Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

openSUSE Leap 15.6: SUSE-SU-2025:03271-1: busybox Moderate Use-After-Free

opensuse
Calendar Grey September 18, 2025
Dist Opensuse Esm H88
A recent busybox update has fixed critical use-after-free security vulnerabilities in openSUSE systems. It's advised to apply the patch as directed for security.
An update that solves three vulnerabilities, contains three features and has seven security fixes can now be installed.

Description

This update for busybox, busybox-links fixes the following issues:

Updated to version 1.37.0 (jsc#PED-13039):

* CVE-2023-42363: Fixed use-after-free vulnerability in xasprintf function in

xfuncs_printf.c (bsc#1217580)

* CVE-2023-42364: Fixed use-after-free in the awk.c evaluate function

(bsc#1217584)

* CVE-2023-42365: Fixed use-after-free in the awk.c copyvar function

(bsc#1217585)

Other fixes:

* fix generation of file lists via Dockerfile

* add copy of busybox.links from the container to catch changes to busybox

config

* Blacklist creating links for halt, reboot, shutdown commands to avoid

accidental use in a fully booted system (bsc#1243201)

* Add getfattr applet to attr filelist

* busybox-udhcpc conflicts with udhcp.

* Add new sub-package for udhcpc

* zgrep: don't set the label option as only the real grep supports it

(bsc#1215943)

* Add conflict for coreutils-systemd, package got splitted

* Check in filelists instead of...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory moderate security fix busybox OpenSUSE use-after-free

Patch

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like

YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5

zypper in -t patch SUSE-2025-3271=1

* openSUSE Leap 15.6

zypper in -t patch openSUSE-SLE-15.6-2025-3271=1

* Basesystem Module 15-SP6

zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-3271=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5

zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-3271=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5

zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-3271=1

* SUSE Linux Enterprise Server 15 SP5 LTSS

zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-3271=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5

zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-3271=1

Package List

* openSUSE Leap 15.5 (noarch)

* busybox-tftp-1.37.0-150500.7.7.2

* busybox-syslogd-1.37.0-150500.7.7.2

* busybox-patch-1.37.0-150500.7.7.2

* busybox-policycoreutils-1.37.0-150500.7.7.2

* busybox-traceroute-1.37.0-150500.7.7.2

* busybox-attr-1.37.0-150500.7.7.2

* busybox-selinux-tools-1.37.0-150500.7.7.2

* busybox-cpio-1.37.0-150500.7.7.2

* busybox-less-1.37.0-150500.7.7.2

* busybox-sha3sum-1.37.0-150500.7.7.2

* busybox-util-linux-1.37.0-150500.7.7.2

* busybox-coreutils-1.37.0-150500.7.7.2

* busybox-iproute2-1.37.0-150500.7.7.2

* busybox-sed-1.37.0-150500.7.7.2

* busybox-man-1.37.0-150500.7.7.2

* busybox-tunctl-1.37.0-150500.7.7.2

* busybox-xz-1.37.0-150500.7.7.2

* busybox-links-1.37.0-150500.7.7.2

* busybox-vi-1.37.0-150500.7.7.2

* busybox-psmisc-1.37.0-150500.7.7.2

* busybox-sysvinit-tools-1.37.0-150500.7.7.2

* busybox-gzip-1.37.0-150500.7.7.2

* busybox-dos2unix-1.37.0-150500.7.7.2

* busybox-bind-utils-1.37.0-150500.7.7.2

* busybox-time-1.37.0-150500.7.7.2

* busybox-wget-1.37.0-150500.7.7.2

*...

Read the Full Advisory

References

* bsc#1203397

* bsc#1203399

* bsc#1206798

* bsc#1215943

* bsc#1217580

* bsc#1217584

* bsc#1217585

* bsc#1217883

* bsc#1239176

* bsc#1243201

* jsc#PED-13039

* jsc#SLE-24210

* jsc#SLE-24211

## References:

* https://www.suse.com/security/cve/CVE-2023-42363.html

* https://www.suse.com/security/cve/CVE-2023-42364.html

* https://www.suse.com/security/cve/CVE-2023-42365.html

* https://bugzilla.suse.com/show_bug.cgi?id=1203397

* https://bugzilla.suse.com/show_bug.cgi?id=1203399

* https://bugzilla.suse.com/show_bug.cgi?id=1206798

* https://bugzilla.suse.com/show_bug.cgi?id=1215943

* https://bugzilla.suse.com/show_bug.cgi?id=1217580

* https://bugzilla.suse.com/show_bug.cgi?id=1217584

* https://bugzilla.suse.com/show_bug.cgi?id=1217585

* https://bugzilla.suse.com/show_bug.cgi?id=1217883

* https://bugzilla.suse.com/show_bug.cgi?id=1239176

* https://bugzilla.suse.com/show_bug.cgi?id=1243201

* https://jira.suse.com/login.jsp?permissionViolation=true&os_destination=%2Fbrowse%2FPED-13039&page_caps=&user_role=

*...

Read the Full Advisory

Announcement ID: SUSE-SU-2025:03271-1
Release Date: 2025-09-18T13:34:17Z
Affected Products: * Basesystem Module 15-SP6 * openSUSE Leap 15.5 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6

Topics%20covered

Topics Covered

security advisory moderate security fix busybox OpenSUSE use-after-free

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here