Security update for mgetty SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:3108-1 Final 1 1 2018-10-12T05:42:23Z current 2018-10-12T05:42:23Z 2018-10-12T05:42:23Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for mgetty This update for mgetty fixes the following issues: - CVE-2018-16741: Fixed a command injection in fax/faxq-helper.c (boo#1108752) - CVE-2018-16742: Stack-based buffer overflow in contrib/scrts.c triggered via command line parameter (boo#1108762) - CVE-2018-16743: Stack-based buffer overflow with long username in contrib/next-login/login.c (boo#1108761) - CVE-2018-16744: Command injection in faxrec.c (boo#1108757) - CVE-2018-16745: Stack-based buffer overflow in fax_notify_mail() in faxrec.c (boo#1108756) - sets maximum length of a string to prevent buffer overflow and thus possible command injection - The obsolete contrib/scrts.c tool was deleted, which contained a buffer overflow. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2018-10/msg00027.html E-Mail link for openSUSE-SU-2018:3108-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.3 g3utils-1.1.36-65.3.1 mgetty-1.1.36-65.3.1 sendfax-1.1.36-65.3.1 g3utils-1.1.36-65.3.1 as a component of openSUSE Leap 42.3 mgetty-1.1.36-65.3.1 as a component of openSUSE Leap 42.3 sendfax-1.1.36-65.3.1 as a component of openSUSE Leap 42.3 An issue was discovered in mgetty before 1.2.1. In fax/faxq-helper.c, the function do_activate() does not properly sanitize shell metacharacters to prevent command injection. It is possible to use the ||, &&, or > characters within a file created by the "faxq-helper activate <jobid>" command. CVE-2018-16741 openSUSE Leap 42.3:g3utils-1.1.36-65.3.1 openSUSE Leap 42.3:mgetty-1.1.36-65.3.1 openSUSE Leap 42.3:sendfax-1.1.36-65.3.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-10/msg00027.html https://www.suse.com/security/cve/CVE-2018-16741.html CVE-2018-16741 https://bugzilla.suse.com/1108752 SUSE Bug 1108752 An issue was discovered in mgetty before 1.2.1. In contrib/scrts.c, a stack-based buffer overflow can be triggered via a command-line parameter. CVE-2018-16742 openSUSE Leap 42.3:g3utils-1.1.36-65.3.1 openSUSE Leap 42.3:mgetty-1.1.36-65.3.1 openSUSE Leap 42.3:sendfax-1.1.36-65.3.1 low Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-10/msg00027.html https://www.suse.com/security/cve/CVE-2018-16742.html CVE-2018-16742 https://bugzilla.suse.com/1108762 SUSE Bug 1108762 An issue was discovered in mgetty before 1.2.1. In contrib/next-login/login.c, the command-line parameter username is passed unsanitized to strcpy(), which can cause a stack-based buffer overflow. CVE-2018-16743 openSUSE Leap 42.3:g3utils-1.1.36-65.3.1 openSUSE Leap 42.3:mgetty-1.1.36-65.3.1 openSUSE Leap 42.3:sendfax-1.1.36-65.3.1 low Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-10/msg00027.html https://www.suse.com/security/cve/CVE-2018-16743.html CVE-2018-16743 https://bugzilla.suse.com/1108761 SUSE Bug 1108761 An issue was discovered in mgetty before 1.2.1. In fax_notify_mail() in faxrec.c, the mail_to parameter is not sanitized. It could allow for command injection if untrusted input can reach it, because popen is used. CVE-2018-16744 openSUSE Leap 42.3:g3utils-1.1.36-65.3.1 openSUSE Leap 42.3:mgetty-1.1.36-65.3.1 openSUSE Leap 42.3:sendfax-1.1.36-65.3.1 low Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-10/msg00027.html https://www.suse.com/security/cve/CVE-2018-16744.html CVE-2018-16744 https://bugzilla.suse.com/1108757 SUSE Bug 1108757 An issue was discovered in mgetty before 1.2.1. In fax_notify_mail() in faxrec.c, the mail_to parameter is not sanitized. It could allow a buffer overflow if long untrusted input can reach it. CVE-2018-16745 openSUSE Leap 42.3:g3utils-1.1.36-65.3.1 openSUSE Leap 42.3:mgetty-1.1.36-65.3.1 openSUSE Leap 42.3:sendfax-1.1.36-65.3.1 low Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-10/msg00027.html https://www.suse.com/security/cve/CVE-2018-16745.html CVE-2018-16745 https://bugzilla.suse.com/1108756 SUSE Bug 1108756