openSUSE Leap 15.6 Busybox Moderate Use-After-Free Fix SUSE-SU-2025:03271-2
opensuse
September 23, 2025
An update that solves three vulnerabilities, contains three features and has seven security fixes can now be installed.
Description
This update for busybox, busybox-links fixes the following issues:
Updated to version 1.37.0 (jsc#PED-13039):
* CVE-2023-42363: Fixed use-after-free vulnerability in xasprintf function in
xfuncs_printf.c (bsc#1217580)
* CVE-2023-42364: Fixed use-after-free in the awk.c evaluate function
(bsc#1217584)
* CVE-2023-42365: Fixed use-after-free in the awk.c copyvar function
(bsc#1217585)
Other fixes:
* fix generation of file lists via Dockerfile
* add copy of busybox.links from the container to catch changes to busybox
config
* Blacklist creating links for halt, reboot, shutdown commands to avoid
accidental use in a fully booted system (bsc#1243201)
* Add getfattr applet to attr filelist
* busybox-udhcpc conflicts with udhcp.
* Add new sub-package for udhcpc
* zgrep: don't set the label option as only the real grep supports it
(bsc#1215943)
* Add conflict for coreutils-systemd, package got splitted
* Check in filelists instead of...
Read the Full Advisory
Topics Covered
Patch
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-3271=1
Package List
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* busybox-testsuite-1.37.0-150500.10.11.1
* busybox-static-1.37.0-150500.10.11.1
* busybox-1.37.0-150500.10.11.1
* openSUSE Leap 15.6 (noarch)
* busybox-bc-1.37.0-150500.7.7.2
* busybox-iproute2-1.37.0-150500.7.7.2
* busybox-time-1.37.0-150500.7.7.2
* busybox-sendmail-1.37.0-150500.7.7.2
* busybox-diffutils-1.37.0-150500.7.7.2
* busybox-kmod-1.37.0-150500.7.7.2
* busybox-netcat-1.37.0-150500.7.7.2
* busybox-gawk-1.37.0-150500.7.7.2
* busybox-bind-utils-1.37.0-150500.7.7.2
* busybox-patch-1.37.0-150500.7.7.2
* busybox-ncurses-utils-1.37.0-150500.7.7.2
* busybox-sharutils-1.37.0-150500.7.7.2
* busybox-syslogd-1.37.0-150500.7.7.2
* busybox-tunctl-1.37.0-150500.7.7.2
* busybox-hexedit-1.37.0-150500.7.7.2
* busybox-adduser-1.37.0-150500.7.7.2
* busybox-vlan-1.37.0-150500.7.7.2
* busybox-iputils-1.37.0-150500.7.7.2
* busybox-sysvinit-tools-1.37.0-150500.7.7.2
* busybox-links-1.37.0-150500.7.7.2
* busybox-selinux-tools-1.37.0-150500.7.7.2
*...
Read the Full AdvisoryReferences
* bsc#1203397
* bsc#1203399
* bsc#1206798
* bsc#1215943
* bsc#1217580
* bsc#1217584
* bsc#1217585
* bsc#1217883
* bsc#1239176
* bsc#1243201
* jsc#PED-13039
* jsc#SLE-24210
* jsc#SLE-24211
## References:
* https://www.suse.com/security/cve/CVE-2023-42363.html
* https://www.suse.com/security/cve/CVE-2023-42364.html
* https://www.suse.com/security/cve/CVE-2023-42365.html
* https://bugzilla.suse.com/show_bug.cgi?id=1203397
* https://bugzilla.suse.com/show_bug.cgi?id=1203399
* https://bugzilla.suse.com/show_bug.cgi?id=1206798
* https://bugzilla.suse.com/show_bug.cgi?id=1215943
* https://bugzilla.suse.com/show_bug.cgi?id=1217580
* https://bugzilla.suse.com/show_bug.cgi?id=1217584
* https://bugzilla.suse.com/show_bug.cgi?id=1217585
* https://bugzilla.suse.com/show_bug.cgi?id=1217883
* https://bugzilla.suse.com/show_bug.cgi?id=1239176
* https://bugzilla.suse.com/show_bug.cgi?id=1243201
* https://jira.suse.com/login.jsp?permissionViolation=true&os_destination=%2Fbrowse%2FPED-13039&page_caps=&user_role=
*...
Read the Full Advisory
PREVIOUS
NEXT
Announcement ID: SUSE-SU-2025:03271-2
Release Date: 2025-09-23T14:03:31Z
Affected Products:
* openSUSE Leap 15.6
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!