Alerts This Week
Warning Icon 1 923
Alerts This Week
Warning Icon 1 923

SUSE: 2022:0135-2 Important: Busybox DoS And Buffer Overflow Security Fix

suse
Calendar Grey February 14, 2022
Dist Suse Esm H88
Essential SUSE Security Patch for busybox resolves 27 vulnerabilities, encompassing DoS and buffer overflow threats.
An update that fixes 27 vulnerabilities is now available

Summary

This update for busybox fixes the following issues: - CVE-2011-5325: Fixed tar directory traversal (bsc#951562). - CVE-2015-9261: Fixed segfalts and application crashes in huft_build (bsc#1102912). - CVE-2016-2147: Fixed out of bounds write (heap) due to integer underflow in udhcpc (bsc#970663). - CVE-2016-2148: Fixed heap-based buffer overflow in OPTION_6RD parsing (bsc#970662). - CVE-2016-6301: Fixed NTP server denial of service flaw (bsc#991940). - CVE-2017-15873: Fixed integer overflow in get_next_block function in archival/libarchive/decompress_bunzip2.c (bsc#1064976). - CVE-2017-15874: Fixed integer underflow in archival/libarchive/decompress_unlzma.c (bsc#1064978). - CVE-2017-16544: Fixed Insufficient sanitization of filenames when autocompleting (bsc#1069412).

Topics%20covered

Topics Covered

security advisory security update buffer overflow DoS vulnerability SUSE Linux busybox

References

#1064976 #1064978 #1069412 #1099260 #1099263

#1102912 #1121426 #1121428 #1184522 #1192869

#951562 #970662 #970663 #991940

Cross- CVE-2011-5325 CVE-2015-9261 CVE-2016-2147

CVE-2016-2148 CVE-2016-6301 CVE-2017-15873

CVE-2017-15874 CVE-2017-16544 CVE-2018-1000500

CVE-2018-1000517 CVE-2018-20679 CVE-2019-5747

CVE-2021-28831 CVE-2021-42373 CVE-2021-42374

CVE-2021-42375 CVE-2021-42376 CVE-2021-42377

CVE-2021-42378 CVE-2021-42379 CVE-2021-42380

CVE-2021-42381 CVE-2021-42382 CVE-2021-42383

CVE-2021-42384 CVE-2021-42385 CVE-2021-42386

CVSS scores:

CVE-2011-5325 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVE-2015-9261 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVE-2015-9261 (SUSE): 5.5 CVSS:3...

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:0135-2
Rating: important

Topics%20covered

Topics Covered

security advisory security update buffer overflow DoS vulnerability SUSE Linux busybox

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here