Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

SUSE: 2022:4253-1 Important: Busybox Security Issues and Fixes

suse
Calendar Grey November 28, 2022
Dist Suse Esm H88
SUSE Security Patch for busybox addresses several critical vulnerabilities. Update your software to enhance system protection.
An update that fixes 28 vulnerabilities is now available

Summary

This update for busybox fixes the following issues: - CVE-2014-9645: Fixed loading of unwanted modules with / (bsc#914660). - CVE-2017-16544: Fixed insufficient sanitization of filenames when autocompleting (bsc#1069412). - CVE-2015-9261: Fixed huft_build misuses a pointer, causing segfaults (bsc#1102912). - CVE-2016-2147: Fixed out of bounds write (heap) due to integer underflow in udhcpc (bsc#970663). - CVE-2016-2148: Fixed heap-based buffer overflow in OPTION_6RD parsing (bsc#970662). - CVE-2016-6301: Fixed NTP server denial of service flaw (bsc#991940). - CVE-2017-15873: Fixed integer overflow in get_next_block function in archival/libarchive/decompress_bunzip2.c (bsc#1064976). - CVE-2017-15874: Fixed integer overflow in archival/libarchive/decompress_unlzma (bsc#1064978).

Topics%20covered

Topics Covered

security advisory denial of service software update patch important SUSE busybox

References

#1029961 #1064976 #1064978 #1069412 #1099260

#1099263 #1102912 #1121426 #1121428 #1184522

#1191514 #1192869 #914660 #951562 #970662

#970663 #991940

Cross- CVE-2011-5325 CVE-2014-9645 CVE-2015-9261

CVE-2016-2147 CVE-2016-2148 CVE-2016-6301

CVE-2017-15873 CVE-2017-15874 CVE-2017-16544

CVE-2018-1000500 CVE-2018-1000517 CVE-2018-20679

CVE-2019-5747 CVE-2021-28831 CVE-2021-42373

CVE-2021-42374 CVE-2021-42375 CVE-2021-42376

CVE-2021-42377 CVE-2021-42378 CVE-2021-42379

CVE-2021-42380 CVE-2021-42381 CVE-2021-42382

CVE-2021-42383 CVE-2021-42384 CVE-2021-42385

CVE-2021-42386

CVSS scores:

CVE-2011-5325 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVE-2014-9645 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N...

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:4253-1
Rating: important

Topics%20covered

Topics Covered

security advisory denial of service software update patch important SUSE busybox

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here