File _patchinfo of Package patchinfo.26612

Overview Repositories Revisions Requests Users Attributes Meta

File _patchinfo of Package patchinfo.26612

<patchinfo incident="26612">
  <issue tracker="cve" id="2018-1000517"/>
  <issue tracker="cve" id="2014-9645"/>
  <issue tracker="bnc" id="914660">VUL-0: CVE-2014-9645: busybox: strips of / in module names that can lead to loading unwanted modules</issue>
  <issue tracker="bnc" id="1099260">VUL-0: CVE-2018-1000517:busybox:  Heap-based buffer overflow in the retrieve_file_data() function</issue>
  <packager>radolin</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for busybox</summary>
  <description>This update for busybox fixes the following issues:

- CVE-2014-9645: Fixed loading of unwanted module with / in module names (bsc#914660).

- Enable switch_root
  With this change virtme --force-initramfs works as expected.

- Enable udhcpc

Update to 1.35.0:
    
- awk: fix printf %%, fix read beyond end of buffer
- Adjust busybox.config for new features in find, date and cpio 
- chrt: silence analyzer warning
- libarchive: remove duplicate forward declaration
- mount: "mount -o rw ...." should not fall back to RO mount
- ps: fix -o pid=PID,args interpreting entire "PID,args" as header
- tar: prevent malicious archives with long name sizes causing OOM
- udhcpc6: fix udhcp_find_option to actually find DHCP6 options
- xxd: fix -p -r
- support for new optoins added to basename, cpio, date, find, 
  mktemp, wget and others

- Adjust busybox.config for new features in find, date and cpio 
</description>
</patchinfo>

Places

File _patchinfo of Package patchinfo.26612

Places