Security update for mgetty
This update for mgetty fixes the following issues:
- CVE-2018-16741: Fixed a command injection in fax/faxq-helper.c (boo#1108752)
- CVE-2018-16742: Stack-based buffer overflow in contrib/scrts.c triggered via command line parameter (boo#1108762)
- CVE-2018-16743: Stack-based buffer overflow with long username in contrib/next-login/login.c (boo#1108761)
- CVE-2018-16744: Command injection in faxrec.c (boo#1108757)
- CVE-2018-16745: Stack-based buffer overflow in fax_notify_mail() in faxrec.c (boo#1108756)
- sets maximum length of a string to prevent buffer overflow and thus possible
command injection
- The obsolete contrib/scrts.c tool was deleted, which contained a buffer overflow.
-
Submitted by
Markéta Machová (mcalabkova)
Fixed bugs
bnc#1108761
VUL-1: CVE-2018-16743: mgetty: Stack-based buffer overflow with long username in contrib/next-login/login.c
bnc#1108757
VUL-1: CVE-2018-16744: mgetty: Command injection in faxrec.c
bnc#1108756
VUL-1: CVE-2018-16745: mgetty: Stack-based buffer overflow in fax_notify_mail() in faxrec.c
bnc#1108762
VUL-1: CVE-2018-16742: mgetty: Stack-based buffer overflow in contrib/scrts.c triggered via command line parameter
bnc#1108752
VUL-0: CVE-2018-16741: mgetty: command injection in fax/faxq-helper.c
