--------------------------------------------------------------------------------Fedora Update Notification
FEDORA-2021-5a95823596
2021-11-25 01:04:40.275961
--------------------------------------------------------------------------------Name        : busybox
Product     : Fedora 33
Version     : 1.34.1
Release     : 1.fc33
URL         : https://busybox.net/
Summary     : Statically linked binary providing simplified versions of system commands
Description :
Busybox is a single binary which includes versions of a large number
of system commands, including a shell.  This package can be very
useful for recovering from certain types of system failures,
particularly those involving broken shared libraries.

--------------------------------------------------------------------------------Update Information:

Update to 1.34.1. Resolves CVE-2021-42373 CVE-2021-42374 CVE-2021-42375
CVE-2021-42376 CVE-2021-42377  CVE-2021-42378 CVE-2021-42379 CVE-2021-42380
CVE-2021-42381 CVE-2021-42382 CVE-2021-42383 CVE-2021-42384 CVE-2021-42385
CVE-2021-42386   (Fedora 35+ already have 1.34.1)
--------------------------------------------------------------------------------ChangeLog:

* Thu Sep 30 2021 Tom Callaway  - 1:1.34.1-1
- update to 1.34.1
* Thu Aug 19 2021 Tom Callaway  - 1:1.34.0-1
- update to 1.34.0
* Wed Jul 21 2021 Fedora Release Engineering  - 1:1.33.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Thu May  6 2021 Tom Callaway  - 1:1.33.1-1
- update to 1.33.1
--------------------------------------------------------------------------------References:

  [ 1 ] Bug #2023876 - CVE-2021-42373 busybox: NULL pointer dereference in man applet leads to denial of service when a section name is supplied but no page argument is given
        https://bugzilla.redhat.com/show_bug.cgi?id=2023876
  [ 2 ] Bug #2023881 - CVE-2021-42374 busybox: out-of-bounds read in unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed
        https://bugzilla.redhat.com/show_bug.cgi?id=2023881
  [ 3 ] Bug #2023888 - CVE-2021-42375 busybox: incorrect handling of a special element in ash applet leads to denial of service when processing a crafted shell command
        https://bugzilla.redhat.com/show_bug.cgi?id=2023888
  [ 4 ] Bug #2023891 - CVE-2021-42376 busybox: NULL pointer dereference in hush applet leads to denial of service when processing a crafted shell command
        https://bugzilla.redhat.com/show_bug.cgi?id=2023891
  [ 5 ] Bug #2023895 - CVE-2021-42377 busybox: an attacker-controlled pointer free in hush applet leads to denial of service and possible code execution when processing a crafted shell command
        https://bugzilla.redhat.com/show_bug.cgi?id=2023895
  [ 6 ] Bug #2023900 - CVE-2021-42378 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_i()
        https://bugzilla.redhat.com/show_bug.cgi?id=2023900
  [ 7 ] Bug #2023904 - CVE-2021-42379 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file()
        https://bugzilla.redhat.com/show_bug.cgi?id=2023904
  [ 8 ] Bug #2023912 - CVE-2021-42380 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the clrvar()
        https://bugzilla.redhat.com/show_bug.cgi?id=2023912
  [ 9 ] Bug #2023927 - CVE-2021-42381 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the hash_init()
        https://bugzilla.redhat.com/show_bug.cgi?id=2023927
  [ 10 ] Bug #2023929 - CVE-2021-42382 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_s()
        https://bugzilla.redhat.com/show_bug.cgi?id=2023929
  [ 11 ] Bug #2023931 - CVE-2021-42383 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate()
        https://bugzilla.redhat.com/show_bug.cgi?id=2023931
  [ 12 ] Bug #2023933 - CVE-2021-42384 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handle_special()
        https://bugzilla.redhat.com/show_bug.cgi?id=2023933
  [ 13 ] Bug #2023936 - CVE-2021-42385 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate()
        https://bugzilla.redhat.com/show_bug.cgi?id=2023936
  [ 14 ] Bug #2023938 - CVE-2021-42386 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc()
        https://bugzilla.redhat.com/show_bug.cgi?id=2023938
--------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2021-5a95823596' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
--------------------------------------------------------------------------------_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

Fedora 33: busybox 2021-5a95823596

November 24, 2021
Update to 1.34.1

Summary

Busybox is a single binary which includes versions of a large number

of system commands, including a shell. This package can be very

useful for recovering from certain types of system failures,

particularly those involving broken shared libraries.

