SUSE-SU-2018:2850-1 -- SLES mgetty, g3utilsID: oval:org.secpod.oval:def:89002530 | Date: (C)2021-02-26 (M)2022-10-10 |
Class: PATCH | Family: unix |
This update for mgetty fixes the following issues: - CVE-2018-16741: The function do_activate did not properly sanitize shell metacharacters to prevent command injection - CVE-2018-16745: The mail_to parameter was not sanitized, leading to a buffer overflow if long untrusted input reached it - CVE-2018-16744: The mail_to parameter was not sanitized, leading to command injection if untrusted input reached reach it - CVE-2018-16742: Prevent stack-based buffer overflow that could have been triggered via a command-line parameter - CVE-2018-16743: The command-line parameter username wsa passed unsanitized to strcpy, which could have caused a stack-based buffer overflow
Platform: |
SUSE Linux Enterprise Server 11 SP4 |