It was discovered that missing input validation in the ar/tar implementations of APT, the high level package manager, could cause out-of-bounds reads or infinite loops, resulting in denial of service when processing malformed deb files.
David Benjamin discovered a flaw in the GENERAL_NAME_cmp() function which could cause a NULL dereference, resulting in denial of service. Additional details can be found in the upstream advisory:
It was discovered that missing input validation in minidlna, a lightweight DLNA/UPnP-AV server could result in the execution of arbitrary code. In addition minidlna was susceptible to the "CallStranger" UPnP vulnerability.
Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in denial of service, privilege escalation or information leaks.
Jan-Niklas Sohn discovered that the XKB extension of the Xorg X server performed incomplete input validation, which could result in privilege escalation.
A buffer overflow was discovered in Brotli, a generic-purpose lossless compression suite. For the stable distribution (buster), this problem has been fixed in
Two vulnerabilities were discovered in libproxy, an automatic proxy configuration management library, which could result in denial of service, or possibly, execution of arbitrary code.
Guenal Davalan reported a flaw in x11vnc, a VNC server to allow remote access to an existing X session. x11vnc creates shared memory segments with 0777 mode. A local attacker can take advantage of this flaw for information disclosure, denial of service or interfering with the VNC
A heap-based buffer overflow flaw was discovered in MuPDF, a lightweight PDF viewer, which may result in denial of service or the execution of arbitrary code if malformed documents are opened.
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure, phishing, cross-site scripting or a DNS rebinding attack.
Two vulnerabilities in the certificate list syntax verification and in the handling of CSN normalization were discovered in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol. An unauthenticated remote attacker can take advantage of these
Ken Gaillot discovered a vulnerability in the Pacemaker cluster resource manager: If ACLs were configured for users in the "haclient" group, the ACL restrictions could be bypassed via unrestricted IPC communication, resulting in cluster-wide arbitrary code execution with
A use-after-free was found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code. For the stable distribution (buster), this problem has been fixed in
It was discovered that a boundary check in libexif, a library to parse EXIF files, could be optimised away by the compiler, resulting in a potential buffer overflow.
It was discovered that raptor2, an RDF parser library, is prone to heap-based buffer overflow flaws, which could result in denial of service, or potentially the execution of arbitrary code, if a specially crafted file is processed.
