This update ships updated CPU microcode for some types of Intel CPUs and provides mitigations for security vulnerabilities which could result in privilege escalation in combination with VT-d and various side channel attacks.
Multiple vulnerabilities were discovered in nettle, a low level cryptographic library, which could result in denial of service (remote crash in RSA decryption via specially crafted ciphertext, crash on ECDSA signature verification) or incorrect verification of ECDSA signatures.
Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in denial of service or information leaks. For the stable distribution (buster), these problems have been fixed in
Multiple vulnerabilities were discovered in libwebp, the implementation of the WebP image format, which could result in denial of service, memory disclosure or potentially the execution of arbitrary code if malformed images are processed.
A buffer overflow was discovered in HTMLDOC, a HTML processor that generates indexed HTML, PS, and PDF, which could potentially result in the execution of arbitrary code. In addition a number of crashes were addressed.
It was discovered that lasso, a library which implements SAML 2.0 and Liberty Alliance standards, did not properly verify that all assertions in a SAML response were properly signed, allowing an attacker to impersonate users or bypass access control.