openSUSE-SU-2021:1408-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2021:1408-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/openSUSE-SU-2021:1408-1
- Related
- Published
- 2021-10-31T14:53:16Z
- Modified
- 2021-10-31T14:53:16Z
- Summary
- Security update for busybox
- Details
-
This update for busybox fixes the following issues:
- CVE-2021-28831: Fixed invalid free or segmentation fault via malformed gzip data (bsc#1184522).
- CVE-2018-20679: Fixed out of bounds read in udhcp (bsc#1121426).
- CVE-2018-1000517: Fixed buffer overflow in the retrievefiledata() (bsc#1099260).
- CVE-2011-5325: Fixed a directory traversal related to 'tar' command (bsc#951562).
- CVE-2018-1000500: Fixed missing SSL certificate validation related to the 'wget' command (bsc#1099263).
This update was imported from the SUSE:SLE-15:Update update project.
- References
-
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LTZHQ6OAWXY23IUCNO7X25C5CHHCWLOM/
- https://bugzilla.suse.com/1099260
- https://bugzilla.suse.com/1099263
- https://bugzilla.suse.com/1121426
- https://bugzilla.suse.com/1184522
- https://bugzilla.suse.com/951562
- https://www.suse.com/security/cve/CVE-2011-5325
- https://www.suse.com/security/cve/CVE-2018-1000500
- https://www.suse.com/security/cve/CVE-2018-1000517
- https://www.suse.com/security/cve/CVE-2018-20679
- https://www.suse.com/security/cve/CVE-2021-28831
Affected packages
openSUSE:Leap 15.2 / busybox
Package
- Name
- busybox
- Purl
- pkg:rpm/opensuse/busybox&distro=openSUSE%20Leap%2015.2