SUSE: 2022:4253-1 important: busybox | LinuxSecurity.com

What Are You Looking For?

Popular Tags

Contribute

   SUSE Security Update: Security update for busybox
______________________________________________________________________________

Announcement ID:    SUSE-SU-2022:4253-1
Rating:             important
References:         #1029961 #1064976 #1064978 #1069412 #1099260 
                    #1099263 #1102912 #1121426 #1121428 #1184522 
                    #1191514 #1192869 #914660 #951562 #970662 
                    #970663 #991940 
Cross-References:   CVE-2011-5325 CVE-2014-9645 CVE-2015-9261
                    CVE-2016-2147 CVE-2016-2148 CVE-2016-6301
                    CVE-2017-15873 CVE-2017-15874 CVE-2017-16544
                    CVE-2018-1000500 CVE-2018-1000517 CVE-2018-20679
                    CVE-2019-5747 CVE-2021-28831 CVE-2021-42373
                    CVE-2021-42374 CVE-2021-42375 CVE-2021-42376
                    CVE-2021-42377 CVE-2021-42378 CVE-2021-42379
                    CVE-2021-42380 CVE-2021-42381 CVE-2021-42382
                    CVE-2021-42383 CVE-2021-42384 CVE-2021-42385
                    CVE-2021-42386
CVSS scores:
                    CVE-2011-5325 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
                    CVE-2014-9645 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
                    CVE-2015-9261 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2015-9261 (SUSE): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2016-2147 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2016-2148 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2016-6301 (NVD) : 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2017-15873 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2017-15873 (SUSE): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2017-15874 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2017-15874 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
                    CVE-2017-16544 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2017-16544 (SUSE): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2018-1000500 (NVD) : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2018-1000500 (SUSE): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
                    CVE-2018-1000517 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2018-1000517 (SUSE): 5.6 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
                    CVE-2018-20679 (NVD) : 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
                    CVE-2018-20679 (SUSE): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
                    CVE-2019-5747 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
                    CVE-2019-5747 (SUSE): 3.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
                    CVE-2021-28831 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-28831 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-42373 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-42373 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-42374 (NVD) : 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H
                    CVE-2021-42374 (SUSE): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H
                    CVE-2021-42375 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-42375 (SUSE): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-42376 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-42376 (SUSE): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-42377 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-42377 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-42378 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-42378 (SUSE): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-42379 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-42379 (SUSE): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-42380 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-42380 (SUSE): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-42381 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-42381 (SUSE): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-42382 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-42382 (SUSE): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-42383 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-42383 (SUSE): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-42384 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-42384 (SUSE): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-42385 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-42385 (SUSE): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-42386 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-42386 (SUSE): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Affected Products:
                    SUSE Linux Enterprise Server 12-SP2-BCL
                    SUSE Linux Enterprise Server 12-SP3-BCL
                    SUSE Linux Enterprise Server 12-SP4-LTSS
                    SUSE Linux Enterprise Server 12-SP5
                    SUSE Linux Enterprise Server for SAP 12-SP4
                    SUSE OpenStack Cloud 9
                    SUSE OpenStack Cloud Crowbar 9
______________________________________________________________________________

   An update that fixes 28 vulnerabilities is now available.

Description:

   This update for busybox fixes the following issues:

   - CVE-2014-9645: Fixed loading of unwanted modules with / (bsc#914660).
   - CVE-2017-16544: Fixed insufficient sanitization of filenames when
     autocompleting  (bsc#1069412).
   - CVE-2015-9261: Fixed huft_build misuses a pointer, causing segfaults
     (bsc#1102912).
   - CVE-2016-2147: Fixed out of bounds write (heap) due to integer underflow
     in udhcpc (bsc#970663).
   - CVE-2016-2148: Fixed heap-based buffer overflow in OPTION_6RD parsing
     (bsc#970662).
   - CVE-2016-6301: Fixed NTP server denial of service flaw (bsc#991940).
   - CVE-2017-15873: Fixed integer overflow in  get_next_block function in
     archival/libarchive/decompress_bunzip2.c (bsc#1064976).
   - CVE-2017-15874: Fixed integer overflow in
     archival/libarchive/decompress_unlzma (bsc#1064978).
   - CVE-2019-5747: Fixed out of bounds read in udhcp components
     (bsc#1121428).
   - CVE-2021-42373, CVE-2021-42374, CVE-2021-42375, CVE-2021-42376,
     CVE-2021-42377, CVE-2021-42378, CVE-2021-42379, CVE-2021-42380,
     CVE-2021-42381, CVE-2021-42382, CVE-2021-42383, CVE-2021-42384,
     CVE-2021-42385, CVE-2021-42386: v1.34.0 bugfixes (bsc#1192869).
   - CVE-2021-28831: Fixed invalid free or segmentation fault via malformed
     gzip data (bsc#1184522).
   - CVE-2018-20679: Fixed out of bounds read in udhcp (bsc#1121426).
   - CVE-2018-1000517: Fixed heap-based buffer overflow in the
     retrieve_file_data() (bsc#1099260).
   - CVE-2011-5325: Fixed tar directory traversal (bsc#951562).
   - CVE-2018-1000500: Fixed missing SSL certificate validation in wget
     (bsc#1099263).

