Paketname
busybox
Datum
2012-08-10
Advisory ID
MDVSA-2012:129-1
Betroffene Versionen
2011 i586 , 2011 x86_64

Problembeschreibung

Multiple vulnerabilities was found and corrected in busybox:

The decompress function in ncompress allows remote attackers to cause
a denial of service (crash), and possibly execute arbitrary code,
via crafted data that leads to a buffer underflow (CVE-2006-1168).

A missing DHCP option checking / sanitization flaw was reported for
multiple DHCP clients. This flaw may allow DHCP server to trick DHCP
clients to set e.g. system hostname to a specially crafted value
containing shell special characters. Various scripts assume that
hostname is trusted, which may lead to code execution when hostname
is specially crafted (CVE-2011-2716).

Additionally for Mandriva Enterprise Server 5 various problems in
the ka-deploy and uClibc packages was discovered and fixed with
this advisory.

The updated packages have been patched to correct these issues.

Update:

The wrong set of packages was sent out with the MDVSA-2012:129 advisory
that lacked the fix for CVE-2006-1168. This advisory provides the
correct packages.

Aktualisierte Pakete

2011 i586

 bf11b9be27bee497a7033176f75786eb  2011/i586/busybox-1.18.4-3.2-mdv2011.0.i586.rpm
 a00544fb8799067f766cf8aa480d4e69  2011/i586/busybox-static-1.18.4-3.2-mdv2011.0.i586.rpm 
 c906766804857a5ba80599610e380675  2011/SRPMS/busybox-1.18.4-3.2.src.rpm

2011 x86_64

 af067c810ef4efc245b3de0cdf1e0d36  2011/x86_64/busybox-1.18.4-3.2-mdv2011.0.x86_64.rpm
 63786971c42ab70966a56a1767c454b0  2011/x86_64/busybox-static-1.18.4-3.2-mdv2011.0.x86_64.rpm 
 c906766804857a5ba80599610e380675  2011/SRPMS/busybox-1.18.4-3.2.src.rpm

Referenzen