Package "busybox"
| Name: |
busybox
|
Description: |
This package is just an umbrella for a group of other packages,
it has no description.
Description samples from packages in group:
- Standalone shell setup for initramfs
- Standalone rescue shell with tons of builtin utilities
- Provides syslogd and klogd using busybox
|
| Latest version: |
1:1.36.1-6ubuntu3.1 |
| Release: |
noble (24.04) |
| Level: |
updates |
| Repository: |
main |
Links
Other versions of "busybox" in Noble
Packages in group
Deleted packages are displayed in grey.
Changelog
|
busybox (1:1.36.1-6ubuntu3.1) noble-security; urgency=medium
* SECURITY UPDATE: stack overflow in ash
- debian/patches/CVE-2022-48174.patch: error out on number followed by
another number or variable name in shell/math.c.
- CVE-2022-48174
* SECURITY UPDATE: use after free in awk
- debian/patches/CVE-2023-42364.patch: fix precedence of = relative to ==
in editors/awk.c.
- debian/patches/fix-awk-assignment-precedence.patch: restore assignment
precedence to be lower than ternary ?: in editors/awk.c.
- CVE-2023-42364, CVE-2023-42365
* SECURITY UPDATE: use after free in awk
- debian/patches/CVE-2023-42363.patch: get L.s after R.v is evaluated in
editors/awk.c.
- CVE-2023-42363
-- Octavio Galland <email address hidden> Tue, 13 Aug 2024 10:42:58 -0300
|
| CVE-2022-48174 |
There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be e |
| CVE-2023-42364 |
A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate func |
| CVE-2023-42365 |
A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function. |
| CVE-2023-42363 |
A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1. |
|
About
-
Send Feedback to @ubuntu_updates
