Oval Definition:	oval:org.opensuse.security:def:56606
Revision Date: 2020-12-01 Version: 1 Title: Security update for mgetty (Important) Description: This update for mgetty fixes the following security issues: - CVE-2018-16741: The function do_activate() did not properly sanitize shell metacharacters to prevent command injection (bsc#1108752) - CVE-2018-16745: The mail_to parameter was not sanitized, leading to a buffer overflow if long untrusted input reached it (bsc#1108756) - CVE-2018-16744: The mail_to parameter was not sanitized, leading to command injection if untrusted input reached reach it (bsc#1108757) - CVE-2018-16742: Prevent stack-based buffer overflow that could have been triggered via a command-line parameter (bsc#1108762) - CVE-2018-16743: The command-line parameter username wsa passed unsanitized to strcpy(), which could have caused a stack-based buffer overflow (bsc#1108761) Family: unix Class: patch Status: Reference(s): 1012568 1019251 1027575 1038564 1042892 1046191 1050751 1056336 1057086 1083903 1096745 1102682 1103203 1105323 1108752 1108756 1108757 1108761 1108762 1110924 1111007 1111011 1111014 1112188 1114423 1114988 1115040 1115047 1115750 1117756 1118277 1123157 1126140 1126141 1126192 1126195 1126196 1126201 1129623 1135902 1138034 1140402 1143794 1145092 983273 986359 988489 CVE-2014-0012 CVE-2015-8899 CVE-2016-3092 CVE-2016-5388 CVE-2016-5759 CVE-2016-9962 CVE-2017-13672 CVE-2017-2636 CVE-2017-7533 CVE-2017-7645 CVE-2017-8890 CVE-2017-9242 CVE-2018-1000115 CVE-2018-10839 CVE-2018-10902 CVE-2018-12020 CVE-2018-16741 CVE-2018-16742 CVE-2018-16743 CVE-2018-16744 CVE-2018-16745 CVE-2018-17958 CVE-2018-17962 CVE-2018-17963 CVE-2018-18438 CVE-2018-18849 CVE-2018-19665 CVE-2018-19788 CVE-2018-19961 CVE-2018-19962 CVE-2018-19966 CVE-2018-19967 CVE-2018-4700 CVE-2018-5390 CVE-2019-10164 CVE-2019-10208 CVE-2019-12155 CVE-2019-13164 CVE-2019-14378 CVE-2019-6778 CVE-2019-9824 SUSE-SU-2016:2188-1 SUSE-SU-2016:3269-1 SUSE-SU-2017:1964-1 SUSE-SU-2017:2073-1 SUSE-SU-2018:1103-1 SUSE-SU-2018:1698-1 SUSE-SU-2018:2979-1 SUSE-SU-2018:4089-1 SUSE-SU-2019:0019-1 SUSE-SU-2019:0825-1 SUSE-SU-2019:1783-1 SUSE-SU-2019:2157-1 SUSE-SU-2019:2158-1 Platform(s): openSUSE Leap 15.0 openSUSE Leap 15.1 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP4 SUSE OpenStack Cloud 6 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud Crowbar 8 Product(s): Definition Synopsis openSUSE Leap 15.0 is installed AND dracut-044.1-lp150.13 is installed Definition Synopsis openSUSE Leap 15.1 is installed AND Package Information curl-7.60.0-lp151.5.3 is installed OR curl-mini-7.60.0-lp151.5.3 is installed OR libcurl-devel-7.60.0-lp151.5.3 is installed OR libcurl-devel-32bit-7.60.0-lp151.5.3 is installed OR libcurl-mini-devel-7.60.0-lp151.5.3 is installed OR libcurl4-7.60.0-lp151.5.3 is installed OR libcurl4-32bit-7.60.0-lp151.5.3 is installed OR libcurl4-mini-7.60.0-lp151.5.3 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP3 is installed AND Package Information g3utils-1.1.36-58.3 is installed OR mgetty-1.1.36-58.3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1 is installed AND Package Information tomcat-8.0.32-8 is installed OR tomcat-admin-webapps-8.0.32-8 is installed OR tomcat-docs-webapp-8.0.32-8 is installed OR tomcat-el-3_0-api-8.0.32-8 is installed OR tomcat-javadoc-8.0.32-8 is installed OR tomcat-jsp-2_3-api-8.0.32-8 is installed OR tomcat-lib-8.0.32-8 is installed OR tomcat-servlet-3_1-api-8.0.32-8 is installed OR tomcat-webapps-8.0.32-8 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1-LTSS is installed AND Package Information kgraft-patch-3_12_67-60_64_24-default-7-2 is installed OR kgraft-patch-3_12_67-60_64_24-xen-7-2 is installed OR kgraft-patch-SLE12-SP1_Update_11-7-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2 is installed AND kdump-0.8.15-28 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-BCL is installed AND Package Information ntp-4.2.8p12-64.8 is installed OR ntp-doc-4.2.8p12-64.8 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND ucode-intel-20180807-13.29 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND Package Information gpg2-2.0.24-9.3 is installed OR gpg2-lang-2.0.24-9.3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information coreutils-8.25-12 is installed OR coreutils-lang-8.25-12 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-BCL is installed AND Package Information libjavascriptcoregtk-4_0-18-2.28.2-2.53 is installed OR libwebkit2gtk-4_0-37-2.28.2-2.53 is installed OR typelib-1_0-JavaScriptCore-4_0-2.28.2-2.53 is installed OR typelib-1_0-WebKit2-4_0-2.28.2-2.53 is installed OR webkit2gtk-4_0-injected-bundles-2.28.2-2.53 is installed OR webkit2gtk3-2.28.2-2.53 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information kgraft-patch-4_4_176-94_88-default-6-2 is installed OR kgraft-patch-SLE12-SP3_Update_24-6-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4 is installed AND apache2-mod_perl-2.0.8-11 is installed Definition Synopsis SUSE OpenStack Cloud 6 is installed AND python-Jinja2-2.7.3-15 is installed Definition Synopsis SUSE OpenStack Cloud 7 is installed AND Package Information gpg2-2.0.24-9.3 is installed OR gpg2-lang-2.0.24-9.3 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 8 is installed AND Package Information ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.8 is installed OR rubygem-rails-html-sanitizer-1.0.3-8.8 is installed
BACK