A command injection flaw was discovered in mgetty in the faxrunq script used to send queued faxes. The shell script faxrunq does not properly escape the arguments passed to faxsend before evaluating the command allowing a user, who has permissions to queue faxes in the system, to execute arbitrary command with elevated privileges.
Allow only trusted users to run the faxq-helper binary, by correctly setting the /etc/mgetty+sendfax/fax.allow configuration file.