Overview

File _patchinfo of Package patchinfo.20467

<patchinfo incident="20467">
  <issue tracker="cve" id="2021-28831"/>
  <issue tracker="cve" id="2011-5325"/>
  <issue tracker="cve" id="2018-1000517"/>
  <issue tracker="cve" id="2018-1000500"/>
  <issue tracker="cve" id="2018-20679"/>
  <issue tracker="bnc" id="1099263">VUL-0: CVE-2018-1000500: busybox:  wget: Missing SSL certificate validation</issue>
  <issue tracker="bnc" id="1099260">VUL-0: CVE-2018-1000517:busybox:  Heap-based buffer overflow in the retrieve_file_data() function</issue>
  <issue tracker="bnc" id="951562">VUL-1: CVE-2011-5325: busybox: tar directory traversal</issue>
  <issue tracker="bnc" id="1184522">VUL-0: CVE-2021-28831: busybox: invalid free or segmentation fault via malformed gzip data</issue>
  <issue tracker="bnc" id="1121426">VUL-0: CVE-2018-20679: busybox: out of bounds read in udhcp</issue>
  <packager>eeich</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for busybox</summary>
  <description>This update for busybox fixes the following issues:

- CVE-2021-28831: Fixed invalid free or segmentation fault via malformed gzip data (bsc#1184522).
- CVE-2018-20679: Fixed out of bounds read in udhcp (bsc#1121426).
- CVE-2018-1000517: Fixed buffer overflow in the retrieve_file_data() (bsc#1099260).
- CVE-2011-5325: Fixed a directory traversal related to 'tar' command (bsc#951562).
- CVE-2018-1000500: Fixed missing SSL certificate validation related to the 'wget' command (bsc#1099263).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places