Package "busybox"

Name: busybox


Tiny utilities for small and embedded systems

Latest version: 1:1.27.2-2ubuntu3.3
Release: bionic (18.04)
Level: security
Repository: universe
Homepage: http://www.busybox.net


Download "busybox"

Other versions of "busybox" in Bionic

Repository Area Version
base universe 1:1.27.2-2ubuntu3
base main 1:1.27.2-2ubuntu3
security main 1:1.27.2-2ubuntu3.3
updates main 1:1.27.2-2ubuntu3.3
updates universe 1:1.27.2-2ubuntu3.3

Packages in group

Deleted packages are displayed in grey.


Version: 1:1.27.2-2ubuntu3.3 2020-09-22 15:06:16 UTC

  busybox (1:1.27.2-2ubuntu3.3) bionic-security; urgency=medium

  * SECURITY UPDATE: missing ssl cert validation in wget applet
    - debian/patches/CVE-2018-1000500-pre1.patch: emit a message that
      certificate verification is not implemented in networking/wget.c.
    - debian/patches/CVE-2018-1000500-pre2.patch: print warning only once
      in networking/wget.c.
    - debian/patches/CVE-2018-1000500-1.patch: implement TLS verification
      with ENABLE_FEATURE_WGET_OPENSSL in networking/wget.c.
    - debian/patches/CVE-2018-1000500-2.patch: fix openssl options for cert
      verification in networking/wget.c.
    - CVE-2018-1000500

 -- Marc Deslauriers <email address hidden> Fri, 18 Sep 2020 10:26:16 -0400

Source diff to previous version
CVE-2018-1000500 Busybox contains a Missing SSL certificate validation vulnerability in The "busybox wget" applet that can result in arbitrary code execution. This at

Version: 1:1.27.2-2ubuntu3.2 2019-04-03 13:06:41 UTC

  busybox (1:1.27.2-2ubuntu3.2) bionic-security; urgency=medium

  * SECURITY UPDATE: buffer overflow in wget
    - debian/patches/CVE-2018-1000517.patch: check chunk length in
    - CVE-2018-1000517
  * SECURITY UPDATE: out-of-bounds read in udhcp
    - debian/patches/CVE-2018-20679.patch: check that 4-byte options are
      indeed 4-byte in networking/udhcp/common.*,
      networking/udhcp/dhcpc.c, networking/udhcp/dhcpd.c.
    - CVE-2018-20679
  * SECURITY UPDATE: incomplete fix for out-of-bounds read in udhcp
    - debian/patches/CVE-2019-5747.patch: when decoding DHCP_SUBNET, ensure
      it is 4 bytes long in networking/udhcp/common.*,
    - CVE-2019-5747

 -- Marc Deslauriers <email address hidden> Wed, 06 Mar 2019 15:51:41 -0500

CVE-2018-1000517 BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e contains a Buffer Overflow vulnerability in Busybox wge
CVE-2018-20679 An issue was discovered in BusyBox before 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP server, client, and relay) allows a
CVE-2019-5747 An issue was discovered in BusyBox through 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP server, client, and/or relay) migh

About   -   Send Feedback to @ubuntu_updates