UbuntuUpdates.org

Package "busybox-initramfs"

Name: busybox-initramfs

Description:

Standalone shell setup for initramfs

Latest version: 1:1.36.1-6ubuntu3.1
Release: noble (24.04)
Level: security
Repository: main
Head package: busybox
Homepage: http://www.busybox.net

Links


Download "busybox-initramfs"


Other versions of "busybox-initramfs" in Noble

Repository Area Version
base main 1:1.36.1-6ubuntu3
updates main 1:1.36.1-6ubuntu3.1

Changelog

Version: 1:1.36.1-6ubuntu3.1 2024-08-14 21:07:18 UTC

  busybox (1:1.36.1-6ubuntu3.1) noble-security; urgency=medium

  * SECURITY UPDATE: stack overflow in ash
    - debian/patches/CVE-2022-48174.patch: error out on number followed by
      another number or variable name in shell/math.c.
    - CVE-2022-48174
  * SECURITY UPDATE: use after free in awk
    - debian/patches/CVE-2023-42364.patch: fix precedence of = relative to ==
      in editors/awk.c.
    - debian/patches/fix-awk-assignment-precedence.patch: restore assignment
      precedence to be lower than ternary ?: in editors/awk.c.
    - CVE-2023-42364, CVE-2023-42365
  * SECURITY UPDATE: use after free in awk
    - debian/patches/CVE-2023-42363.patch: get L.s after R.v is evaluated in
      editors/awk.c.
    - CVE-2023-42363

 -- Octavio Galland <email address hidden> Tue, 13 Aug 2024 10:42:58 -0300

CVE-2022-48174 There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be e
CVE-2023-42364 A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate func
CVE-2023-42365 A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function.
CVE-2023-42363 A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.



About   -   Send Feedback to @ubuntu_updates