MGASA-2018-0402

See a problem?
Please try reporting it to the source first.
Source
https://advisories.mageia.org/MGASA-2018-0402.html
Import Source
https://advisories.mageia.org/MGASA-2018-0402.json
JSON Data
https://api.test.osv.dev/v1/vulns/MGASA-2018-0402
Related
Published
2018-10-19T18:00:37Z
Modified
2018-10-19T17:34:09Z
Summary
Updated mgetty packages fix security vulnerabilities
Details

Updated mgetty packages fix security vulnerabilities:

The function do_activate() did not properly sanitize shell metacharacters to prevent command injection (CVE-2018-16741).

Stack-based buffer overflow that could have been triggered via a command-line parameter (CVE-2018-16742).

The command-line parameter username wsa passed unsanitized to strcpy(), which could have caused a stack-based buffer overflow (CVE-2018-16743).

The mail_to parameter was not sanitized, leading to command injection if untrusted input reached reach it (CVE-2018-16744).

The mail_to parameter was not sanitized, leading to a buffer overflow if long untrusted input reached it (CVE-2018-16745).

References
Credits

Affected packages

Mageia:6 / mgetty

Package

Name
mgetty
Purl
pkg:rpm/mageia/mgetty?distro=mageia-6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.1.37-1.1.mga6

Ecosystem specific 

{
    "section": "core"
}