Security update for busybox
This update for busybox fixes the following issues:
- CVE-2021-28831: Fixed invalid free or segmentation fault via malformed gzip data (bsc#1184522).
- CVE-2018-20679: Fixed out of bounds read in udhcp (bsc#1121426).
- CVE-2018-1000517: Fixed buffer overflow in the retrieve_file_data() (bsc#1099260).
- CVE-2011-5325: Fixed a directory traversal related to 'tar' command (bsc#951562).
- CVE-2018-1000500: Fixed missing SSL certificate validation related to the 'wget' command (bsc#1099263).
This update was imported from the SUSE:SLE-15:Update update project.
-
Submitted by
Egbert Eich (eeich)
Fixed bugs
bnc#1099263
VUL-0: CVE-2018-1000500: busybox: wget: Missing SSL certificate validation
bnc#1099260
VUL-0: CVE-2018-1000517:busybox: Heap-based buffer overflow in the retrieve_file_data() function
bnc#951562
VUL-1: CVE-2011-5325: busybox: tar directory traversal
bnc#1184522
VUL-0: CVE-2021-28831: busybox: invalid free or segmentation fault via malformed gzip data
bnc#1121426
VUL-0: CVE-2018-20679: busybox: out of bounds read in udhcp
