{"id":"MGASA-2018-0402","summary":"Updated mgetty packages fix security vulnerabilities","details":"Updated mgetty packages fix security vulnerabilities:\n\nThe function do_activate() did not properly sanitize shell metacharacters\nto prevent command injection (CVE-2018-16741).\n\nStack-based buffer overflow that could have been triggered via a\ncommand-line parameter (CVE-2018-16742).\n\nThe command-line parameter username wsa passed unsanitized to strcpy(),\nwhich could have caused a stack-based buffer overflow (CVE-2018-16743).\n\nThe mail_to parameter was not sanitized, leading to command injection if\nuntrusted input reached reach it (CVE-2018-16744).\n\nThe mail_to parameter was not sanitized, leading to a buffer overflow if\nlong untrusted input reached it (CVE-2018-16745).\n","modified":"2026-04-16T06:25:08.891186615Z","published":"2018-10-19T18:00:37Z","upstream":["CVE-2018-16741","CVE-2018-16742","CVE-2018-16743","CVE-2018-16744","CVE-2018-16745"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2018-0402.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=23567"},{"type":"WEB","url":"https://lists.opensuse.org/opensuse-updates/2018-09/msg00176.html"}],"affected":[{"package":{"name":"mgetty","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/mgetty?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.1.37-1.1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0402.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}