UbuntuUpdates.org

Package "busybox"




Name: busybox

Description:

Tiny utilities for small and embedded systems
Latest version: *DELETED*
Release: bionic (18.04)
Level: proposed
Repository: universe
Homepage: http://www.busybox.net

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "busybox"

APT INSTALL

Other versions of "busybox" in Bionic

Repository Area Version
base universe 1:1.27.2-2ubuntu3
base main 1:1.27.2-2ubuntu3
security universe 1:1.27.2-2ubuntu3.4
security main 1:1.27.2-2ubuntu3.4
updates main 1:1.27.2-2ubuntu3.4
updates universe 1:1.27.2-2ubuntu3.4

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: *DELETED* 2019-03-07 19:06:24 UTC
No changelog for deleted or moved packages.

Version: 1:1.27.2-2ubuntu3.1 2019-02-09 00:07:12 UTC

  busybox (1:1.27.2-2ubuntu3.1) bionic; urgency=medium

  * Fix symlink handling (LP: #1753572)
    - debian/patches/CVE-2011-5325-2.patch: re-enable patch.
    - debian/patches/CVE-2011-5325-3.patch:postpone creation of symlinks
      with "suspicious" targets in archival/libarchive/data_extract_all.c,
      archival/libarchive/unsafe_symlink_target.c, archival/tar.c,
      include/bb_archive.h, testsuite/tar.tests.
    - debian/patches/CVE-2011-5325-4.patch: extract "unsafe" symlinks
      the same way tar/unzip does in archival/cpio.c.
    - debian/patches/CVE-2011-5325-5.patch: fix symlink creation in
      archival/libarchive/get_header_ar.c.

 -- Marc Deslauriers <email address hidden> Thu, 17 Jan 2019 13:16:38 -0500
1753572 cpio in Busybox 1.27 ingnores \
CVE-2011-5325 Directory traversal vulnerability in the BusyBox implementation of tar before 1.22.0 v5 allows remote attackers to point to files outside the current


About   -   Send Feedback to @ubuntu_updates