SUSE: 2022:0135-1 Critical: Busybox DoS And Buffer Overflow Issues

suse

January 20, 2022

An update that fixes 27 vulnerabilities is now available

Summary

This update for busybox fixes the following issues: - CVE-2011-5325: Fixed tar directory traversal (bsc#951562). - CVE-2015-9261: Fixed segfalts and application crashes in huft_build (bsc#1102912). - CVE-2016-2147: Fixed out of bounds write (heap) due to integer underflow in udhcpc (bsc#970663). - CVE-2016-2148: Fixed heap-based buffer overflow in OPTION_6RD parsing (bsc#970662). - CVE-2016-6301: Fixed NTP server denial of service flaw (bsc#991940). - CVE-2017-15873: Fixed integer overflow in get_next_block function in archival/libarchive/decompress_bunzip2.c (bsc#1064976). - CVE-2017-15874: Fixed integer underflow in archival/libarchive/decompress_unlzma.c (bsc#1064978). - CVE-2017-16544: Fixed Insufficient sanitization of filenames when autocompleting (bsc#1069412).

Topics Covered

security advisory denial of service buffer overflow critical software update important busybox

References

#1064976 #1064978 #1069412 #1099260 #1099263

#1102912 #1121426 #1121428 #1184522 #1192869

#951562 #970662 #970663 #991940

Cross- CVE-2011-5325 CVE-2015-9261 CVE-2016-2147

CVE-2016-2148 CVE-2016-6301 CVE-2017-15873

CVE-2017-15874 CVE-2017-16544 CVE-2018-1000500

CVE-2018-1000517 CVE-2018-20679 CVE-2019-5747

CVE-2021-28831 CVE-2021-42373 CVE-2021-42374

CVE-2021-42375 CVE-2021-42376 CVE-2021-42377

CVE-2021-42378 CVE-2021-42379 CVE-2021-42380

CVE-2021-42381 CVE-2021-42382 CVE-2021-42383

CVE-2021-42384 CVE-2021-42385 CVE-2021-42386

CVSS scores:

CVE-2011-5325 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVE-2015-9261 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVE-2015-9261 (SUSE): 5.5 CVSS:3...

Read the Full Advisory

Severity

critical

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2022:0135-1

Rating: important

Topics Covered

security advisory denial of service buffer overflow critical software update important busybox

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2022:0135-1 Critical: Busybox DoS And Buffer Overflow Issues

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2022:0135-1 Critical: Busybox DoS And Buffer Overflow Issues

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!