SUSE-SU-2022:4371-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2022:4371-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2022:4371-1
Related
Published
2022-12-08T16:19:54Z
Modified
2022-12-08T16:19:54Z
Summary
Security update for busybox
Details

This update for busybox fixes the following issues:

  • CVE-2022-30065: Fixed use-after-free in the AWK applet (bsc#1199744).

  • CVE-2014-9645: Fixed loading of unwanted module with / in module names (bsc#914660).

  • Update to 1.35.0 also introduced:

    • awk: fix printf %%, fix read beyond end of buffer
    • chrt: silence analyzer warning
    • libarchive: remove duplicate forward declaration
    • mount: 'mount -o rw ....' should not fall back to RO mount
    • ps: fix -o pid=PID,args interpreting entire 'PID,args' as header
    • tar: prevent malicious archives with long name sizes causing OOM
    • udhcpc6: fix udhcpfindoption to actually find DHCP6 options
    • xxd: fix -p -r
    • support for new optoins added to basename, cpio, date, find, mktemp, wget and others
References

Affected packages

SUSE:Linux Enterprise Module for Basesystem 15 SP4 / busybox

Package

Name
busybox
Purl
purl:rpm/suse/busybox&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.35.0-150400.3.8.1

Ecosystem specific 

{
    "binaries": [
        {
            "busybox": "1.35.0-150400.3.8.1",
            "busybox-static": "1.35.0-150400.3.8.1"
        }
    ]
}

openSUSE:Leap 15.4 / busybox

Package

Name
busybox
Purl
purl:rpm/suse/busybox&distro=openSUSE%20Leap%2015.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.35.0-150400.3.8.1

Ecosystem specific 

{
    "binaries": [
        {
            "busybox-ed": "1.35.0-150400.4.3.14",
            "busybox-vi": "1.35.0-150400.4.3.14",
            "busybox-attr": "1.35.0-150400.4.3.14",
            "busybox-time": "1.35.0-150400.4.3.14",
            "busybox-whois": "1.35.0-150400.4.3.14",
            "busybox-net-tools": "1.35.0-150400.4.3.14",
            "busybox-unzip": "1.35.0-150400.4.3.14",
            "busybox-testsuite": "1.35.0-150400.3.8.1",
            "busybox-xz": "1.35.0-150400.4.3.14",
            "busybox-iputils": "1.35.0-150400.4.3.14",
            "busybox-gzip": "1.35.0-150400.4.3.14",
            "busybox-gawk": "1.35.0-150400.4.3.14",
            "busybox-syslogd": "1.35.0-150400.4.3.14",
            "busybox-kmod": "1.35.0-150400.4.3.14",
            "busybox-kbd": "1.35.0-150400.4.3.14",
            "busybox-netcat": "1.35.0-150400.4.3.14",
            "busybox-util-linux": "1.35.0-150400.4.3.14",
            "busybox-sh": "1.35.0-150400.4.3.14",
            "busybox-bind-utils": "1.35.0-150400.4.3.14",
            "busybox-adduser": "1.35.0-150400.4.3.14",
            "busybox-sendmail": "1.35.0-150400.4.3.14",
            "busybox-sed": "1.35.0-150400.4.3.14",
            "busybox-man": "1.35.0-150400.4.3.14",
            "busybox-patch": "1.35.0-150400.4.3.14",
            "busybox-wget": "1.35.0-150400.4.3.14",
            "busybox-iproute2": "1.35.0-150400.4.3.14",
            "busybox-diffutils": "1.35.0-150400.4.3.14",
            "busybox-cpio": "1.35.0-150400.4.3.14",
            "busybox": "1.35.0-150400.3.8.1",
            "busybox-less": "1.35.0-150400.4.3.14",
            "busybox-coreutils": "1.35.0-150400.4.3.14",
            "busybox-grep": "1.35.0-150400.4.3.14",
            "busybox-tftp": "1.35.0-150400.4.3.14",
            "busybox-which": "1.35.0-150400.4.3.14",
            "busybox-procps": "1.35.0-150400.4.3.14",
            "busybox-selinux-tools": "1.35.0-150400.4.3.14",
            "busybox-bzip2": "1.35.0-150400.4.3.14",
            "busybox-tar": "1.35.0-150400.4.3.14",
            "busybox-findutils": "1.35.0-150400.4.3.14",
            "busybox-vlan": "1.35.0-150400.4.3.14",
            "busybox-links": "1.35.0-150400.4.3.14",
            "busybox-psmisc": "1.35.0-150400.4.3.14",
            "busybox-ncurses-utils": "1.35.0-150400.4.3.14",
            "busybox-dos2unix": "1.35.0-150400.4.3.14",
            "busybox-sysvinit-tools": "1.35.0-150400.4.3.14",
            "busybox-warewulf3": "1.35.0-150400.3.8.1",
            "busybox-telnet": "1.35.0-150400.4.3.14",
            "busybox-bc": "1.35.0-150400.4.3.14",
            "busybox-misc": "1.35.0-150400.4.3.14",
            "busybox-tunctl": "1.35.0-150400.4.3.14",
            "busybox-policycoreutils": "1.35.0-150400.4.3.14",
            "busybox-traceroute": "1.35.0-150400.4.3.14",
            "busybox-hostname": "1.35.0-150400.4.3.14",
            "busybox-sharutils": "1.35.0-150400.4.3.14",
            "busybox-static": "1.35.0-150400.3.8.1"
        }
    ]
}

