Request 640100: Incident mgetty - openSUSE Build Service

Overview

Request 640100 accepted

- Added patch mgetty-fax-block-code-injection.patch to fix
bsc#1108752 (CVE-2018-16741): command injection in fax/faxq-helper.c

- Added patches:
* mgetty-fix-buffer-overflow.patch - upstream patch, sets maximum
length of a string to prevent buffer overflow and thus possible
command injection
* mgetty-delete-obsolete.patch - upstream-based patch, deletes
obsolete file contrib/scrts.c, which could cause buffer overflow
- Fixed bugs:
* bsc#1108756 (CVE-2018-16745): Stack-based buffer overflow in
fax_notify_mail() in faxrec.c
* bsc#1108757 (CVE-2018-16744): Command injection in faxrec.c
* bsc#1108762 (CVE-2018-16742): Stack-based buffer overflow in
contrib/scrts.c triggered via command line parameter
* bsc#1108761 (CVE-2018-16743): Stack-based buffer overflow with
long username in contrib/next-login/login.c

Created by mcalabkova over 5 years ago
In state accepted

Incident mgetty

Comments for request 640100 0

Login required, please login in order to comment

Request History

mcalabkova created request over 5 years ago

- Added patch mgetty-fax-block-code-injection.patch to fix
bsc#1108752 (CVE-2018-16741): command injection in fax/faxq-helper.c

- Added patches:
* mgetty-fix-buffer-overflow.patch - upstream patch, sets maximum
length of a string to prevent buffer overflow and thus possible
command injection
* mgetty-delete-obsolete.patch - upstream-based patch, deletes
obsolete file contrib/scrts.c, which could cause buffer overflow
- Fixed bugs:
* bsc#1108756 (CVE-2018-16745): Stack-based buffer overflow in
fax_notify_mail() in faxrec.c
* bsc#1108757 (CVE-2018-16744): Command injection in faxrec.c
* bsc#1108762 (CVE-2018-16742): Stack-based buffer overflow in
contrib/scrts.c triggered via command line parameter
* bsc#1108761 (CVE-2018-16743): Stack-based buffer overflow with
long username in contrib/next-login/login.c

licensedigger accepted review over 5 years ago

ok

factory-auto accepted review over 5 years ago

Check script succeeded

maintbot added mgetty as a reviewer over 5 years ago

Submission for mgetty by someone who is not maintainer in the devel project (Base:System). Please review

maintbot accepted review over 5 years ago

ok

msmeissn accepted review over 5 years ago

ok

msmeissn approved review over 5 years ago

ok

msmeissn moved maintenance target to openSUSE:Maintenance:8886 over 5 years ago

msmeissn accepted request over 5 years ago

accepted request 640100:Thanks!

For information about the update, see https://build.opensuse.org/project/maintenance_incidents/openSUSE:Maintenance

openSUSE Build Service is sponsored by