Описание
Security update for busybox
This update for busybox fixes the following issues:
-
CVE-2014-9645: Fixed loading of unwanted module with / in module names (bsc#914660).
-
Enable switch_root With this change virtme --force-initramfs works as expected.
-
Enable udhcpc
Update to 1.35.0:
-
awk: fix printf %%, fix read beyond end of buffer
-
Adjust busybox.config for new features in find, date and cpio
-
chrt: silence analyzer warning
-
libarchive: remove duplicate forward declaration
-
mount: 'mount -o rw ....' should not fall back to RO mount
-
ps: fix -o pid=PID,args interpreting entire 'PID,args' as header
-
tar: prevent malicious archives with long name sizes causing OOM
-
udhcpc6: fix udhcp_find_option to actually find DHCP6 options
-
xxd: fix -p -r
-
support for new optoins added to basename, cpio, date, find, mktemp, wget and others
-
Adjust busybox.config for new features in find, date and cpio
Список пакетов
SUSE Enterprise Storage 6
SUSE Enterprise Storage 7
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15-ESPOS
SUSE Linux Enterprise High Performance Computing 15-LTSS
SUSE Linux Enterprise Module for Basesystem 15 SP3
SUSE Linux Enterprise Server 15 SP1-BCL
SUSE Linux Enterprise Server 15 SP1-LTSS
SUSE Linux Enterprise Server 15 SP2-BCL
SUSE Linux Enterprise Server 15 SP2-LTSS
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Server for SAP Applications 15
SUSE Linux Enterprise Server for SAP Applications 15 SP1
SUSE Linux Enterprise Server for SAP Applications 15 SP2
SUSE Manager Proxy 4.1
SUSE Manager Retail Branch Server 4.1
SUSE Manager Server 4.1
openSUSE Leap 15.3
Ссылки
- Link for SUSE-SU-2022:4260-1
- E-Mail link for SUSE-SU-2022:4260-1
- SUSE Security Ratings
- SUSE Bug 1099260
- SUSE Bug 914660
- SUSE CVE CVE-2014-9645 page
- SUSE CVE CVE-2018-1000517 page
Описание
The add_probe function in modutils/modprobe.c in BusyBox before 1.23.0 allows local users to bypass intended restrictions on loading kernel modules via a / (slash) character in a module name, as demonstrated by an "ifconfig /usbserial up" command or a "mount -t /snd_pcm none /" command.
Затронутые продукты
Ссылки
- CVE-2014-9645
- SUSE Bug 914423
- SUSE Bug 914660
Описание
BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e contains a Buffer Overflow vulnerability in Busybox wget that can result in heap buffer overflow. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in after commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e.
Затронутые продукты
Ссылки
- CVE-2018-1000517
- SUSE Bug 1099260