This update for mgetty fixes the following issues: - CVE-2018-16741: The function do_activate did not properly sanitize shell metacharacters to prevent command injection . - CVE-2018-16745: The mail_to parameter was not sanitized, leading to a buffer overflow if long untrusted input reached it . - CVE-2018-16744: The mail_to parameter was not sanitized, leading to command injection if untrusted input reached reach it . - CVE-2018-16742: Prevent stack-based buffer overflow that could have been triggered via a command-line parameter . - CVE-2018-16743: The command-line parameter username wsa passed unsanitized to strcpy, which could have caused a stack-based buffer overflow .