   - Update to 1.35.0
     - awk: fix printf %%, fix read beyond end of buffer
     - chrt: silence analyzer warning
     - libarchive: remove duplicate forward declaration
     - mount: "mount -o rw ...." should not fall back to RO mount
     - ps: fix -o pid=PID,args interpreting entire "PID,args" as header
     - tar: prevent malicious archives with long name sizes causing OOM
     - udhcpc6: fix udhcp_find_option to actually find DHCP6 options
     - xxd: fix -p -r
     - support for new optoins added to basename, cpio, date, find, mktemp,
       wget and others

   - Enable fdisk (jsc#CAR-16)

   - Update to 1.34.1:
     * build system: use SOURCE_DATE_EPOCH for timestamp if available
     * many bug fixes and new features
     * touch: make FEATURE_TOUCH_NODEREF unconditional

   - update to 1.33.1:
     * httpd: fix sendfile
     * ash: fix HISTFILE corruptio
     * ash: fix unset variable pattern expansion
     * traceroute: fix option parsing
     * gunzip: fix for archive corruption

   - Update to version 1.33.0
     - many bug fixes and new features

   - Update to version 1.32.1
     - fixes a case where in ash, "wait" never finishes.

   - prepare usrmerge (bsc#1029961)

   - Enable testsuite and package it for later rerun (for QA, jsc#CAR-15)

   - Update to version 1.31.1:
     + Bug fix release. 1.30.1 has fixes for dc, ash (PS1 expansion fix),
       hush, dpkg-deb, telnet and wget.
   - Changes from version 1.31.0:
     + many bugfixes and new features.
   - Add busybox-no-stime.patch: stime() has been deprecated in glibc 2.31
     and replaced with clock_settime().

   - update to 1.25.1:
     * fixes for hush, gunzip, ip route, ntpd
   - includes changes from 1.25.0:
     * many added and expanded implementations of command options
   - includes changes from 1.24.2:
     * fixes for build system (static build with glibc fixed), truncate,
       gunzip and unzip.

   - Update to version 1.24.1
     * for a full list of changes see https://www.busybox.net/news.html
   - Refresh busybox.install.patch

   - Update to 1.23.2
     * for a full list of changes see https://www.busybox.net/news.html
   - Cleaned up spec file with spec-cleaner
   - Refreshed patches

   - update to 1.22.1: Many updates and fixes for most included tools, see
     see https://www.busybox.net/news.html


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE OpenStack Cloud Crowbar 9:

      zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-4253=1

   - SUSE OpenStack Cloud 9:

      zypper in -t patch SUSE-OpenStack-Cloud-9-2022-4253=1

   - SUSE Linux Enterprise Server for SAP 12-SP4:

      zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-4253=1

   - SUSE Linux Enterprise Server 12-SP5:

      zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4253=1

   - SUSE Linux Enterprise Server 12-SP4-LTSS:

      zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-4253=1

   - SUSE Linux Enterprise Server 12-SP3-BCL:

      zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-4253=1

   - SUSE Linux Enterprise Server 12-SP2-BCL:

      zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-4253=1



Package List:

   - SUSE OpenStack Cloud Crowbar 9 (x86_64):

      busybox-1.35.0-4.3.1

   - SUSE OpenStack Cloud 9 (x86_64):

      busybox-1.35.0-4.3.1

   - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64):

      busybox-1.35.0-4.3.1

   - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):

      busybox-1.35.0-4.3.1

   - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64):

      busybox-1.35.0-4.3.1

   - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64):

      busybox-1.35.0-4.3.1

   - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64):

      busybox-1.35.0-4.3.1


References:

   https://www.suse.com/security/cve/CVE-2011-5325.html
   https://www.suse.com/security/cve/CVE-2014-9645.html
   https://www.suse.com/security/cve/CVE-2015-9261.html
   https://www.suse.com/security/cve/CVE-2016-2147.html
   https://www.suse.com/security/cve/CVE-2016-2148.html
   https://www.suse.com/security/cve/CVE-2016-6301.html
   https://www.suse.com/security/cve/CVE-2017-15873.html
   https://www.suse.com/security/cve/CVE-2017-15874.html
   https://www.suse.com/security/cve/CVE-2017-16544.html
   https://www.suse.com/security/cve/CVE-2018-1000500.html
   https://www.suse.com/security/cve/CVE-2018-1000517.html
   https://www.suse.com/security/cve/CVE-2018-20679.html
   https://www.suse.com/security/cve/CVE-2019-5747.html
   https://www.suse.com/security/cve/CVE-2021-28831.html
   https://www.suse.com/security/cve/CVE-2021-42373.html
   https://www.suse.com/security/cve/CVE-2021-42374.html
   https://www.suse.com/security/cve/CVE-2021-42375.html
   https://www.suse.com/security/cve/CVE-2021-42376.html
   https://www.suse.com/security/cve/CVE-2021-42377.html
   https://www.suse.com/security/cve/CVE-2021-42378.html
   https://www.suse.com/security/cve/CVE-2021-42379.html
   https://www.suse.com/security/cve/CVE-2021-42380.html
   https://www.suse.com/security/cve/CVE-2021-42381.html
   https://www.suse.com/security/cve/CVE-2021-42382.html
   https://www.suse.com/security/cve/CVE-2021-42383.html
   https://www.suse.com/security/cve/CVE-2021-42384.html
   https://www.suse.com/security/cve/CVE-2021-42385.html
   https://www.suse.com/security/cve/CVE-2021-42386.html
   https://bugzilla.suse.com/1029961
   https://bugzilla.suse.com/1064976
   https://bugzilla.suse.com/1064978
   https://bugzilla.suse.com/1069412
   https://bugzilla.suse.com/1099260
   https://bugzilla.suse.com/1099263
   https://bugzilla.suse.com/1102912
   https://bugzilla.suse.com/1121426
   https://bugzilla.suse.com/1121428
   https://bugzilla.suse.com/1184522
   https://bugzilla.suse.com/1191514
   https://bugzilla.suse.com/1192869
   https://bugzilla.suse.com/914660
   https://bugzilla.suse.com/951562
   https://bugzilla.suse.com/970662
   https://bugzilla.suse.com/970663
   https://bugzilla.suse.com/991940

SUSE: 2022:4253-1 important: busybox

November 28, 2022
An update that fixes 28 vulnerabilities is now available

Summary

This update for busybox fixes the following issues: - CVE-2014-9645: Fixed loading of unwanted modules with / (bsc#914660). - CVE-2017-16544: Fixed insufficient sanitization of filenames when autocompleting (bsc#1069412). - CVE-2015-9261: Fixed huft_build misuses a pointer, causing segfaults (bsc#1102912). - CVE-2016-2147: Fixed out of bounds write (heap) due to integer underflow in udhcpc (bsc#970663). - CVE-2016-2148: Fixed heap-based buffer overflow in OPTION_6RD parsing (bsc#970662). - CVE-2016-6301: Fixed NTP server denial of service flaw (bsc#991940). - CVE-2017-15873: Fixed integer overflow in get_next_block function in archival/libarchive/decompress_bunzip2.c (bsc#1064976). - CVE-2017-15874: Fixed integer overflow in archival/libarchive/decompress_unlzma (bsc#1064978). - CVE-2019-5747: Fixed out of bounds read in udhcp components (bsc#1121428). - CVE-2021-42373, CVE-2021-42374, CVE-2021-42375, CVE-2021-42376, CVE-2021-42377, CVE-2021-42378, CVE-2021-42379, CVE-2021-42380, CVE-2021-42381, CVE-2021-42382, CVE-2021-42383, CVE-2021-42384, CVE-2021-42385, CVE-2021-42386: v1.34.0 bugfixes (bsc#1192869). - CVE-2021-28831: Fixed invalid free or segmentation fault via malformed gzip data (bsc#1184522). - CVE-2018-20679: Fixed out of bounds read in udhcp (bsc#1121426). - CVE-2018-1000517: Fixed heap-based buffer overflow in the retrieve_file_data() (bsc#1099260). - CVE-2011-5325: Fixed tar directory traversal (bsc#951562). - CVE-2018-1000500: Fixed missing SSL certificate validation in wget (bsc#1099263). - Update to 1.35.0 - awk: fix printf %%, fix read beyond end of buffer - chrt: silence analyzer warning - libarchive: remove duplicate forward declaration - mount: "mount -o rw ...." should not fall back to RO mount - ps: fix -o pid=PID,args interpreting entire "PID,args" as header - tar: prevent malicious archives with long name sizes causing OOM - udhcpc6: fix udhcp_find_option to actually find DHCP6 options - xxd: fix -p -r - support for new optoins added to basename, cpio, date, find, mktemp, wget and others - Enable fdisk (jsc#CAR-16) - Update to 1.34.1: * build system: use SOURCE_DATE_EPOCH for timestamp if available * many bug fixes and new features * touch: make FEATURE_TOUCH_NODEREF unconditional - update to 1.33.1: * httpd: fix sendfile * ash: fix HISTFILE corruptio * ash: fix unset variable pattern expansion * traceroute: fix option parsing * gunzip: fix for archive corruption - Update to version 1.33.0 - many bug fixes and new features - Update to version 1.32.1 - fixes a case where in ash, "wait" never finishes. - prepare usrmerge (bsc#1029961) - Enable testsuite and package it for later rerun (for QA, jsc#CAR-15) - Update to version 1.31.1: + Bug fix release. 1.30.1 has fixes for dc, ash (PS1 expansion fix), hush, dpkg-deb, telnet and wget. - Changes from version 1.31.0: + many bugfixes and new features. - Add busybox-no-stime.patch: stime() has been deprecated in glibc 2.31 and replaced with clock_settime(). - update to 1.25.1: * fixes for hush, gunzip, ip route, ntpd - includes changes from 1.25.0: * many added and expanded implementations of command options - includes changes from 1.24.2: * fixes for build system (static build with glibc fixed), truncate, gunzip and unzip. - Update to version 1.24.1 * for a full list of changes see https://www.busybox.net/news.html - Refresh busybox.install.patch - Update to 1.23.2 * for a full list of changes see https://www.busybox.net/news.html - Cleaned up spec file with spec-cleaner - Refreshed patches - update to 1.22.1: Many updates and fixes for most included tools, see see https://www.busybox.net/news.html Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-4253=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-4253=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-4253=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4253=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-4253=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-4253=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-4253=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): busybox-1.35.0-4.3.1 - SUSE OpenStack Cloud 9 (x86_64): busybox-1.35.0-4.3.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): busybox-1.35.0-4.3.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): busybox-1.35.0-4.3.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): busybox-1.35.0-4.3.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): busybox-1.35.0-4.3.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): busybox-1.35.0-4.3.1

References

#1029961 #1064976 #1064978 #1069412 #1099260

#1099263 #1102912 #1121426 #1121428 #1184522

#1191514 #1192869 #914660 #951562 #970662

#970663 #991940

Cross- CVE-2011-5325 CVE-2014-9645 CVE-2015-9261

CVE-2016-2147 CVE-2016-2148 CVE-2016-6301

CVE-2017-15873 CVE-2017-15874 CVE-2017-16544

CVE-2018-1000500 CVE-2018-1000517 CVE-2018-20679

CVE-2019-5747 CVE-2021-28831 CVE-2021-42373

CVE-2021-42374 CVE-2021-42375 CVE-2021-42376

CVE-2021-42377 CVE-2021-42378 CVE-2021-42379

CVE-2021-42380 CVE-2021-42381 CVE-2021-42382

CVE-2021-42383 CVE-2021-42384 CVE-2021-42385

CVE-2021-42386

CVSS scores:

CVE-2011-5325 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVE-2014-9645 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CVE-2015-9261 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVE-2015-9261 (SUSE): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVE-2016-2147 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2016-2148 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2016-6301 (NVD) : 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2017-15873 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVE-2017-15873 (SUSE): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2017-15874 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVE-2017-15874 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CVE-2017-16544 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2017-16544 (SUSE): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2018-1000500 (NVD) : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2018-1000500 (SUSE): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVE-2018-1000517 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2018-1000517 (SUSE): 5.6 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

