openSUSE: 2021:1408-1 important: busybox
Description
This update for busybox fixes the following issues: - CVE-2021-28831: Fixed invalid free or segmentation fault via malformed gzip data (bsc#1184522). - CVE-2018-20679: Fixed out of bounds read in udhcp (bsc#1121426). - CVE-2018-1000517: Fixed buffer overflow in the retrieve_file_data() (bsc#1099260). - CVE-2011-5325: Fixed a directory traversal related to 'tar' command (bsc#951562). - CVE-2018-1000500: Fixed missing SSL certificate validation related to the 'wget' command (bsc#1099263). This update was imported from the SUSE:SLE-15:Update update project.
Patch
Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2021-1408=1
Package List
- openSUSE Leap 15.2 (i586 x86_64): busybox-1.26.2-lp152.5.3.1 - openSUSE Leap 15.2 (x86_64): busybox-static-1.26.2-lp152.5.3.1
References
https://www.suse.com/security/cve/CVE-2011-5325.html https://www.suse.com/security/cve/CVE-2018-1000500.html https://www.suse.com/security/cve/CVE-2018-1000517.html https://www.suse.com/security/cve/CVE-2018-20679.html https://www.suse.com/security/cve/CVE-2021-28831.html https://bugzilla.suse.com/1099260 https://bugzilla.suse.com/1099263 https://bugzilla.suse.com/1121426 https://bugzilla.suse.com/1184522 https://bugzilla.suse.com/951562