Dan Kaminsky discovered that properties inherent to the DNS protocol lead to practical DNS cache poisoning attacks. Among other things, successful attacks can lead to misdirected web traffic and email rerouting.
An unpatched security hole in Ubuntu Linux 8.04 LTS operating system could be used by attackers to send a crafted packet and cause a denial of service via application crash in applications linked against OpenSSL to take control of vulnerable servers.
The PCRE library did not correctly handle certain in-pattern options. An attacker could cause applications linked against pcre3 to crash, leading to a denial of service.
It was discovered that Cacti, a systems and services monitoring frontend, performed insufficient input sanitising, leading to cross site scripting and SQL injection being possible.
An updated Apache package that fixes a bug is now available under FreeBSD operating systems.
Havoc Pennington discovered that DBus, a simple interprocess messaging system, performs insufficient validation of security policies, which might allow local privilege escalation.
Luciano Bello discovered that the random number generator in Debian’s openssl package is predictable. This is caused by an incorrect Debian-specific change to the openssl package (CVE-2008-0166). As a result, cryptographic key material may be guessable.
Security update: Image loaders for PNM and XPM images, which may result in the execution of arbitrary code.
Several remote vulnerabilities have been discovered in the TYPO3 content management framework.
As reported earlier CanSecWest conference was designed to test zero day vulnerability against three leading desktop operating systems. The result is out:
 The MacBook Air went first
 Windows Vista was cracked (hacked) on the last day of the contest
 Linux remained undefeated
Although several attendees tried to crack the Linux laptop, nobody could pull it off, said Terri Forslof, a manager of security response with TippingPoint. “I was surprised that it didn’t go,” she said.
=> More information available at official web site (Via Yahoo news)