Discover Government News

=========================================================================Ubuntu Security Notice USN-5179-2
May 10, 2022

busybox vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 ESM

Summary:

BusyBox could be made to crash or run programs if it received specially
crafted input.

Software Description:
- busybox: Tiny utilities for small and embedded systems

Details:

USN-5179-1 fixed vulnerabilities in BusyBox. This update provides the
corresponding updates for Ubuntu 16.04 ESM.

Original advisory details:

  It was discovered that BusyBox incorrectly handled certain malformed gzip
  archives. If a user or automated system were tricked into processing a
  specially crafted gzip archive, a remote attacker could use this issue to
  cause BusyBox to crash, resulting in a denial of service, or possibly
  execute arbitrary code. (CVE-2021-28831)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 ESM:
   busybox                         1:1.22.0-15ubuntu1.4+esm1
   busybox-initramfs               1:1.22.0-15ubuntu1.4+esm1
   busybox-static                  1:1.22.0-15ubuntu1.4+esm1

In general, a standard system update will make all the necessary changes.

References:
   https://ubuntu.com/security/notices/USN-5179-2
   https://ubuntu.com/security/notices/USN-5179-1
   CVE-2021-28831

Ubuntu 5179-2: BusyBox vulnerability

May 10, 2022
BusyBox could be made to crash or run programs if it received specially crafted input.

Summary

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM:   busybox                         1:1.22.0-15ubuntu1.4+esm1   busybox-initramfs               1:1.22.0-15ubuntu1.4+esm1   busybox-static                  1:1.22.0-15ubuntu1.4+esm1 In general, a standard system update will make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-5179-2

  https://ubuntu.com/security/notices/USN-5179-1

  CVE-2021-28831

Severity
May 10, 2022

Package Information

Related News