Several security issues were fixed in BusyBox.
Software Description:
- busybox: Tiny utilities for small and embedded systems
Details:
Tyler Hicks discovered that BusyBox incorrectly handled symlinks inside tar
archives. If a user or automated system were tricked into processing a
specially crafted tar archive, a remote attacker could overwrite arbitrary
files outside of the current directory. This issue only affected Ubuntu
14.04 LTS and Ubuntu 16.04 LTS. (CVE-2011-5325)
Mathias Krause discovered that BusyBox incorrectly handled kernel module
loading restrictions. A local attacker could possibly use this issue to
bypass intended restrictions. This issue only affected Ubuntu 14.04 LTS.
(CVE-2014-9645)
It was discovered that BusyBox incorrectly handled certain ZIP archives. If
a user or automated system were tricked into processing a specially crafted
ZIP archive, a remote attacker could cause BusyBox to crash, leading to a
denial of service. This issue on...
The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10: busybox 1:1.27.2-2ubuntu4.1 busybox-initramfs 1:1.27.2-2ubuntu4.1 busybox-static 1:1.27.2-2ubuntu4.1 udhcpc 1:1.27.2-2ubuntu4.1 udhcpd 1:1.27.2-2ubuntu4.1 Ubuntu 18.04 LTS: busybox 1:1.27.2-2ubuntu3.2 busybox-initramfs 1:1.27.2-2ubuntu3.2 busybox-static 1:1.27.2-2ubuntu3.2 udhcpc 1:1.27.2-2ubuntu3.2 udhcpd 1:1.27.2-2ubuntu3.2 Ubuntu 16.04 LTS: busybox 1:1.22.0-15ubuntu1.4 busybox-initramfs 1:1.22.0-15ubuntu1.4 busybox-static 1:1.22.0-15ubuntu1.4 udhcpc 1:1.22.0-15ubuntu1.4 udhcpd 1:1.22.0-15ubuntu1.4 Ubuntu 14.04 LTS: busybox 1:1.21.0-1ubuntu1.4 busybox-initramfs 1:1.21.0-1ubuntu1.4 busybox-static 1:1.21.0-1ubuntu1.4 udhcpc 1:1.21.0-1ubuntu1.4 udhcpd 1:1.21.0-1ubuntu1.4 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-3935-1
CVE-2011-5325, CVE-2014-9645, CVE-2015-9261, CVE-2016-2147,
CVE-2016-2148, CVE-2017-15873, CVE-2017-16544, CVE-2018-1000517,
CVE-2018-20679, CVE-2019-5747
Get the latest Linux and open source security news straight to your inbox.