[SECURITY] [DLA 1502-1] mgetty security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1502-1] mgetty security update
From: Abhijith PA <abhijith@disroot.org>
Date: Wed, 12 Sep 2018 12:01:55 +0530
Message-id: <[🔎] 6944ac8e-cd75-8f72-7c49-fb4899821980@disroot.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : mgetty
Version        : 1.1.36-2.1+deb8u1
CVE ID         : CVE-2018-16741


Two input sanitization failures have been found in the faxrunq and faxq
binaries in mgetty. An attacker could leverage them to insert commands
via shell metacharacters in jobs id and have them executed with the
privilege of the faxrunq/faxq user.

For Debian 8 "Jessie", this problem has been fixed in version
1.1.36-2.1+deb8u1.

We recommend that you upgrade your mgetty packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAluYstYACgkQhj1N8u2c
KO8zqg//RNrg6gNvvhXgQm9NtWE1MjuJBxvhp80Ss3YVHCE9yRF98nX3R22EJPpr
RzIHpSK7I80JGpZmrVtTR1ikxUiF3kIHQW7/ZWvKtaeG2P5CDOXi7pmw92nZNlgQ
nBxk4QbIS1rRyLVj6M8onk18M3YZ6WU+gdztVRyXjRFE0vJidWFEDdbGYYTzwxCI
MBPw1SknrbxC+kpNWZdQSQOyUVETUnex5nLM9KW7UQ4nV/wsxuQSiynLcIdhW78v
BOWxl5EMli27ihD+HK23GMfmIrcg1Ztd3Zh5xEfDVZhSjaJy7a9e4lClAGuZ8sQG
KnbnaWMevESUbr0DTrUuTE/u+N4Oi8buABgrAnkePALw7skPF816V947L7UkDuXi
c7eH9EDGhSW4fcZ82Nypbq9dG8fQSpWyuJn97IvgOa7O2+gvg2ne78srIjx8lyup
8EBalGQ87tUnGfyln72AanNp1t+Yg2Ap7QO5FqiN+of+FHmA9dduM2gMf9aehyPi
QnXX+9QkcA6cMlswExCUjLVJ7hWiuLZkrbDbaGaL+vcMiflbULneu2WMhxlXv5J+
PhbbW9HsIEcTSh8h43jYyEcWvLN3szcciC5H1qtmPmsi7rTYGPT5pO+EMIyxCf7T
PjT4iPEGHo+8YqSS5UEnAvwKDn+kPOCAKFS8JbTliOORhVo5cZY=
=1Rze
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1501-1] libextractor security update
Next by Date: [SECURITY] [DLA 1503-1] kamailio security update
Previous by thread: [SECURITY] [DLA 1501-1] libextractor security update
Next by thread: [SECURITY] [DLA 1503-1] kamailio security update
Index(es):
- Date
- Thread