CVE-2018-20679 (NVD) : 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVE-2018-20679 (SUSE): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVE-2019-5747 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVE-2019-5747 (SUSE): 3.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

CVE-2021-28831 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2021-28831 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2021-42373 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2021-42373 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2021-42374 (NVD) : 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H

CVE-2021-42374 (SUSE): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H

CVE-2021-42375 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2021-42375 (SUSE): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

CVE-2021-42376 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2021-42376 (SUSE): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

CVE-2021-42377 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2021-42377 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2021-42378 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2021-42378 (SUSE): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2021-42379 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2021-42379 (SUSE): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2021-42380 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2021-42380 (SUSE): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2021-42381 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2021-42381 (SUSE): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2021-42382 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2021-42382 (SUSE): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2021-42383 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2021-42383 (SUSE): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2021-42384 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2021-42384 (SUSE): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2021-42385 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2021-42385 (SUSE): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2021-42386 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2021-42386 (SUSE): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Affected Products:

SUSE Linux Enterprise Server 12-SP2-BCL

SUSE Linux Enterprise Server 12-SP3-BCL

SUSE Linux Enterprise Server 12-SP4-LTSS

SUSE Linux Enterprise Server 12-SP5

SUSE Linux Enterprise Server for SAP 12-SP4

SUSE OpenStack Cloud 9

SUSE OpenStack Cloud Crowbar 9

https://www.suse.com/security/cve/CVE-2011-5325.html

https://www.suse.com/security/cve/CVE-2014-9645.html

https://www.suse.com/security/cve/CVE-2015-9261.html

https://www.suse.com/security/cve/CVE-2016-2147.html

https://www.suse.com/security/cve/CVE-2016-2148.html

https://www.suse.com/security/cve/CVE-2016-6301.html

https://www.suse.com/security/cve/CVE-2017-15873.html

https://www.suse.com/security/cve/CVE-2017-15874.html

https://www.suse.com/security/cve/CVE-2017-16544.html

https://www.suse.com/security/cve/CVE-2018-1000500.html

https://www.suse.com/security/cve/CVE-2018-1000517.html

https://www.suse.com/security/cve/CVE-2018-20679.html

https://www.suse.com/security/cve/CVE-2019-5747.html

https://www.suse.com/security/cve/CVE-2021-28831.html

https://www.suse.com/security/cve/CVE-2021-42373.html

https://www.suse.com/security/cve/CVE-2021-42374.html

https://www.suse.com/security/cve/CVE-2021-42375.html

https://www.suse.com/security/cve/CVE-2021-42376.html

https://www.suse.com/security/cve/CVE-2021-42377.html

https://www.suse.com/security/cve/CVE-2021-42378.html

https://www.suse.com/security/cve/CVE-2021-42379.html

https://www.suse.com/security/cve/CVE-2021-42380.html

https://www.suse.com/security/cve/CVE-2021-42381.html

https://www.suse.com/security/cve/CVE-2021-42382.html

https://www.suse.com/security/cve/CVE-2021-42383.html

https://www.suse.com/security/cve/CVE-2021-42384.html

https://www.suse.com/security/cve/CVE-2021-42385.html

https://www.suse.com/security/cve/CVE-2021-42386.html

https://bugzilla.suse.com/1029961

https://bugzilla.suse.com/1064976

https://bugzilla.suse.com/1064978

https://bugzilla.suse.com/1069412

https://bugzilla.suse.com/1099260

https://bugzilla.suse.com/1099263

https://bugzilla.suse.com/1102912

https://bugzilla.suse.com/1121426

https://bugzilla.suse.com/1121428

https://bugzilla.suse.com/1184522

https://bugzilla.suse.com/1191514

https://bugzilla.suse.com/1192869

https://bugzilla.suse.com/914660

https://bugzilla.suse.com/951562

https://bugzilla.suse.com/970662

https://bugzilla.suse.com/970663

https://bugzilla.suse.com/991940

Severity
Announcement ID: SUSE-SU-2022:4253-1
Rating: important

News

Advisories

HOWTOs

Features

A Complete Guide to Security Automation & Reporting Using Open Source Tools
How to Check if Your Linux System is Infected with a Virus
Security Considerations for Azure Linux & Windows Subsystem for Linux Users
Admins Receive Automated Linux Patch Management & Improved Security with ManageEngine Endpoint Central
Linux Malware: The Truth About This Growing Threat [Updated]

About Us

Powered By

Footer Logo

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy. 

Learn More About Our Cookie Policy