Package "busybox-static"
Name: |
busybox-static
|
Description: |
Standalone rescue shell with tons of builtin utilities
|
Latest version: |
1:1.30.1-4ubuntu6.5 |
Release: |
focal (20.04) |
Level: |
updates |
Repository: |
main |
Head package: |
busybox |
Homepage: |
http://www.busybox.net |
Links
Download "busybox-static"
Other versions of "busybox-static" in Focal
Changelog
busybox (1:1.30.1-4ubuntu6.5) focal-security; urgency=medium
* SECURITY UPDATE: stack overflow in ash
- debian/patches/CVE-2022-48174.patch: error out on number followed by
another number or variable name in shell/math.c.
- CVE-2022-48174
-- Octavio Galland <email address hidden> Tue, 13 Aug 2024 10:37:04 -0300
|
Source diff to previous version |
CVE-2022-48174 |
There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be e |
|
busybox (1:1.30.1-4ubuntu6.4) focal-security; urgency=medium
* SECURITY UPDATE: invalid free or segfault via gzip data
- debian/patches/CVE-2021-28831.patch: fix DoS if gzip is corrupt in
archival/libarchive/decompress_gunzip.c.
- CVE-2021-28831
* SECURITY UPDATE: OOB read in unlzma
- debian/patches/CVE-2021-42374.patch: fix a case where we could read
before beginning of buffer in archival/libarchive/decompress_unlzma.c,
testsuite/unlzma.tests.
- CVE-2021-42374
* SECURITY UPDATE: multiple security issues in awk
- debian/patches/CVE-2021-423xx-awk.patch: backport awk.c from
busybox 1.34.1.
- CVE-2021-42378, CVE-2021-42379, CVE-2021-42380, CVE-2021-42381,
CVE-2021-42382, CVE-2021-42384, CVE-2021-42385, CVE-2021-42386
-- Marc Deslauriers <email address hidden> Wed, 24 Nov 2021 14:02:55 -0500
|
Source diff to previous version |
CVE-2021-28831 |
decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentatio |
CVE-2021-42374 |
An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompres |
CVE-2021-42378 |
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_i |
CVE-2021-42379 |
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_inp |
CVE-2021-42380 |
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the clrvar f |
CVE-2021-42381 |
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the hash_ini |
CVE-2021-42382 |
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_s |
CVE-2021-42384 |
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handle_s |
CVE-2021-42385 |
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate |
CVE-2021-42386 |
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc |
|
busybox (1:1.30.1-4ubuntu6.3) focal; urgency=medium
* cherry-pick settimeofday for glibc v2.31+ compatibility fix for upstream
(LP: #1888543)
-- Balint Reczey <email address hidden> Wed, 11 Nov 2020 13:15:02 +0100
|
Source diff to previous version |
1888543 |
hwclock: fails to set time on glibc 2.31 |
|
busybox (1:1.30.1-4ubuntu6.2) focal-security; urgency=medium
* SECURITY UPDATE: missing ssl cert validation in wget applet
- debian/patches/CVE-2018-1000500-2.patch: fix openssl options for cert
verification in networking/wget.c.
- CVE-2018-1000500
-- Marc Deslauriers <email address hidden> Fri, 18 Sep 2020 09:47:43 -0400
|
Source diff to previous version |
CVE-2018-1000500 |
Busybox contains a Missing SSL certificate validation vulnerability in The "busybox wget" applet that can result in arbitrary code execution. This at |
|
busybox (1:1.30.1-4ubuntu6.1) focal; urgency=medium
* Enable TLS verification with OpenSSL. LP: #1879533
* Enable TLS in initramfs flavour of wget applet, requires openssl. LP:
#1879525
-- Dimitri John Ledkov <email address hidden> Tue, 19 May 2020 16:16:23 +0100
|
1879533 |
busybox does not verify TLS connections with CONFIG_FEATURE_WGET_OPENSSL=y and CONFIG_FEATURE_WGET_HTTPS unset, and doesn't warn either about it |
|
About
-
Send Feedback to @ubuntu_updates