Ubuntu Security Notice USN-1643-1
https://packetstormsecurity.com/files/118488/USN-1643-1.txt
https://packetstormsecurity.com/files/118488/USN-1643-1.txthttps://packetstormsecurity.com/files/118488/Ubuntu-Security-Notice-USN-1643-1.htmlFri, 30 Nov 2012 15:19:55 GMTUbuntu Security Notice 1643-1 - It was discovered that the decode_xs function in the Encode module is vulnerable to a heap-based buffer overflow via a crafted Unicode string. An attacker could use this overflow to cause a denial of service. It was discovered that the 'new' constructor in the Digest module is vulnerable to an eval injection. An attacker could use this to execute arbitrary code. Various other issues were also addressed.