It was discovered that the LDAP authentication modules for the ProsodyJabber/XMPP server incorrectly validated the XMPP address when checkingwhether a user has admin access.
More info:
https://www.debian.org/security/2020/dsa-4612
A heap-based buffer overflow vulnerability was discovered in theidn2_to_ascii_4i() function in libidn2, the GNU library forInternationalized Domain Names (IDNs), which could result in denial ofservice, or the execution of arbitrary code when processing a longdomain string.
More info:
https://www.debian.org/security/2020/dsa-4613
Joe Vennix discovered a stack-based buffer overflow vulnerability insudo, a program designed to provide limited super user privileges tospecific users, triggerable when configured with the pwfeedback optionenabled. An unprivileged user can take advantage of this flaw to obtainfull root privileges.
More info:
https://www.debian.org/security/2020/dsa-4614
Two vulnerabilities were discovered in spamassassin, a Perl-based spamfilter using text analysis. Malicious rule or configuration files,possibly downloaded from an updates server, could execute arbitrarycommands under multiple scenarios.
More info:
https://www.debian.org/security/2020/dsa-4615
