[ubuntu/bionic-security] busybox 1:1.27.2-2ubuntu3.2 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Wed Apr 3 11:44:01 UTC 2019

busybox (1:1.27.2-2ubuntu3.2) bionic-security; urgency=medium

  * SECURITY UPDATE: buffer overflow in wget
    - debian/patches/CVE-2018-1000517.patch: check chunk length in
    - CVE-2018-1000517
  * SECURITY UPDATE: out-of-bounds read in udhcp
    - debian/patches/CVE-2018-20679.patch: check that 4-byte options are
      indeed 4-byte in networking/udhcp/common.*,
      networking/udhcp/dhcpc.c, networking/udhcp/dhcpd.c.
    - CVE-2018-20679
  * SECURITY UPDATE: incomplete fix for out-of-bounds read in udhcp
    - debian/patches/CVE-2019-5747.patch: when decoding DHCP_SUBNET, ensure
      it is 4 bytes long in networking/udhcp/common.*,
    - CVE-2019-5747

Date: 2019-03-07 15:02:43.886411+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Bionic-changes mailing list