UbuntuUpdates.org

Package "busybox"

Name: busybox

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Standalone shell setup for initramfs
  • Standalone rescue shell with tons of builtin utilities
  • Provides syslogd and klogd using busybox

Latest version: 1:1.36.1-6ubuntu3.1
Release: noble (24.04)
Level: security
Repository: main

Links



Other versions of "busybox" in Noble

Repository Area Version
base universe 1:1.36.1-6ubuntu3
base main 1:1.36.1-6ubuntu3
security universe 1:1.36.1-6ubuntu3.1
updates main 1:1.36.1-6ubuntu3.1
updates universe 1:1.36.1-6ubuntu3.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1:1.36.1-6ubuntu3.1 2024-08-14 21:07:18 UTC

  busybox (1:1.36.1-6ubuntu3.1) noble-security; urgency=medium

  * SECURITY UPDATE: stack overflow in ash
    - debian/patches/CVE-2022-48174.patch: error out on number followed by
      another number or variable name in shell/math.c.
    - CVE-2022-48174
  * SECURITY UPDATE: use after free in awk
    - debian/patches/CVE-2023-42364.patch: fix precedence of = relative to ==
      in editors/awk.c.
    - debian/patches/fix-awk-assignment-precedence.patch: restore assignment
      precedence to be lower than ternary ?: in editors/awk.c.
    - CVE-2023-42364, CVE-2023-42365
  * SECURITY UPDATE: use after free in awk
    - debian/patches/CVE-2023-42363.patch: get L.s after R.v is evaluated in
      editors/awk.c.
    - CVE-2023-42363

 -- Octavio Galland <email address hidden> Tue, 13 Aug 2024 10:42:58 -0300

CVE-2022-48174 There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be e
CVE-2023-42364 A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate func
CVE-2023-42365 A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function.
CVE-2023-42363 A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.



About   -   Send Feedback to @ubuntu_updates