Overview

File _patchinfo of Package patchinfo.26890

<patchinfo incident="26890">
  <issue tracker="cve" id="2022-30065"/>
  <issue tracker="cve" id="2014-9645"/>
  <issue tracker="bnc" id="914660">VUL-0: CVE-2014-9645: busybox: strips of / in module names that can lead to loading unwanted modules</issue>
  <issue tracker="bnc" id="1199744">VUL-0: CVE-2022-30065: busybox: use-after-free in the AWK applet</issue>
  <packager>radolin</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for busybox</summary>
  <description>This update for busybox fixes the following issues:

- CVE-2022-30065: Fixed use-after-free in the AWK applet (bsc#1199744). 
- CVE-2014-9645: Fixed loading of unwanted module with / in module names (bsc#914660).

- Update to 1.35.0 also introduced:
  - awk: fix printf %%, fix read beyond end of buffer
  - chrt: silence analyzer warning
  - libarchive: remove duplicate forward declaration
  - mount: "mount -o rw ...." should not fall back to RO mount
  - ps: fix -o pid=PID,args interpreting entire "PID,args" as header
  - tar: prevent malicious archives with long name sizes causing OOM
  - udhcpc6: fix udhcp_find_option to actually find DHCP6 options
  - xxd: fix -p -r
  - support for new optoins added to basename, cpio, date, find, 
    mktemp, wget and others
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places