Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.0:Update
patchinfo.8816
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.8816
<patchinfo incident="8816"> <issue tracker="bnc" id="1108761">VUL-1: CVE-2018-16743: mgetty: Stack-based buffer overflow with long username in contrib/next-login/login.c</issue> <issue tracker="bnc" id="1108757">VUL-1: CVE-2018-16744: mgetty: Command injection in faxrec.c</issue> <issue tracker="bnc" id="1108756">VUL-1: CVE-2018-16745: mgetty: Stack-based buffer overflow in fax_notify_mail() in faxrec.c</issue> <issue tracker="bnc" id="1108762">VUL-1: CVE-2018-16742: mgetty: Stack-based buffer overflow in contrib/scrts.c triggered via command line parameter</issue> <issue tracker="bnc" id="1108752">VUL-0: CVE-2018-16741: mgetty: command injection in fax/faxq-helper.c</issue> <issue tracker="cve" id="2018-16744"/> <issue tracker="cve" id="2018-16745"/> <issue tracker="cve" id="2018-16741"/> <issue tracker="cve" id="2018-16742"/> <issue tracker="cve" id="2018-16743"/> <category>security</category> <rating>important</rating> <packager>mcalabkova</packager> <description>This update for mgetty fixes the following issues: - CVE-2018-16741: The function do_activate() did not properly sanitize shell metacharacters to prevent command injection (bsc#1108752). - CVE-2018-16745: The mail_to parameter was not sanitized, leading to a buffer overflow if long untrusted input reached it (bsc#1108756). - CVE-2018-16744: The mail_to parameter was not sanitized, leading to command injection if untrusted input reached reach it (bsc#1108757). - CVE-2018-16742: Prevent stack-based buffer overflow that could have been triggered via a command-line parameter (bsc#1108762). - CVE-2018-16743: The command-line parameter username wsa passed unsanitized to strcpy(), which could have caused a stack-based buffer overflow (bsc#1108761). This update was imported from the SUSE:SLE-15:Update update project.</description> <summary>Security update for mgetty</summary> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor