CLSA-2025-1762269073
See a problem?- Import Source
- https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2025-1762269073.json
- JSON Data
- https://api.osv.dev/v1/vulns/CLSA-2025-1762269073
- Upstream
- Published
- 2025-11-04T15:11:26Z
- Modified
- 2026-06-04T09:45:08.690184411Z
- Summary
- Fix CVE(s): CVE-2018-1000500, CVE-2022-28391, CVE-2023-39810
- Details
-
- SECURITY UPDATE: missing SSL certificate validation vulnerability in wget
- debian/patches/CVE-2018-1000500-1.patch: implement TLS verification with CENABLEFEATUREWGET_OPENSSL
- debian/patches/CVE 2018-1000500-2.patch: fix openssl options for cert verification
- CVE-2018-1000500
- SECURITY UPDATE: escape sequence injection attack
- debian/patches/CVE-2022-28391-1.patch: sockaddr2str: ensure only printable characters are returned for the hostname part
- debian/patches/CVE-2022-28391-2.patch: nslookup: sanitize all printed strings
- CVE-2022-28391
- SECURITY UPDATE: directory traversal vulnerability in CPIO command
- debian/patches/CVE-2023-39810.patch: archival: disallow path traversals
- debian/config/pkg/*: regenerate to add the new FEATUREPATHTRAVERSAL_PROTECTION option
- CVE-2023-39810
- SECURITY UPDATE: missing SSL certificate validation vulnerability in wget
- References
Affected packages
TuxCare:Debian:10 / busybox
Package
- Name
- busybox
- Purl
- pkg:deb/tuxcare/busybox?distro=debian-10
TuxCare:Debian:10 / busybox-static
Package
- Name
- busybox-static
- Purl
- pkg:deb/tuxcare/busybox-static?distro=debian-10
TuxCare:Debian:10 / busybox-syslogd
Package
- Name
- busybox-syslogd
- Purl
- pkg:deb/tuxcare/busybox-syslogd?distro=debian-10
TuxCare:Debian:10 / udhcpc
Package
- Name
- udhcpc
- Purl
- pkg:deb/tuxcare/udhcpc?distro=debian-10