Ubuntu 5179-2: BusyBox vulnerability | LinuxSecurity.com
==========================================================================
Ubuntu Security Notice USN-5179-2
May 10, 2022

busybox vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 ESM

Summary:

BusyBox could be made to crash or run programs if it received specially
crafted input.

Software Description:
- busybox: Tiny utilities for small and embedded systems

Details:

USN-5179-1 fixed vulnerabilities in BusyBox. This update provides the
corresponding updates for Ubuntu 16.04 ESM.

Original advisory details:

  It was discovered that BusyBox incorrectly handled certain malformed gzip
  archives. If a user or automated system were tricked into processing a
  specially crafted gzip archive, a remote attacker could use this issue to
  cause BusyBox to crash, resulting in a denial of service, or possibly
  execute arbitrary code. (CVE-2021-28831)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 ESM:
   busybox                         1:1.22.0-15ubuntu1.4+esm1
   busybox-initramfs               1:1.22.0-15ubuntu1.4+esm1
   busybox-static                  1:1.22.0-15ubuntu1.4+esm1

In general, a standard system update will make all the necessary changes.

References:
   https://ubuntu.com/security/notices/USN-5179-2
   https://ubuntu.com/security/notices/USN-5179-1
   CVE-2021-28831

Ubuntu 5179-2: BusyBox vulnerability

May 10, 2022

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM Summary: BusyBox could be made to crash or run programs if it received specially crafted input. Software Description: - busybox: Tiny utilities for small and embedded systems Details: USN-5179-1 fixed vulnerabilities in BusyBox. This update provides the corresponding updates for Ubuntu 16.04 ESM. Original advisory details:  It was discovered that BusyBox incorrectly handled certain malformed gzip  archives. If a user or automated system were tricked into processing a  specially crafted gzip archive, a remote attacker could use this issue to  cause BusyBox to crash, resulting in a denial of service, or possibly  execute arbitrary code. (CVE-2021-28831)

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM:   busybox                         1:1.22.0-15ubuntu1.4+esm1   busybox-initramfs               1:1.22.0-15ubuntu1.4+esm1   busybox-static                  1:1.22.0-15ubuntu1.4+esm1 In general, a standard system update will make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-5179-2

  https://ubuntu.com/security/notices/USN-5179-1

  CVE-2021-28831

Severity
Ubuntu Security Notice USN-5179-2

Package Information

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.