[ubuntu/noble-security] busybox 1:1.36.1-6ubuntu3.1 (Accepted)

Emilia Torino emilia.torino at canonical.com
Wed Aug 14 18:14:33 UTC 2024


busybox (1:1.36.1-6ubuntu3.1) noble-security; urgency=medium

  * SECURITY UPDATE: stack overflow in ash
    - debian/patches/CVE-2022-48174.patch: error out on number followed by
      another number or variable name in shell/math.c.
    - CVE-2022-48174
  * SECURITY UPDATE: use after free in awk
    - debian/patches/CVE-2023-42364.patch: fix precedence of = relative to ==
      in editors/awk.c.
    - debian/patches/fix-awk-assignment-precedence.patch: restore assignment
      precedence to be lower than ternary ?: in editors/awk.c.
    - CVE-2023-42364, CVE-2023-42365
  * SECURITY UPDATE: use after free in awk
    - debian/patches/CVE-2023-42363.patch: get L.s after R.v is evaluated in
      editors/awk.c.
    - CVE-2023-42363

Date: 2024-08-14 13:33:18.490244+00:00
Changed-By: Octavio Galland <octavio.galland at canonical.com>
Signed-By: Emilia Torino <emilia.torino at canonical.com>
https://launchpad.net/ubuntu/+source/busybox/1:1.36.1-6ubuntu3.1
-------------- next part --------------
Sorry, changesfile not available.


More information about the noble-changes mailing list