SUSE-SU-2026:0236-1

See a problem?
Please try reporting it to the source first.

Source

https://www.suse.com/support/update/announcement/2026/suse-su-20260236-1/

Import Source

https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:0236-1.json

JSON Data

https://api.osv.dev/v1/vulns/SUSE-SU-2026:0236-1

Upstream

CVE-2025-46394

CVE-2025-60876

Related

Published

2026-01-22T12:25:35Z

Modified

2026-03-23T04:52:03.441719Z

Summary

Security update for busybox

Details

This update for busybox fixes the following issues:

Security issues:

CVE-2025-46394: Fixed tar hidden files via escape sequence (CVE-2025-46394, bsc#1241661)
CVE-2025-60876: Fixed HTTP request header injection in wget (CVE-2025-60876, bsc#1253245)

Other issues:

Set CONFIGFIRSTSYSTEM_ID to 201 to avoid confclict (bsc#1236670)
Fixed unshare -mrpf sh core dump on ppc64le (bsc#1249237)
Fixed adduser inside containers on an SELinux host (bsc#1247779)

References

Affected packages

openSUSE:Leap 15.6

busybox

Package

Name: busybox
Purl: pkg:rpm/opensuse/busybox&distro=openSUSE%20Leap%2015.6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.37.0-150500.10.14.1

Ecosystem specific

{
    "binaries": [
        {
            "busybox-static": "1.37.0-150500.10.14.1",
            "busybox-selinux-tools": "1.37.0-150500.7.9.1",
            "busybox-kmod": "1.37.0-150500.7.9.1",
            "busybox-sh": "1.37.0-150500.7.9.1",
            "busybox-kbd": "1.37.0-150500.7.9.1",
            "busybox-whois": "1.37.0-150500.7.9.1",
            "busybox-telnet": "1.37.0-150500.7.9.1",
            "busybox-bind-utils": "1.37.0-150500.7.9.1",
            "busybox-sendmail": "1.37.0-150500.7.9.1",
            "busybox-vi": "1.37.0-150500.7.9.1",
            "busybox-sysvinit-tools": "1.37.0-150500.7.9.1",
            "busybox-hostname": "1.37.0-150500.7.9.1",
            "busybox-xz": "1.37.0-150500.7.9.1",
            "busybox-cpio": "1.37.0-150500.7.9.1",
            "busybox-iproute2": "1.37.0-150500.7.9.1",
            "busybox-tftp": "1.37.0-150500.7.9.1",
            "busybox-gawk": "1.37.0-150500.7.9.1",
            "busybox-psmisc": "1.37.0-150500.7.9.1",
            "busybox-syslogd": "1.37.0-150500.7.9.1",
            "busybox-udhcpc": "1.37.0-150500.7.9.1",
            "busybox-net-tools": "1.37.0-150500.7.9.1",
            "busybox-util-linux": "1.37.0-150500.7.9.1",
            "busybox-gzip": "1.37.0-150500.7.9.1",
            "busybox-man": "1.37.0-150500.7.9.1",
            "busybox-vlan": "1.37.0-150500.7.9.1",
            "busybox-netcat": "1.37.0-150500.7.9.1",
            "busybox-bzip2": "1.37.0-150500.7.9.1",
            "busybox-hexedit": "1.37.0-150500.7.9.1",
            "busybox-diffutils": "1.37.0-150500.7.9.1",
            "busybox-adduser": "1.37.0-150500.7.9.1",
            "busybox-findutils": "1.37.0-150500.7.9.1",
            "busybox-sharutils": "1.37.0-150500.7.9.1",
            "busybox-traceroute": "1.37.0-150500.7.9.1",
            "busybox-links": "1.37.0-150500.7.9.1",
            "busybox-less": "1.37.0-150500.7.9.1",
            "busybox-testsuite": "1.37.0-150500.10.14.1",
            "busybox-attr": "1.37.0-150500.7.9.1",
            "busybox-wget": "1.37.0-150500.7.9.1",
            "busybox-iputils": "1.37.0-150500.7.9.1",
            "busybox-patch": "1.37.0-150500.7.9.1",
            "busybox-unzip": "1.37.0-150500.7.9.1",
            "busybox-policycoreutils": "1.37.0-150500.7.9.1",
            "busybox-which": "1.37.0-150500.7.9.1",
            "busybox": "1.37.0-150500.10.14.1",
            "busybox-dos2unix": "1.37.0-150500.7.9.1",
            "busybox-misc": "1.37.0-150500.7.9.1",
            "busybox-warewulf3": "1.37.0-150500.10.14.1",
            "busybox-bc": "1.37.0-150500.7.9.1",
            "busybox-sha3sum": "1.37.0-150500.7.9.1",
            "busybox-procps": "1.37.0-150500.7.9.1",
            "busybox-tar": "1.37.0-150500.7.9.1",
            "busybox-coreutils": "1.37.0-150500.7.9.1",
            "busybox-grep": "1.37.0-150500.7.9.1",
            "busybox-ncurses-utils": "1.37.0-150500.7.9.1",
            "busybox-sed": "1.37.0-150500.7.9.1",
            "busybox-ed": "1.37.0-150500.7.9.1",
            "busybox-time": "1.37.0-150500.7.9.1",
            "busybox-tunctl": "1.37.0-150500.7.9.1"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:0236-1.json"

