* iDefense reported an integer overflow in the _cupsImageReadTIFF()
function in the "imagetops" filter, leading to a heap-based buffer
overflow (CVE-2009-0163).
* Aaron Siegel of Apple Product Security reported that the CUPS web
interface does not verify the content of the "Host" HTTP header
properly (CVE-2009-0164).
* Braden Thomas and Drew Yao of Apple Product Security reported that
CUPS is vulnerable to CVE-2009-0146, CVE-2009-0147 and CVE-2009-0166,
Description
===========
Multiple vulnerabilities were discovered in Python:
* David Remahl of Apple Product Security reported several integer
overflows in core modules such as stringobject, unicodeobject,
bufferobject, longobject, tupleobject, stropmodule, gcmodule,
mmapmodule (CVE-2008-2315).
* David Remahl of Apple Product Security also reported an integer
xmlParseAttValueComplex() function in parser.c (CVE-2008-3529).
* Christian Weiske reported that predefined entity definitions in
entities are not properly handled (CVE-2008-4409).
* Drew Yao of Apple Product Security reported an integer overflow in
the xmlBufferResize() function that can lead to an infinite loop
(CVE-2008-4225).
* Drew Yao of Apple Product Security reported an integer overflow in
the xmlSAX2Characters() function leading to a memory corruption
2.5.3 allowed context-dependent attackers to cause a denial of service
(crash) or possibly execute arbitrary code via crafted images that
trigger heap-based buffer overflows (CVE-2008-1679). This was due
to an incomplete fix for CVE-2007-4965.
David Remahl of Apple Product Security reported several integer
overflows in a number of core modules (CVE-2008-2315). He also
reported an integer overflow in the hashlib module on Python 2.5 that
lead to unreliable cryptographic digest results (CVE-2008-2316).
Justin Ferguson reported multiple buffer overflows in unicode string
2.5.3 allowed context-dependent attackers to cause a denial of service
(crash) or possibly execute arbitrary code via crafted images that
trigger heap-based buffer overflows (CVE-2008-1679). This was due
to an incomplete fix for CVE-2007-4965.
David Remahl of Apple Product Security reported several integer
overflows in a number of core modules (CVE-2008-2315).
Justin Ferguson reported multiple buffer overflows in unicode string
processing that affected 32bit systems (CVE-2008-3142).
Description
===========
Multiple vulnerabilities have been discovered in the Ruby interpreter
and its standard libraries. Drew Yao of Apple Product Security
discovered the following flaws:
* Arbitrary code execution or Denial of Service (memory corruption)
in the rb_str_buf_append() function (CVE-2008-2662).
* A free() call on an uninitialized pointer in the ASN.1 decoder when
decoding an invalid encoding (CVE-2009-0846).
* A buffer overread in the SPNEGO GSS-API application, reported by
Apple Product Security (CVE-2009-0844).
* A NULL pointer dereference in the SPNEGO GSS-API application,
reported by Richard Evans (CVE-2009-0845).
* An incorrect length check inside an ASN.1 decoder leading to
1 media-libs/tiff < 3.8.2-r4 >= 3.8.2-r4
Description
===========
Drew Yao (Apple Product Security) and Clay Wood reported multiple
buffer underflows in the LZWDecode() and LZWDecodeCompat() functions in
tif_lzw.c when processing TIFF files.
Impact
======
===========
Multiple vulnerabilities have been found in the programs included in
the NTP package:
* Apple Product Security reported a boundary error in the
cookedprint() function in ntpq/ntpq.c, possibly leading to a
stack-based buffer overflow (CVE-2009-0159).
* Chris Ries of CMU reported a boundary error within the
crypto_recv() function in ntpd/ntp_crypto.c, possibly leading to a
