Oval Definition:oval:org.opensuse.security:def:73955
Revision Date:2022-01-14Version:1
Title:Security update for busybox (Important) (in QA)
Description:

This update for busybox fixes the following issues:

- CVE-2011-5325: Fixed tar directory traversal (bsc#951562). - CVE-2015-9261: Fixed segfalts and application crashes in huft_build (bsc#1102912). - CVE-2016-2147: Fixed out of bounds write (heap) due to integer underflow in udhcpc (bsc#970663). - CVE-2016-2148: Fixed heap-based buffer overflow in OPTION_6RD parsing (bsc#970662). - CVE-2016-6301: Fixed NTP server denial of service flaw (bsc#991940). - CVE-2017-15873: Fixed integer overflow in get_next_block function in archival/libarchive/decompress_bunzip2.c (bsc#1064976). - CVE-2017-15874: Fixed integer underflow in archival/libarchive/decompress_unlzma.c (bsc#1064978). - CVE-2017-16544: Fixed Insufficient sanitization of filenames when autocompleting (bsc#1069412). - CVE-2018-1000500 : Fixed missing SSL certificate validation in wget (bsc#1099263). - CVE-2018-1000517: Fixed heap-based buffer overflow in the retrieve_file_data() (bsc#1099260). - CVE-2018-20679: Fixed out of bounds read in udhcp (bsc#1121426). - CVE-2019-5747: Fixed out of bounds read in udhcp components (bsc#1121428). - CVE-2021-28831: Fixed invalid free or segmentation fault via malformed gzip data (bsc#1184522). - CVE-2021-42373: Fixed NULL pointer dereference in man leading to DoS when a section name is supplied but no page argument is given (bsc#1192869). - CVE-2021-42374: Fixed out-of-bounds heap read in unlzma leading to information leak and DoS when crafted LZMA-compressed input is decompressed (bsc#1192869). - CVE-2021-42375: Fixed incorrect handling of a special element in ash leading to DoS when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters (bsc#1192869). - CVE-2021-42376: Fixed NULL pointer dereference in hush leading to DoS when processing a crafted shell command (bsc#1192869). - CVE-2021-42377: Fixed attacker-controlled pointer free in hush leading to DoS and possible code execution when processing a crafted shell command (bsc#1192869). - CVE-2021-42378: Fixed use-after-free in awk leading to DoS and possibly code execution when processing a crafted awk pattern in the getvar_i function (bsc#1192869). - CVE-2021-42379: Fixed use-after-free in awk leading to DoS and possibly code execution when processing a crafted awk pattern in the next_input_file function (bsc#1192869). - CVE-2021-42380: Fixed use-after-free in awk leading to DoS and possibly code execution when processing a crafted awk pattern in the clrvar function (bsc#1192869). - CVE-2021-42381: Fixed use-after-free in awk leading to DoS and possibly code execution when processing a crafted awk pattern in the hash_init function (bsc#1192869). - CVE-2021-42382: Fixed use-after-free in awk leading to DoS and possibly code execution when processing a crafted awk pattern in the getvar_s function (bsc#1192869). - CVE-2021-42383: Fixed use-after-free in awk leading to DoS and possibly code execution when processing a crafted awk pattern in the evaluate function (bsc#1192869). - CVE-2021-42384: Fixed use-after-free in awk leading to DoS and possibly code execution when processing a crafted awk pattern in the handle_special function (bsc#1192869). - CVE-2021-42385: Fixed use-after-free in awk leading to DoS and possibly code execution when processing a crafted awk pattern in the evaluate function (bsc#1192869). - CVE-2021-42386: Fixed use-after-free in awk leading to DoS and possibly code execution when processing a crafted awk pattern in the nvalloc function (bsc#1192869).

This patch is currently in QA and not yet available for download.
Family:unixClass:patch
Status:Reference(s):1064976
1064978
1065600
1066382
1069412
1099260
1099263
1102912
1121426
1121428
1136666
1149032
1152148
1155798
1156395
1163592
1164648
1170232
1170415
1171000
1171073
1171558
1172419
1172873
1173060
1173267
1174029
1174110
1174111
1174484
1174486
1175263
1175667
1175721
1175749
1175787
1175952
1175996
1175997
1175998
1175999
1176000
1176001
1176022
1176063
1176069
1176354
1177281
1177766
1177799
1177801
1178166
1178173
1178175
1178176
1178177
1178183
1178184
1178185
1178186
1178190
1178191
1178255
1178307
1178330
1178395
1184522
1192869
951562
970662
970663
991940
CVE-2011-5325
CVE-2015-9261
CVE-2016-2147
CVE-2016-2148
CVE-2016-6301
CVE-2017-15873
CVE-2017-15874
CVE-2017-16544
CVE-2018-1000500
CVE-2018-1000517
CVE-2018-20679
CVE-2019-5747
CVE-2020-14386
CVE-2020-25656
CVE-2020-25705
CVE-2020-8694
CVE-2021-28831
CVE-2021-42373
CVE-2021-42374
CVE-2021-42375
CVE-2021-42376
CVE-2021-42377
CVE-2021-42378
CVE-2021-42379
CVE-2021-42380
CVE-2021-42381
CVE-2021-42382
CVE-2021-42383
CVE-2021-42384
CVE-2021-42385
CVE-2021-42386
SUSE-SU-2020:3273-1
Platform(s):SUSE Linux Enterprise Desktop 15 SP3
SUSE Linux Enterprise High Performance Computing 15 SP3
SUSE Linux Enterprise Module for Basesystem 15 SP3
SUSE Linux Enterprise Module for Live Patching 15 SP2
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2
SUSE Linux Enterprise Server 15 SP3
SUSE Linux Enterprise Server for SAP Applications 15 SP3
SUSE Manager Proxy 4.2
SUSE Manager Server 4.2
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Module for Basesystem 15 SP3 is installed
  • AND Package Information
  • busybox-1.34.1-4.9.1 is installed
  • OR busybox-static-1.34.1-4.9.1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Live Patching 15 SP2 is installed
  • AND Package Information
  • kernel-default-5.3.18-24.37 is installed
  • OR kernel-default-livepatch-5.3.18-24.37 is installed
  • OR kernel-default-livepatch-devel-5.3.18-24.37 is installed
  • OR kernel-livepatch-5_3_18-24_37-default-1-5.3 is installed
  • OR kernel-livepatch-SLE15-SP2_Update_7-1-5.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2 is installed
  • AND Package Information
  • cluster-md-kmp-azure-5.3.18-18.18 is installed
  • OR dlm-kmp-azure-5.3.18-18.18 is installed
  • OR gfs2-kmp-azure-5.3.18-18.18 is installed
  • OR kernel-azure-5.3.18-18.18 is installed
  • OR kernel-azure-extra-5.3.18-18.18 is installed
  • OR kernel-azure-livepatch-devel-5.3.18-18.18 is installed
  • OR kselftests-kmp-azure-5.3.18-18.18 is installed
  • OR ocfs2-kmp-azure-5.3.18-18.18 is installed
  • OR reiserfs-kmp-azure-5.3.18-18.18 is installed
    • BACK