What Are You Looking For?

Sign Up
   SUSE Security Update: Security update for mgetty
______________________________________________________________________________

Announcement ID:    SUSE-SU-2018:2894-1
Rating:             important
References:         #1108752 #1108756 #1108757 #1108761 #1108762 
                    
Cross-References:   CVE-2018-16741 CVE-2018-16742 CVE-2018-16743
                    CVE-2018-16744 CVE-2018-16745
Affected Products:
                    SUSE Linux Enterprise Module for Basesystem 15
______________________________________________________________________________

   An update that fixes 5 vulnerabilities is now available.

Description:

   This update for mgetty fixes the following issues:

   - CVE-2018-16741: The function do_activate() did not properly sanitize
     shell metacharacters to prevent command injection (bsc#1108752).
   - CVE-2018-16745: The mail_to parameter was not sanitized, leading to a
     buffer
     overflow if long untrusted input reached it (bsc#1108756).
   - CVE-2018-16744: The mail_to parameter was not sanitized, leading to
     command injection if untrusted input reached reach it (bsc#1108757).
   - CVE-2018-16742: Prevent stack-based buffer overflow that could have been
     triggered via a command-line parameter (bsc#1108762).
   - CVE-2018-16743: The command-line parameter username wsa passed
     unsanitized to strcpy(), which could have caused a stack-based buffer
     overflow (bsc#1108761).


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Basesystem 15:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2054=1



Package List:

   - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64):

      g3utils-1.1.37-3.3.2
      g3utils-debuginfo-1.1.37-3.3.2
      mgetty-1.1.37-3.3.2
      mgetty-debuginfo-1.1.37-3.3.2
      mgetty-debugsource-1.1.37-3.3.2


References:

   https://www.suse.com/security/cve/CVE-2018-16741.html
   https://www.suse.com/security/cve/CVE-2018-16742.html
   https://www.suse.com/security/cve/CVE-2018-16743.html
   https://www.suse.com/security/cve/CVE-2018-16744.html
   https://www.suse.com/security/cve/CVE-2018-16745.html
   https://bugzilla.suse.com/1108752
   https://bugzilla.suse.com/1108756
   https://bugzilla.suse.com/1108757
   https://bugzilla.suse.com/1108761
   https://bugzilla.suse.com/1108762

_______________________________________________
sle-security-updates mailing list
sle-security-updates@lists.suse.com
https://lists.suse.com/mailman/listinfo/sle-security-updates

SUSE: 2018:2894-1 important: mgetty

September 27, 2018
An update that fixes 5 vulnerabilities is now available

Summary

This update for mgetty fixes the following issues: - CVE-2018-16741: The function do_activate() did not properly sanitize shell metacharacters to prevent command injection (bsc#1108752). - CVE-2018-16745: The mail_to parameter was not sanitized, leading to a buffer overflow if long untrusted input reached it (bsc#1108756). - CVE-2018-16744: The mail_to parameter was not sanitized, leading to command injection if untrusted input reached reach it (bsc#1108757). - CVE-2018-16742: Prevent stack-based buffer overflow that could have been triggered via a command-line parameter (bsc#1108762). - CVE-2018-16743: The command-line parameter username wsa passed unsanitized to strcpy(), which could have caused a stack-based buffer overflow (bsc#1108761). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2054=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): g3utils-1.1.37-3.3.2 g3utils-debuginfo-1.1.37-3.3.2 mgetty-1.1.37-3.3.2 mgetty-debuginfo-1.1.37-3.3.2 mgetty-debugsource-1.1.37-3.3.2

References

#1108752 #1108756 #1108757 #1108761 #1108762

Cross- CVE-2018-16741 CVE-2018-16742 CVE-2018-16743

CVE-2018-16744 CVE-2018-16745

Affected Products:

SUSE Linux Enterprise Module for Basesystem 15

https://www.suse.com/security/cve/CVE-2018-16741.html

https://www.suse.com/security/cve/CVE-2018-16742.html

https://www.suse.com/security/cve/CVE-2018-16743.html

https://www.suse.com/security/cve/CVE-2018-16744.html

https://www.suse.com/security/cve/CVE-2018-16745.html

https://bugzilla.suse.com/1108752

https://bugzilla.suse.com/1108756

https://bugzilla.suse.com/1108757

https://bugzilla.suse.com/1108761

https://bugzilla.suse.com/1108762

Severity
Announcement ID: SUSE-SU-2018:2894-1
Rating: important

Related News

Kubernetes Security on AWS: A Practical Guide

Nov 18, 2023

Nitrux 3.2.0 Linux Distro Released with Enhanced Security and New Features

Nov 28, 2023

Kinsing Hackers Exploit Apache ActiveMQ Vulnerability to Deploy Linux Rootkits

Nov 25, 2023

Severe Firefox, Thunderbird Bugs Could Lead to System Takeover

Dec 2, 2023

News

Advisories

HOWTOs

Features

Critical Linux Kernel Bugs Lead to DoS, Privilege Escalation - Patch Now!
Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024
Cloud Security Basics for Small Businesses

About Us

Powered By

Footer Logo