Updated libxml2 packages that fix an overflow when parsing remote resources are now available.
This vulnerability could potentially be exploited by a local user to execute arbitrary code with root privileges.
Updated cvs packages that fix remote denial of service vulnerabilities are now available. (This is a legacy Red Hat fix, released by the Fedora Project).
An attacker could create a carefully crafted directory on a websitesuch that, if a user connects to that directory using the lftp clientand subsequently issues a ‘ls’ or ‘rels’ command, the attacker couldexecute arbitrary code on the users machine.
Phong Nguyen identified a severe bug in the way GnuPG creates anduses ElGamal keys, when those keys are used both to sign and encryptdata. This vulnerability can be used to trivially recover theprivate key.