Santosh Ananthakrishnan discovered a use-after-free in remctl, a serverfor Kerberos-authenticated command execution. If the command isconfigured with the sudo option, this could potentially result in theexecution of arbitrary code.
More info:
https://www.debian.org/security/2018/dsa-4159
James Davis discovered two issues in Django, a high-level Python webdevelopment framework, that can lead to a denial-of-service attack.An attacker with control on the input of the django.utils.html.urlize()function or django.utils.text.Truncators chars() and words() methodscould craft a string that might stuck the execution of the application.
More info:
https://www.debian.org/security/2018/dsa-4161
It was discovered that insufficient input sanitising in libevt, a libraryto access the Windows Event Log (EVT) format, could result in denial ofservice or the execution of arbitrary code if a malformed EVT file isprocessed.
More info:
https://www.debian.org/security/2018/dsa-4160
