SUSE: 2022:3959-1 Important: 27 Issues Fixed In Busybox Security Update
suse
November 11, 2022
An update that fixes 27 vulnerabilities is now available
Summary
This update for busybox fixes the following issues: - Enable switch_root With this change virtme --force-initramfs works as expected. - Enable udhcpc busybox was updated to 1.35.0 - Adjust busybox.config for new features in find, date and cpio - Annotate CVEs already fixed in upstream, but not mentioned in .changes yet: * CVE-2017-16544 (bsc#1069412): Insufficient sanitization of filenames when autocompleting * CVE-2015-9261 (bsc#1102912): huft_build misuses a pointer, causing segfaults * CVE-2016-2147 (bsc#970663): out of bounds write (heap) due to integer underflow in udhcpc * CVE-2016-2148 (bsc#970662): heap-based buffer overflow in OPTION_6RD parsing * CVE-2016-6301 (bsc#991940): NTP server denial of service flaw * CVE-2017-15873 (bsc#1064976): The get_next_block function in
Topics Covered
References
#1064976 #1064978 #1069412 #1099260 #1099263
#1102912 #1121426 #1121428 #1184522 #1192869
#951562 #970662 #970663 #991940
Cross- CVE-2011-5325 CVE-2015-9261 CVE-2016-2147
CVE-2016-2148 CVE-2016-6301 CVE-2017-15873
CVE-2017-15874 CVE-2017-16544 CVE-2018-1000500
CVE-2018-1000517 CVE-2018-20679 CVE-2019-5747
CVE-2021-28831 CVE-2021-42373 CVE-2021-42374
CVE-2021-42375 CVE-2021-42376 CVE-2021-42377
CVE-2021-42378 CVE-2021-42379 CVE-2021-42380
CVE-2021-42381 CVE-2021-42382 CVE-2021-42383
CVE-2021-42384 CVE-2021-42385 CVE-2021-42386
CVSS scores:
CVE-2011-5325 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVE-2015-9261 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2015-9261 (SUSE): 5.5 CVSS:3...
Read the Full Advisory
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: SUSE-SU-2022:3959-1
Rating: important
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!