Mageia 2021-0310: busybox security update
Summary
Updated busybox packages fix security vulnerability:
decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on
the huft_build result pointer, with a resultant invalid free or segmentation
fault, via malformed gzip data (CVE-2021-28831).
References
- https://bugs.mageia.org/show_bug.cgi?id=28995
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ZASBW7QRRLY5V2R44MQ4QQM4CZIDHM2U/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28831
Resolution
MGASA-2021-0310 - Updated busybox packages fix security vulnerability
SRPMS
- 7/core/busybox-1.30.1-1.2.mga7
- 8/core/busybox-1.32.1-1.1.mga8