[ubuntu/bionic-proposed] busybox 1:1.27.2-1ubuntu4 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Fri Nov 24 18:29:15 UTC 2017 

busybox (1:1.27.2-1ubuntu4) bionic; urgency=medium

  * SECURITY UPDATE: directory traversal via tar symlink extraction
    - debian/patches/CVE-2011-5325-2.patch: do not extract unsafe symlinks
      unless env variable is set in archival/libarchive/Kbuild.src,
      archival/libarchive/data_extract_all.c,
      archival/libarchive/unsafe_symlink_target.c, archival/tar.c,
      coreutils/link.c, include/bb_archive.h, libbb/copy_file.c,
      testsuite/tar.tests.
    - CVE-2011-5325
  * SECURITY UPDATE: integer overflow in get_next_block
    - debian/patches/CVE-2017-15873.patch: fix runCnt overflow in
      archival/libarchive/decompress_bunzip2.c.
    - CVE-2017-15873
  * SECURITY UPDATE: integer underflow in unlzma
    - debian/patches/CVE-2017-15874.patch: add another check to
      archival/libarchive/decompress_unlzma.c.
    - CVE-2017-15874
  * SECURITY UPDATE: code execution in tab autocomplete feature
    - debian/patches/CVE-2017-16544.patch: check for control characters in
      libbb/lineedit.c.
    - CVE-2017-16544

Date: Fri, 24 Nov 2017 12:55:21 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/busybox/1:1.27.2-1ubuntu4
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 24 Nov 2017 12:55:21 -0500
Source: busybox
Binary: busybox busybox-static busybox-initramfs busybox-udeb busybox-syslogd udhcpc udhcpd
Architecture: source
Version: 1:1.27.2-1ubuntu4
Distribution: bionic
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
 busybox    - Tiny utilities for small and embedded systems
 busybox-initramfs - Standalone shell setup for initramfs
 busybox-static - Standalone rescue shell with tons of builtin utilities
 busybox-syslogd - Provides syslogd and klogd using busybox
 busybox-udeb - Tiny utilities for the debian-installer (udeb)
 udhcpc     - Provides the busybox DHCP client implementation
 udhcpd     - Provides the busybox DHCP server implementation
Changes:
 busybox (1:1.27.2-1ubuntu4) bionic; urgency=medium
 .
   * SECURITY UPDATE: directory traversal via tar symlink extraction
     - debian/patches/CVE-2011-5325-2.patch: do not extract unsafe symlinks
       unless env variable is set in archival/libarchive/Kbuild.src,
       archival/libarchive/data_extract_all.c,
       archival/libarchive/unsafe_symlink_target.c, archival/tar.c,
       coreutils/link.c, include/bb_archive.h, libbb/copy_file.c,
       testsuite/tar.tests.
     - CVE-2011-5325
   * SECURITY UPDATE: integer overflow in get_next_block
     - debian/patches/CVE-2017-15873.patch: fix runCnt overflow in
       archival/libarchive/decompress_bunzip2.c.
     - CVE-2017-15873
   * SECURITY UPDATE: integer underflow in unlzma
     - debian/patches/CVE-2017-15874.patch: add another check to
       archival/libarchive/decompress_unlzma.c.
     - CVE-2017-15874
   * SECURITY UPDATE: code execution in tab autocomplete feature
     - debian/patches/CVE-2017-16544.patch: check for control characters in
       libbb/lineedit.c.
     - CVE-2017-16544
Checksums-Sha1:
 cbd2af2379aa6d3024a47b8eabc91f095e4aa5ae 2389 busybox_1.27.2-1ubuntu4.dsc
 a65eca01e14e4ff646ea9dc1f709151f178fa02c 62540 busybox_1.27.2-1ubuntu4.debian.tar.xz
 83e567e9f582878f72ed63b6738eb840f734e982 5625 busybox_1.27.2-1ubuntu4_source.buildinfo
Checksums-Sha256:
 00f994c593d44eee95328fef01e9b53df3ad92a880831326b233ee8de4c41c82 2389 busybox_1.27.2-1ubuntu4.dsc
 28cfede4c428c7990fe850bcf32d1cc0d905eece324834ebbc6424db3a839dff 62540 busybox_1.27.2-1ubuntu4.debian.tar.xz
 131fe26fe7317c2a4fbe8827522a897dc90fa7f4cef90ec25e29ced173cd97ec 5625 busybox_1.27.2-1ubuntu4_source.buildinfo
Files:
 35e5f90023645c361037c62c594ddd81 2389 utils optional busybox_1.27.2-1ubuntu4.dsc
 dc4203cd1021ddbda6142786183453b4 62540 utils optional busybox_1.27.2-1ubuntu4.debian.tar.xz
 1dfa20f91478b1fd010918e108477049 5625 utils optional busybox_1.27.2-1ubuntu4_source.buildinfo
Original-Maintainer: Debian Install System Team <debian-boot at lists.debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJaGGRdAAoJEGVp2FWnRL6To5AP/iq0TVwnAE4xd+gq2P53tLCM
OCbEVqZZxj1uOGEWeFWwW/MsTf/ovI8TGOFlh+pVeIqWbrcpK0/hrBqNtvQJ+qvZ
n3SfAVvae6WfRg+3yDIe4NMeHgizWUfkAsYm8W4X3Eh11mbX97KmET1+LLJHnpmY
hWJ8h658QaOd+oqavd8qxZlxSbsZQKoMu5pO3Pbg6D2aQpvXHK2EwzmK/gUE/ACB
1KXRfAkY7dG6XtrxAGiNAEU67NuRu6Ydi3rIlylOc0ne6nGUfCnHikXuS912aPSr
KWlrY9O3KKfSlzaGAhXWFwDz6vjb3cowyFDyU3nlZEmDxnOs/yw5rFIaYas49ubR
X7+Kp6wXVOp0oIfcTZiEj5pRVCHjxZNI3cKkGkbNkD2lWPpvLGJG/UUcBvH+DGdU
GVKjnSrSIF0mIZN/QCvboTrr5XpjC2tN8cVvkaWLLsBYCWjvuOiYkAloKqbC0hQz
KR5LJP56oShgHE+f47yhePt+8zF3+4MG/NPF5Emulpx3GBWMEDz2MmSqwjvFhaqk
boq23iJNhPipeL/pZYRmKVaGY35gov2FJrDJEjdFe+EHVjs3k+K+L4oLHsbrasEg
ilgM5pMG5OOxCqct6wfiHQ3ireRok2HUFdErjoMr7kfmqsfkCReO4Syvg+frP3h+
nxTkO5rr771PZ9EaeBlP
=GRiL
-----END PGP SIGNATURE-----

More information about the Bionic-changes mailing list