This update for mgetty fixes the following issues:
CVE-2018-16741: Fixed a command injection in fax/faxq-helper.c
(boo#1108752)
CVE-2018-16742: Stack-based buffer overflow in contrib/scrts.c triggered
via command line parameter (boo#1108762)
CVE-2018-16743: Stack-based buffer overflow with long username in
contrib/next-login/login.c (boo#1108761)
CVE-2018-16744: Command injection in faxrec.c (boo#1108757)
CVE-2018-16745: Stack-based buffer overflow in fax_notify_mail() in
faxrec.c (boo#1108756)
sets maximum length of a string to prevent buffer overflow and thus
possible command injection
The obsolete contrib/scrts.c tool was deleted, which contained a buffer
overflow.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
openSUSE Leap | 42.3 | i586 | g3utils-debuginfo | < 1.1.36-65.3.1 | g3utils-debuginfo-1.1.36-65.3.1.i586.rpm |
openSUSE Leap | 42.3 | i586 | mgetty | < 1.1.36-65.3.1 | mgetty-1.1.36-65.3.1.i586.rpm |
openSUSE Leap | 42.3 | i586 | mgetty-debuginfo | < 1.1.36-65.3.1 | mgetty-debuginfo-1.1.36-65.3.1.i586.rpm |
openSUSE Leap | 42.3 | i586 | sendfax | < 1.1.36-65.3.1 | sendfax-1.1.36-65.3.1.i586.rpm |
openSUSE Leap | 42.3 | x86_64 | mgetty | < 1.1.36-65.3.1 | mgetty-1.1.36-65.3.1.x86_64.rpm |
openSUSE Leap | 42.3 | i586 | sendfax-debuginfo | < 1.1.36-65.3.1 | sendfax-debuginfo-1.1.36-65.3.1.i586.rpm |
openSUSE Leap | 42.3 | x86_64 | sendfax | < 1.1.36-65.3.1 | sendfax-1.1.36-65.3.1.x86_64.rpm |
openSUSE Leap | 42.3 | x86_64 | g3utils | < 1.1.36-65.3.1 | g3utils-1.1.36-65.3.1.x86_64.rpm |
openSUSE Leap | 42.3 | i586 | g3utils | < 1.1.36-65.3.1 | g3utils-1.1.36-65.3.1.i586.rpm |
openSUSE Leap | 42.3 | i586 | mgetty-debugsource | < 1.1.36-65.3.1 | mgetty-debugsource-1.1.36-65.3.1.i586.rpm |