Univention Bugzilla – Bug 53037
busybox: Multiple issues (4.4)
Last modified: 2021-04-14 12:06:14 CEST
New Debian busybox 1:1.22.0-19+deb9u2 fixes: This update addresses the following issue: * invalid free or segmentation fault via malformed gzip data (CVE-2021-28831)
--- mirror/ftp/4.4/unmaintained/component/4.4-7-errata/source/busybox_1.22.0-19+deb9u1.dsc +++ apt/ucs_4.4-0-errata4.4-7/source/busybox_1.22.0-19+deb9u2.dsc @@ -1,3 +1,11 @@ +1:1.22.0-19+deb9u2 [Thu, 01 Apr 2021 22:45:20 +0200] Markus Koschany <apo@debian.org>: + + * Non-maintainer upload by the LTS team. + * Fix CVE-2021-28831: + decompress_gunzip.c in BusyBox mishandled the error bit on + the huft_build result pointer, with a resultant invalid free or + segmentation fault, via malformed gzip data. + 1:1.22.0-19+deb9u1 [Mon, 15 Feb 2021 11:42:15 +0100] Markus Koschany <apo@debian.org>: * Non-maintainer upload by the LTS team. <http://piuparts.knut.univention.de/4.4-7/#8122716768349373273>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-7] 8e67428292 Bug #53037: busybox 1:1.22.0-19+deb9u2 doc/errata/staging/busybox.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) [4.4-7] 8ef92895e7 Bug #53037: busybox 1:1.22.0-19+deb9u2 doc/errata/staging/busybox.yaml | 12 ++++++++++++ 1 file changed, 12 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x948>