Updated mgetty packages fix security vulnerabilities
Publication date: 19 Oct 2018Modification date: 19 Oct 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-16741 , CVE-2018-16742 , CVE-2018-16743 , CVE-2018-16744 , CVE-2018-16745
Description
Updated mgetty packages fix security vulnerabilities:
The function do_activate() did not properly sanitize shell metacharacters
to prevent command injection (CVE-2018-16741).
Stack-based buffer overflow that could have been triggered via a
command-line parameter (CVE-2018-16742).
The command-line parameter username wsa passed unsanitized to strcpy(),
which could have caused a stack-based buffer overflow (CVE-2018-16743).
The mail_to parameter was not sanitized, leading to command injection if
untrusted input reached reach it (CVE-2018-16744).
The mail_to parameter was not sanitized, leading to a buffer overflow if
long untrusted input reached it (CVE-2018-16745).
References
- https://bugs.mageia.org/show_bug.cgi?id=23567
- https://lists.opensuse.org/opensuse-updates/2018-09/msg00176.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16741
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16742
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16743
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16744
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16745
SRPMS
6/core
- mgetty-1.1.37-1.1.mga6