Explore top 10 tips to secure your open-source projects now. Read More
×
Date: Mon, 9 Dec 2013 16:04:14 +0000 Reply-To: scientific-linux-users@ Sender: Security Errata for Scientific LinuxFrom: Pat Riehecky Subject: Security ERRATA Low: busybox on SL6.x i386/x86_64 MIME-Version: 1.0 Synopsis: Low: busybox security and bug fix update Advisory ID: SLSA-2013:1732-2 Issue Date: 2013-11-21 CVE Numbers: CVE-2013-1813 -- It was found that the mdev BusyBox utility could create certain directories within /dev with world-writable permissions. A local unprivileged user could use this flaw to manipulate portions of the /dev directory tree. (CVE-2013-1813) This update also fixes the following bugs: * Previously, due to a too eager string size optimization on the IBM System z architecture, the "wc" BusyBox command failed after processing standard input with the following error: wc:: No such file or directory This bug was fixed by disabling the string size optimization and the "wc" command works properly on IBM System z architectures. * Prior to this update, the "mknod" command was unable to create device nodes with a major or minor number larger than 255. Consequently, the kdump utility failed to handle such a device. The underlying source code has been modified, and it is now possible to use the "mknod" command to create device nodes with a major or minor number larger than 255. * If a network installation from an NFS server was selected, the "mount" command used the UDP protocol by default. If only TCP mounts were supported by the server, this led to a failure of the mount command. As a result, Anaconda could not continue with the installation. This bug is now fixed and NFS mount operations default to the TCP protocol. -- SL6 x86_64 busybox-1.15.1-20.el6.x86_64.rpm busybox-petitboot-1.15.1-20.el6.x86_64.rpm i386 busybox-1.15.1-20.el6.i686.rpm busybox-petitboot-1.15.1-20.el6.i686.rpm - Scientific Linux Development Team