Fedora 29: mgetty Security Update

    Date26 Feb 2019
    CategoryFedora
    411
    Posted ByLinuxSecurity Advisories
    Security fix for CVE-2018-16741,CVE-2018-16744,CVE-2018-16745
    --------------------------------------------------------------------------------
    Fedora Update Notification
    FEDORA-2019-da586db907
    2019-02-27 03:28:03.892455
    --------------------------------------------------------------------------------
    
    Name        : mgetty
    Product     : Fedora 29
    Version     : 1.1.37
    Release     : 11.fc29
    URL         : http://mgetty.greenie.net/
    Summary     : A getty replacement for use with data and fax modems
    Description :
    The mgetty package contains a "smart" getty which allows logins over a
    serial line (i.e., through a modem). If you're using a Class 2 or 2.0
    modem, mgetty can receive faxes. If you also need to send faxes,
    you'll need to install the sendfax program.
    
    If you'll be dialing in to your system using a modem, you should
    install the mgetty package. If you'd like to send faxes using mgetty
    and your modem, you'll need to install the mgetty-sendfax program. If
    you need a viewer for faxes, you'll also need to install the
    mgetty-viewfax package.
    
    --------------------------------------------------------------------------------
    Update Information:
    
    Security fix for CVE-2018-16741,CVE-2018-16744,CVE-2018-16745
    --------------------------------------------------------------------------------
    ChangeLog:
    
    * Wed Feb 13 2019 Tomas Korbar - 1.1.37-11
    - Fix possible command injection in fax/faxq-helper.c (bug #1628755)
    - CVE-2018-16741
    * Wed Feb 13 2019 Tomas Korbar  - 1.1.37-10
    - Fix multiple security problems in faxrec.c
    - Possible Command injection in faxrec.c (bug #1629976)
    - CVE-2018-16744
    - Stack-based buffer overflow in fax_notify_mail() in faxrec.c (bug #1629980)
    - CVE-2018-16745
    * Tue Feb 12 2019 Tomas Korbar  - 1.1.37-9
    - Fix Out-of-bound access in putwhitespan() function g3/g32pbm.c
    - bug #1629986
    --------------------------------------------------------------------------------
    References:
    
      [ 1 ] Bug #1628754 - CVE-2018-16741 mgetty: command injection in faxrunq
            https://bugzilla.redhat.com/show_bug.cgi?id=1628754
      [ 2 ] Bug #1629975 - CVE-2018-16744 mgetty: Command injection in faxrec.c
            https://bugzilla.redhat.com/show_bug.cgi?id=1629975
      [ 3 ] Bug #1629979 - CVE-2018-16745 mgetty: Stack-based buffer overflow in fax_notify_mail() in faxrec.c
            https://bugzilla.redhat.com/show_bug.cgi?id=1629979
      [ 4 ] Bug #1629985 - mgetty: Out-of-bound access in putwhitespan() function g3/g32pbm.c
            https://bugzilla.redhat.com/show_bug.cgi?id=1629985
    --------------------------------------------------------------------------------
    
    This update can be installed with the "dnf" update program. Use
    su -c 'dnf upgrade --advisory FEDORA-2019-da586db907' at the command
    line. For more information, refer to the dnf documentation available at
    http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
    
    All packages are signed with the Fedora Project GPG key. More details on the
    GPG keys used by the Fedora Project can be found at
    https://fedoraproject.org/keys
    --------------------------------------------------------------------------------
    _______________________________________________
    package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it.
    To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it.
    Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
    List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
    List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    Have you used our RSS feeds?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 4 answer(s).
    /component/communitypolls/?task=poll.vote&format=json
    21
    radio
    [{"id":"77","title":"Yes, for articles","votes":"0","type":"x","order":"1","pct":0,"resources":[]},{"id":"78","title":"Yes, for advisories","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"79","title":"Hybrid that contains both","votes":"0","type":"x","order":"3","pct":0,"resources":[]},{"id":"80","title":"No","votes":"0","type":"x","order":"4","pct":0,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.