MGASA-2021-0310 - Updated busybox packages fix security vulnerability

Publication date: 04 Jul 2021
URL: https://advisories.mageia.org/MGASA-2021-0310.html
Type: security
Affected Mageia releases: 7, 8
CVE: CVE-2021-28831

Updated busybox packages fix security vulnerability:

decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on
the huft_build result pointer, with a resultant invalid free or segmentation
fault, via malformed gzip data (CVE-2021-28831).

References:
- https://bugs.mageia.org/show_bug.cgi?id=28995
- https://lists.fedoraproject.org/archives/list/[email protected]/thread/ZASBW7QRRLY5V2R44MQ4QQM4CZIDHM2U/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28831

SRPMS:
- 7/core/busybox-1.30.1-1.2.mga7
- 8/core/busybox-1.32.1-1.1.mga8