busybox-links

Package

Name: busybox-links
Purl: pkg:rpm/opensuse/busybox-links&distro=openSUSE%20Leap%2015.6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.37.0-150500.7.9.1

Ecosystem specific

{
    "binaries": [
        {
            "busybox-static": "1.37.0-150500.10.14.1",
            "busybox-selinux-tools": "1.37.0-150500.7.9.1",
            "busybox-kmod": "1.37.0-150500.7.9.1",
            "busybox-sh": "1.37.0-150500.7.9.1",
            "busybox-kbd": "1.37.0-150500.7.9.1",
            "busybox-whois": "1.37.0-150500.7.9.1",
            "busybox-telnet": "1.37.0-150500.7.9.1",
            "busybox-bind-utils": "1.37.0-150500.7.9.1",
            "busybox-sendmail": "1.37.0-150500.7.9.1",
            "busybox-vi": "1.37.0-150500.7.9.1",
            "busybox-sysvinit-tools": "1.37.0-150500.7.9.1",
            "busybox-hostname": "1.37.0-150500.7.9.1",
            "busybox-xz": "1.37.0-150500.7.9.1",
            "busybox-cpio": "1.37.0-150500.7.9.1",
            "busybox-iproute2": "1.37.0-150500.7.9.1",
            "busybox-tftp": "1.37.0-150500.7.9.1",
            "busybox-gawk": "1.37.0-150500.7.9.1",
            "busybox-psmisc": "1.37.0-150500.7.9.1",
            "busybox-syslogd": "1.37.0-150500.7.9.1",
            "busybox-udhcpc": "1.37.0-150500.7.9.1",
            "busybox-net-tools": "1.37.0-150500.7.9.1",
            "busybox-util-linux": "1.37.0-150500.7.9.1",
            "busybox-gzip": "1.37.0-150500.7.9.1",
            "busybox-man": "1.37.0-150500.7.9.1",
            "busybox-vlan": "1.37.0-150500.7.9.1",
            "busybox-netcat": "1.37.0-150500.7.9.1",
            "busybox-bzip2": "1.37.0-150500.7.9.1",
            "busybox-hexedit": "1.37.0-150500.7.9.1",
            "busybox-diffutils": "1.37.0-150500.7.9.1",
            "busybox-adduser": "1.37.0-150500.7.9.1",
            "busybox-findutils": "1.37.0-150500.7.9.1",
            "busybox-sharutils": "1.37.0-150500.7.9.1",
            "busybox-traceroute": "1.37.0-150500.7.9.1",
            "busybox-links": "1.37.0-150500.7.9.1",
            "busybox-less": "1.37.0-150500.7.9.1",
            "busybox-testsuite": "1.37.0-150500.10.14.1",
            "busybox-attr": "1.37.0-150500.7.9.1",
            "busybox-wget": "1.37.0-150500.7.9.1",
            "busybox-iputils": "1.37.0-150500.7.9.1",
            "busybox-patch": "1.37.0-150500.7.9.1",
            "busybox-unzip": "1.37.0-150500.7.9.1",
            "busybox-policycoreutils": "1.37.0-150500.7.9.1",
            "busybox-which": "1.37.0-150500.7.9.1",
            "busybox": "1.37.0-150500.10.14.1",
            "busybox-dos2unix": "1.37.0-150500.7.9.1",
            "busybox-misc": "1.37.0-150500.7.9.1",
            "busybox-warewulf3": "1.37.0-150500.10.14.1",
            "busybox-bc": "1.37.0-150500.7.9.1",
            "busybox-sha3sum": "1.37.0-150500.7.9.1",
            "busybox-procps": "1.37.0-150500.7.9.1",
            "busybox-tar": "1.37.0-150500.7.9.1",
            "busybox-coreutils": "1.37.0-150500.7.9.1",
            "busybox-grep": "1.37.0-150500.7.9.1",
            "busybox-ncurses-utils": "1.37.0-150500.7.9.1",
            "busybox-sed": "1.37.0-150500.7.9.1",
            "busybox-ed": "1.37.0-150500.7.9.1",
            "busybox-time": "1.37.0-150500.7.9.1",
            "busybox-tunctl": "1.37.0-150500.7.9.1"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:0236-1.json"

