MDVSA-2012:129-1
- Package name
- busybox
- Date
- 2012-08-10
- Advisory ID
- MDVSA-2012:129-1
- Affected versions
- 2011 i586 , 2011 x86_64
Problem description
Multiple vulnerabilities was found and corrected in busybox:
The decompress function in ncompress allows remote attackers to cause
a denial of service (crash), and possibly execute arbitrary code,
via crafted data that leads to a buffer underflow (CVE-2006-1168).
A missing DHCP option checking / sanitization flaw was reported for
multiple DHCP clients. This flaw may allow DHCP server to trick DHCP
clients to set e.g. system hostname to a specially crafted value
containing shell special characters. Various scripts assume that
hostname is trusted, which may lead to code execution when hostname
is specially crafted (CVE-2011-2716).
Additionally for Mandriva Enterprise Server 5 various problems in
the ka-deploy and uClibc packages was discovered and fixed with
this advisory.
The updated packages have been patched to correct these issues.
Update:
The wrong set of packages was sent out with the MDVSA-2012:129 advisory
that lacked the fix for CVE-2006-1168. This advisory provides the
correct packages.
Updated packages
2011 i586
bf11b9be27bee497a7033176f75786eb 2011/i586/busybox-1.18.4-3.2-mdv2011.0.i586.rpm a00544fb8799067f766cf8aa480d4e69 2011/i586/busybox-static-1.18.4-3.2-mdv2011.0.i586.rpm c906766804857a5ba80599610e380675 2011/SRPMS/busybox-1.18.4-3.2.src.rpm
2011 x86_64
af067c810ef4efc245b3de0cdf1e0d36 2011/x86_64/busybox-1.18.4-3.2-mdv2011.0.x86_64.rpm 63786971c42ab70966a56a1767c454b0 2011/x86_64/busybox-static-1.18.4-3.2-mdv2011.0.x86_64.rpm c906766804857a5ba80599610e380675 2011/SRPMS/busybox-1.18.4-3.2.src.rpm