Update to 1.34.1. Resolves CVE-2021-42373 CVE-2021-42374 CVE-2021-42375

CVE-2021-42376 CVE-2021-42377 CVE-2021-42378 CVE-2021-42379 CVE-2021-42380

CVE-2021-42381 CVE-2021-42382 CVE-2021-42383 CVE-2021-42384 CVE-2021-42385

CVE-2021-42386 (Fedora 35+ already have 1.34.1)

* Thu Sep 30 2021 Tom Callaway - 1:1.34.1-1

- update to 1.34.1

* Thu Aug 19 2021 Tom Callaway - 1:1.34.0-1

- update to 1.34.0

* Wed Jul 21 2021 Fedora Release Engineering - 1:1.33.1-2

- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild

* Thu May 6 2021 Tom Callaway - 1:1.33.1-1

- update to 1.33.1

[ 1 ] Bug #2023876 - CVE-2021-42373 busybox: NULL pointer dereference in man applet leads to denial of service when a section name is supplied but no page argument is given

https://bugzilla.redhat.com/show_bug.cgi?id=2023876

[ 2 ] Bug #2023881 - CVE-2021-42374 busybox: out-of-bounds read in unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed

https://bugzilla.redhat.com/show_bug.cgi?id=2023881

[ 3 ] Bug #2023888 - CVE-2021-42375 busybox: incorrect handling of a special element in ash applet leads to denial of service when processing a crafted shell command

https://bugzilla.redhat.com/show_bug.cgi?id=2023888

[ 4 ] Bug #2023891 - CVE-2021-42376 busybox: NULL pointer dereference in hush applet leads to denial of service when processing a crafted shell command

https://bugzilla.redhat.com/show_bug.cgi?id=2023891

[ 5 ] Bug #2023895 - CVE-2021-42377 busybox: an attacker-controlled pointer free in hush applet leads to denial of service and possible code execution when processing a crafted shell command

https://bugzilla.redhat.com/show_bug.cgi?id=2023895

[ 6 ] Bug #2023900 - CVE-2021-42378 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_i()

https://bugzilla.redhat.com/show_bug.cgi?id=2023900

[ 7 ] Bug #2023904 - CVE-2021-42379 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file()

https://bugzilla.redhat.com/show_bug.cgi?id=2023904

[ 8 ] Bug #2023912 - CVE-2021-42380 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the clrvar()

https://bugzilla.redhat.com/show_bug.cgi?id=2023912

[ 9 ] Bug #2023927 - CVE-2021-42381 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the hash_init()

https://bugzilla.redhat.com/show_bug.cgi?id=2023927

[ 10 ] Bug #2023929 - CVE-2021-42382 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_s()

https://bugzilla.redhat.com/show_bug.cgi?id=2023929

[ 11 ] Bug #2023931 - CVE-2021-42383 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate()

https://bugzilla.redhat.com/show_bug.cgi?id=2023931

[ 12 ] Bug #2023933 - CVE-2021-42384 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handle_special()

https://bugzilla.redhat.com/show_bug.cgi?id=2023933

[ 13 ] Bug #2023936 - CVE-2021-42385 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate()

https://bugzilla.redhat.com/show_bug.cgi?id=2023936

[ 14 ] Bug #2023938 - CVE-2021-42386 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc()

https://bugzilla.redhat.com/show_bug.cgi?id=2023938

su -c 'dnf upgrade --advisory FEDORA-2021-5a95823596' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

