An issue was discovered in mgetty before 1.2.1. In contrib/next-login/login.c, the command-line parameter username is passed unsanitized to strcpy(), which can cause a stack-based buffer overflow.
{ "availability": "No subscription required", "ubuntu_priority": "low", "binaries": [ { "binary_name": "mgetty", "binary_version": "1.2.1-1" }, { "binary_name": "mgetty-docs", "binary_version": "1.2.1-1" }, { "binary_name": "mgetty-fax", "binary_version": "1.2.1-1" }, { "binary_name": "mgetty-fax-dbgsym", "binary_version": "1.2.1-1" }, { "binary_name": "mgetty-pvftools", "binary_version": "1.2.1-1" }, { "binary_name": "mgetty-pvftools-dbgsym", "binary_version": "1.2.1-1" }, { "binary_name": "mgetty-viewfax", "binary_version": "1.2.1-1" }, { "binary_name": "mgetty-voice", "binary_version": "1.2.1-1" }, { "binary_name": "mgetty-voice-dbgsym", "binary_version": "1.2.1-1" } ] }