Debian Linux Security Advisory 3643-1 - Andreas Cord-Landwehr discovered that kde4libs, the core libraries for all KDE 4 applications, do not properly handle the extraction of archives with "../" in the file paths. A remote attacker can take advantage of this flaw to overwrite files outside of the extraction folder, if a user is tricked into extracting a specially crafted archive.
1a422b9171b9b97d6f54f2f24d9ac352542725ab10a25b57aceca0e4e76ae95b
Debian Linux Security Advisory 3642-1 - Dominic Scheirlinck and Scott Geary of Vend reported insecure behavior in the lighttpd web server. Lighttpd assigned Proxy header values from client requests to internal HTTP_PROXY environment variables, allowing remote attackers to carry out Man in the Middle (MITM) attacks or initiate connections to arbitrary hosts.
1c9834771c98c7b8c070c173750e064cb3cb7aa01860e21eb68125b25605888c