openSUSE:Leap 15.4 / busybox-links

Package

Name
busybox-links
Purl
purl:rpm/suse/busybox-links&distro=openSUSE%20Leap%2015.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.35.0-150400.4.3.14

Ecosystem specific 

{
    "binaries": [
        {
            "busybox-ed": "1.35.0-150400.4.3.14",
            "busybox-vi": "1.35.0-150400.4.3.14",
            "busybox-attr": "1.35.0-150400.4.3.14",
            "busybox-time": "1.35.0-150400.4.3.14",
            "busybox-whois": "1.35.0-150400.4.3.14",
            "busybox-net-tools": "1.35.0-150400.4.3.14",
            "busybox-unzip": "1.35.0-150400.4.3.14",
            "busybox-testsuite": "1.35.0-150400.3.8.1",
            "busybox-xz": "1.35.0-150400.4.3.14",
            "busybox-iputils": "1.35.0-150400.4.3.14",
            "busybox-gzip": "1.35.0-150400.4.3.14",
            "busybox-gawk": "1.35.0-150400.4.3.14",
            "busybox-syslogd": "1.35.0-150400.4.3.14",
            "busybox-kmod": "1.35.0-150400.4.3.14",
            "busybox-kbd": "1.35.0-150400.4.3.14",
            "busybox-netcat": "1.35.0-150400.4.3.14",
            "busybox-util-linux": "1.35.0-150400.4.3.14",
            "busybox-sh": "1.35.0-150400.4.3.14",
            "busybox-bind-utils": "1.35.0-150400.4.3.14",
            "busybox-adduser": "1.35.0-150400.4.3.14",
            "busybox-sendmail": "1.35.0-150400.4.3.14",
            "busybox-sed": "1.35.0-150400.4.3.14",
            "busybox-man": "1.35.0-150400.4.3.14",
            "busybox-patch": "1.35.0-150400.4.3.14",
            "busybox-wget": "1.35.0-150400.4.3.14",
            "busybox-iproute2": "1.35.0-150400.4.3.14",
            "busybox-diffutils": "1.35.0-150400.4.3.14",
            "busybox-cpio": "1.35.0-150400.4.3.14",
            "busybox": "1.35.0-150400.3.8.1",
            "busybox-less": "1.35.0-150400.4.3.14",
            "busybox-coreutils": "1.35.0-150400.4.3.14",
            "busybox-grep": "1.35.0-150400.4.3.14",
            "busybox-tftp": "1.35.0-150400.4.3.14",
            "busybox-which": "1.35.0-150400.4.3.14",
            "busybox-procps": "1.35.0-150400.4.3.14",
            "busybox-selinux-tools": "1.35.0-150400.4.3.14",
            "busybox-bzip2": "1.35.0-150400.4.3.14",
            "busybox-tar": "1.35.0-150400.4.3.14",
            "busybox-findutils": "1.35.0-150400.4.3.14",
            "busybox-vlan": "1.35.0-150400.4.3.14",
            "busybox-links": "1.35.0-150400.4.3.14",
            "busybox-psmisc": "1.35.0-150400.4.3.14",
            "busybox-ncurses-utils": "1.35.0-150400.4.3.14",
            "busybox-dos2unix": "1.35.0-150400.4.3.14",
            "busybox-sysvinit-tools": "1.35.0-150400.4.3.14",
            "busybox-warewulf3": "1.35.0-150400.3.8.1",
            "busybox-telnet": "1.35.0-150400.4.3.14",
            "busybox-bc": "1.35.0-150400.4.3.14",
            "busybox-misc": "1.35.0-150400.4.3.14",
            "busybox-tunctl": "1.35.0-150400.4.3.14",
            "busybox-policycoreutils": "1.35.0-150400.4.3.14",
            "busybox-traceroute": "1.35.0-150400.4.3.14",
            "busybox-hostname": "1.35.0-150400.4.3.14",
            "busybox-sharutils": "1.35.0-150400.4.3.14",
            "busybox-static": "1.35.0-150400.3.8.1"
        }
    ]
}