Anibal Sacco discovered that cups, a general printing system for UNIX
systems, suffers from null pointer dereference because of its handling
of two consecutive IPP packets with certain tag attributes that are
treated as IPP_TAG_UNSUPPORTED tags. This allows unauthenticated attackers
to perform denial of service attacks by crashing the cups daemon.
Read the full story: DSA-1811 cups, cupsys – null ptr dereference: http://www.debian.org/security/2009/dsa-1811
An information disclosure flaw was found in mod_jk, the Tomcat Connector
module for Apache. If a buggy client included the “Content-Length” header
without providing request body data, or if a client sent repeated
requests very quickly, one client could obtain a response intended for
another client.
Read the full story: DSA-1810 libapache-mod-jk – information disclosure: http://www.debian.org/security/2009/dsa-1810
Markus Petrux discovered a cross-site scripting vulnerability in the
taxonomy module of drupal6, a fully-featured content management
framework. It is also possible that certain browsers using the UTF-7
encoding are vulnerable to a different cross-site scripting
vulnerability.
Read the full story: DSA-1808 drupal6 – insufficient input sanitising: http://www.debian.org/security/2009/dsa-1808