SUSE:Linux Enterprise High Performance Computing 15 SP5-ESPOS

busybox

Package

Name: busybox
Purl: pkg:rpm/suse/busybox&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.37.0-150500.10.14.1

Ecosystem specific

{
    "binaries": [
        {
            "busybox-static": "1.37.0-150500.10.14.1",
            "busybox": "1.37.0-150500.10.14.1"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:0236-1.json"

SUSE:Linux Enterprise High Performance Computing 15 SP5-LTSS

busybox

Package

Name: busybox
Purl: pkg:rpm/suse/busybox&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.37.0-150500.10.14.1

Ecosystem specific

{
    "binaries": [
        {
            "busybox-static": "1.37.0-150500.10.14.1",
            "busybox": "1.37.0-150500.10.14.1"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:0236-1.json"

SUSE:Linux Enterprise Server 15 SP5-LTSS

busybox

Package

Name: busybox
Purl: pkg:rpm/suse/busybox&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.37.0-150500.10.14.1

Ecosystem specific

{
    "binaries": [
        {
            "busybox-static": "1.37.0-150500.10.14.1",
            "busybox": "1.37.0-150500.10.14.1"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:0236-1.json"

SUSE:Linux Enterprise Server 15 SP6-LTSS

busybox

Package

Name: busybox
Purl: pkg:rpm/suse/busybox&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP6-LTSS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.37.0-150500.10.14.1

Ecosystem specific

{
    "binaries": [
        {
            "busybox-static": "1.37.0-150500.10.14.1",
            "busybox": "1.37.0-150500.10.14.1"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:0236-1.json"

SUSE:Linux Enterprise Server for SAP Applications 15 SP5

busybox

Package

Name: busybox
Purl: pkg:rpm/suse/busybox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.37.0-150500.10.14.1

Ecosystem specific

{
    "binaries": [
        {
            "busybox-static": "1.37.0-150500.10.14.1",
            "busybox": "1.37.0-150500.10.14.1"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:0236-1.json"

SUSE:Linux Enterprise Server for SAP Applications 15 SP6

busybox

Package

Name: busybox
Purl: pkg:rpm/suse/busybox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.37.0-150500.10.14.1

Ecosystem specific

{
    "binaries": [
        {
            "busybox-static": "1.37.0-150500.10.14.1",
            "busybox": "1.37.0-150500.10.14.1"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:0236-1.json"