Advisories ยป MGASA-2018-0402

Updated mgetty packages fix security vulnerabilities

Publication date: 19 Oct 2018
Modification date: 19 Oct 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-16741 , CVE-2018-16742 , CVE-2018-16743 , CVE-2018-16744 , CVE-2018-16745

Description

Updated mgetty packages fix security vulnerabilities:

The function do_activate() did not properly sanitize shell metacharacters
to prevent command injection (CVE-2018-16741).

Stack-based buffer overflow that could have been triggered via a
command-line parameter (CVE-2018-16742).

The command-line parameter username wsa passed unsanitized to strcpy(),
which could have caused a stack-based buffer overflow (CVE-2018-16743).

The mail_to parameter was not sanitized, leading to command injection if
untrusted input reached reach it (CVE-2018-16744).

The mail_to parameter was not sanitized, leading to a buffer overflow if
long untrusted input reached it (CVE-2018-16745).
                

References

SRPMS

6/core