FEDORA-2021-5a95823596 2021-11-25 01:04:40.275961 Product : Fedora 33 Version : 1.34.1 Release : 1.fc33 URL : https://busybox.net/ Summary : Statically linked binary providing simplified versions of system commands Description : Busybox is a single binary which includes versions of a large number of system commands, including a shell. This package can be very useful for recovering from certain types of system failures, particularly those involving broken shared libraries. Update to 1.34.1. Resolves CVE-2021-42373 CVE-2021-42374 CVE-2021-42375 CVE-2021-42376 CVE-2021-42377 CVE-2021-42378 CVE-2021-42379 CVE-2021-42380 CVE-2021-42381 CVE-2021-42382 CVE-2021-42383 CVE-2021-42384 CVE-2021-42385 CVE-2021-42386 (Fedora 35+ already have 1.34.1) * Thu Sep 30 2021 Tom Callaway - 1:1.34.1-1 - update to 1.34.1 * Thu Aug 19 2021 Tom Callaway - 1:1.34.0-1 - update to 1.34.0 * Wed Jul 21 2021 Fedora Release Engineering - 1:1.33.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild * Thu May 6 2021 Tom Callaway - 1:1.33.1-1 - update to 1.33.1 [ 1 ] Bug #2023876 - CVE-2021-42373 busybox: NULL pointer dereference in man applet leads to denial of service when a section name is supplied but no page argument is given https://bugzilla.redhat.com/show_bug.cgi?id=2023876 [ 2 ] Bug #2023881 - CVE-2021-42374 busybox: out-of-bounds read in unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed https://bugzilla.redhat.com/show_bug.cgi?id=2023881 [ 3 ] Bug #2023888 - CVE-2021-42375 busybox: incorrect handling of a special element in ash applet leads to denial of service when processing a crafted shell command https://bugzilla.redhat.com/show_bug.cgi?id=2023888 [ 4 ] Bug #2023891 - CVE-2021-42376 busybox: NULL pointer dereference in hush applet leads to denial of service when processing a crafted shell command https://bugzilla.redhat.com/show_bug.cgi?id=2023891 [ 5 ] Bug #2023895 - CVE-2021-42377 busybox: an attacker-controlled pointer free in hush applet leads to denial of service and possible code execution when processing a crafted shell command https://bugzilla.redhat.com/show_bug.cgi?id=2023895 [ 6 ] Bug #2023900 - CVE-2021-42378 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_i() https://bugzilla.redhat.com/show_bug.cgi?id=2023900 [ 7 ] Bug #2023904 - CVE-2021-42379 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file() https://bugzilla.redhat.com/show_bug.cgi?id=2023904 [ 8 ] Bug #2023912 - CVE-2021-42380 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the clrvar() https://bugzilla.redhat.com/show_bug.cgi?id=2023912 [ 9 ] Bug #2023927 - CVE-2021-42381 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the hash_init() https://bugzilla.redhat.com/show_bug.cgi?id=2023927 [ 10 ] Bug #2023929 - CVE-2021-42382 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_s() https://bugzilla.redhat.com/show_bug.cgi?id=2023929 [ 11 ] Bug #2023931 - CVE-2021-42383 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate() https://bugzilla.redhat.com/show_bug.cgi?id=2023931 [ 12 ] Bug #2023933 - CVE-2021-42384 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handle_special() https://bugzilla.redhat.com/show_bug.cgi?id=2023933 [ 13 ] Bug #2023936 - CVE-2021-42385 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate() https://bugzilla.redhat.com/show_bug.cgi?id=2023936 [ 14 ] Bug #2023938 - CVE-2021-42386 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc() https://bugzilla.redhat.com/show_bug.cgi?id=2023938 su -c 'dnf upgrade --advisory FEDORA-2021-5a95823596' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/ Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

Change Log

References

Update Instructions

Severity
Product : Fedora 33
Version : 1.34.1
Release : 1.fc33
URL : https://busybox.net/
Summary : Statically linked binary providing simplified versions of system commands

Related News

23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved