SUSE-SU-2018:2894-1 -- SLES mgetty, g3utilsID: oval:org.secpod.oval:def:89049651 | Date: (C)2023-07-25 (M)2023-07-25 |
Class: PATCH | Family: unix |
This update for mgetty fixes the following issues: - CVE-2018-16741: The function do_activate did not properly sanitize shell metacharacters to prevent command injection . - CVE-2018-16745: The mail_to parameter was not sanitized, leading to a buffer overflow if long untrusted input reached it . - CVE-2018-16744: The mail_to parameter was not sanitized, leading to command injection if untrusted input reached reach it . - CVE-2018-16742: Prevent stack-based buffer overflow that could have been triggered via a command-line parameter . - CVE-2018-16743: The command-line parameter username wsa passed unsanitized to strcpy, which could have caused a stack-based buffer overflow .
Platform: |
SUSE Linux Enterprise Server 15 |
SUSE Linux Enterprise Desktop 15 |