Ubuntu Security Notice 4609-1 - Fabian Henneke discovered that GOsa incorrectly handled client cookies. An authenticated user could exploit this with a crafted cookie to perform file deletions in the context of the user account that runs the web server. It was discovered that GOsa incorrectly handled user access control. A remote attacker could use this issue to log into any account with a username containing the word "success". Various other issues were also addressed.
daa46d595ce73c679a0617cf76033ccd2ccb549456af6f754422eaa95cc0f686
Microsoft DirectWrite / AFDKO suffers from a stack corruption vulnerability in OpenType font handling due to negative cubeStackDepth.
151943d6fedcadaa27f44c6659dd65a5bae0b90b376bb58c73d25d660f26876e