(8) delivery agents.
* The mail spool directory (/var/spool/mail) is user-writeable.
* The user can create hardlinks pointing to root-owned symlinks
located in other directories.
Sebastian Krahmer discovered that Postfix, a mail transfer agent,
incorrectly checks the ownership of a mailbox. In some configurations,
this allows for appending data to arbitrary files as root.
Brian Dowling discovered that the PowerDNS authoritative name server
does not respond to DNS queries which contain certain characters,
increasing the risk of successful DNS spoofing (CVE-2008-3337). This
update changes PowerDNS to respond with SERVFAIL responses instead.
Chaskiel M Grundman discovered that opensc, a library and utilities to
handle smart cards, would initialise smart cards with the Siemens CardOS M4
card operating system without proper access rights. This allowed everyone
to change the card's PIN.
Joan Calvet discovered that httrack, a utility to create local copies of
websites, is vulnerable to a buffer overflow potentially allowing to
execute arbitrary code when passed excessively long URLs.