Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

SUSE 15 SP7 BusyBox Important HTTP Injection Fix 2026-0235-1

suse
Calendar Grey January 22, 2026
Dist Suse Esm H88
Update for busybox resolves critical vulnerabilities and improves system security. Install recommended patches now.
An update that solves two vulnerabilities and has two security fixes can now be installed.

Summary

## This update for busybox fixes the following issues: Security issues: * CVE-2025-46394: Fixed tar hidden files via escape sequence (CVE-2025-46394, bsc#1241661) * CVE-2025-60876: Fixed HTTP request header injection in wget (CVE-2025-60876, bsc#1253245) Other issues: * Set CONFIG_FIRST_SYSTEM_ID to 201 to avoid confclict (bsc#1236670) * Fixed unshare -mrpf sh core dump on ppc64le (bsc#1249237) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-235=1 ## Package List: * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * busybox-1.37.0-150700.18.10.1

References

* bsc#1236670

* bsc#1241661

* bsc#1249237

* bsc#1253245

Cross-

* CVE-2025-46394

* CVE-2025-60876

CVSS scores:

* CVE-2025-46394 ( SUSE ): 5.9

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N

* CVE-2025-46394 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N

* CVE-2025-46394 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

* CVE-2025-46394 ( NVD ): 3.2 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

* CVE-2025-60876 ( SUSE ): 8.8

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:L/SC:H/SI:H/SA:N

* CVE-2025-60876 ( SUSE ): 8.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

* CVE-2025-60876 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected Products:

* Basesystem Module 15-SP7

* SUSE Linux Enterprise Desktop 15 SP7

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:0235-1
Release Date: 2026-01-22T12:25:10Z
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here