Package "busybox"
Name: |
busybox
|
Description: |
Tiny utilities for small and embedded systems
|
Latest version: |
1:1.27.2-2ubuntu3.3 |
Release: |
bionic (18.04) |
Level: |
updates |
Repository: |
universe |
Homepage: |
http://www.busybox.net |
Links
Download "busybox"
Other versions of "busybox" in Bionic
Packages in group
Deleted packages are displayed in grey.
Changelog
busybox (1:1.27.2-2ubuntu3.3) bionic-security; urgency=medium
* SECURITY UPDATE: missing ssl cert validation in wget applet
- debian/patches/CVE-2018-1000500-pre1.patch: emit a message that
certificate verification is not implemented in networking/wget.c.
- debian/patches/CVE-2018-1000500-pre2.patch: print warning only once
in networking/wget.c.
- debian/patches/CVE-2018-1000500-1.patch: implement TLS verification
with ENABLE_FEATURE_WGET_OPENSSL in networking/wget.c.
- debian/patches/CVE-2018-1000500-2.patch: fix openssl options for cert
verification in networking/wget.c.
- CVE-2018-1000500
-- Marc Deslauriers <email address hidden> Fri, 18 Sep 2020 10:26:16 -0400
|
Source diff to previous version |
CVE-2018-1000500 |
Busybox contains a Missing SSL certificate validation vulnerability in The "busybox wget" applet that can result in arbitrary code execution. This at |
|
busybox (1:1.27.2-2ubuntu3.2) bionic-security; urgency=medium
* SECURITY UPDATE: buffer overflow in wget
- debian/patches/CVE-2018-1000517.patch: check chunk length in
networking/wget.c.
- CVE-2018-1000517
* SECURITY UPDATE: out-of-bounds read in udhcp
- debian/patches/CVE-2018-20679.patch: check that 4-byte options are
indeed 4-byte in networking/udhcp/common.*,
networking/udhcp/dhcpc.c, networking/udhcp/dhcpd.c.
- CVE-2018-20679
* SECURITY UPDATE: incomplete fix for out-of-bounds read in udhcp
- debian/patches/CVE-2019-5747.patch: when decoding DHCP_SUBNET, ensure
it is 4 bytes long in networking/udhcp/common.*,
networking/udhcp/dhcpc.c.
- CVE-2019-5747
-- Marc Deslauriers <email address hidden> Wed, 06 Mar 2019 15:51:41 -0500
|
Source diff to previous version |
CVE-2018-1000517 |
BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e contains a Buffer Overflow vulnerability in Busybox wge |
CVE-2018-20679 |
An issue was discovered in BusyBox before 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP server, client, and relay) allows a |
CVE-2019-5747 |
An issue was discovered in BusyBox through 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP server, client, and/or relay) migh |
|
busybox (1:1.27.2-2ubuntu3.1) bionic; urgency=medium
* Fix symlink handling (LP: #1753572)
- debian/patches/CVE-2011-5325-2.patch: re-enable patch.
- debian/patches/CVE-2011-5325-3.patch:postpone creation of symlinks
with "suspicious" targets in archival/libarchive/data_extract_all.c,
archival/libarchive/unsafe_symlink_target.c, archival/tar.c,
include/bb_archive.h, testsuite/tar.tests.
- debian/patches/CVE-2011-5325-4.patch: extract "unsafe" symlinks
the same way tar/unzip does in archival/cpio.c.
- debian/patches/CVE-2011-5325-5.patch: fix symlink creation in
archival/libarchive/get_header_ar.c.
-- Marc Deslauriers <email address hidden> Thu, 17 Jan 2019 13:16:38 -0500
|
1753572 |
cpio in Busybox 1.27 ingnores \ |
CVE-2011-5325 |
Directory traversal vulnerability in the BusyBox implementation of tar before 1.22.0 v5 allows remote attackers to point to files outside the current |
|
About
-
Send Feedback to @ubuntu_updates