busybox 1:1.21.0-1ubuntu1.4 source package in Ubuntu
Changelog
busybox (1:1.21.0-1ubuntu1.4) trusty-security; urgency=medium
* SECURITY UPDATE: directory traversal via tar symlink extraction
- debian/patches/CVE-2011-5325-1.patch: postpone creation of symlinks
with "suspicious" targets in archival/libarchive/data_extract_all.c,
archival/tar.c, archival/tar_symlink_attack, include/bb_archive.h,
testsuite/tar.tests.
- debian/patches/CVE-2011-5325-2.patch: do not extract unsafe symlinks
unless env variable is set in archival/libarchive/Kbuild.src,
archival/libarchive/data_extract_all.c,
archival/libarchive/unsafe_symlink_target.c, archival/tar.c,
include/bb_archive.h, libbb/copy_file.c, testsuite/tar.tests.
- debian/patches/CVE-2011-5325-3.patch: postpone creation of symlinks
with "suspicious" targets in archival/libarchive/data_extract_all.c,
archival/libarchive/unsafe_symlink_target.c, archival/tar.c,
include/bb_archive.h, testsuite/tar.tests.
- debian/patches/CVE-2011-5325-4.patch: extract "unsafe" symlinks
the same way tar/unzip does in archival/cpio.c.
- debian/patches/CVE-2011-5325-5.patch: fix symlink creation in
archival/libarchive/get_header_ar.c.
- CVE-2011-5325
* SECURITY UPDATE: kernel module loading restrictions bypass
- debian/patches/CVE-2014-9645.patch: reject module names with slashes
in modutils/modprobe.c.
- CVE-2014-9645
* SECURITY UPDATE: integer overflow in the DHCP client
- debian/patches/CVE-2016-2147-1.patch: fix a SEGV on malformed
RFC1035-encoded domain name in networking/udhcp/domain_codec.c.
- debian/patches/CVE-2016-2147-2.patch: fix a warning in debug code in
networking/udhcp/domain_codec.c.
- CVE-2016-2147
* SECURITY UPDATE: heap-based buffer overflow in the DHCP client
- debian/patches/CVE-2016-2148.patch: fix OPTION_6RD parsing in
networking/udhcp/common.c, networking/udhcp/dhcpc.c.
- CVE-2016-2148
* SECURITY UPDATE: integer overflow in get_next_block
- debian/patches/CVE-2017-15873.patch: fix runCnt overflow in
archival/libarchive/decompress_bunzip2.c.
- CVE-2017-15873
* SECURITY UPDATE: code execution in tab autocomplete feature
- debian/patches/CVE-2017-16544.patch: check for control characters in
libbb/lineedit.c.
- CVE-2017-16544
* SECURITY UPDATE: DoS in unzip operations
- debian/patches/CVE-2015-9261-1.patch: test for a bad archive in
archival/libarchive/decompress_gunzip.c, added test in
testsuite/unzip.tests.
- debian/patches/CVE-2015-9261-2.patch: further fix decompression code
in archival/libarchive/decompress_gunzip.c, testsuite/unzip.tests.
- CVE-2015-9261
* SECURITY UPDATE: buffer overflow in wget
- debian/patches/CVE-2018-1000517.patch: check chunk length in
networking/wget.c.
- CVE-2018-1000517
* SECURITY UPDATE: out-of-bounds read in udhcp
- debian/patches/CVE-2018-20679.patch: check that 4-byte options are
indeed 4-byte in networking/udhcp/common.*,
networking/udhcp/dhcpc.c, networking/udhcp/dhcpd.c.
- CVE-2018-20679
* SECURITY UPDATE: incomplete fix for out-of-bounds read in udhcp
- debian/patches/CVE-2019-5747.patch: when decoding DHCP_SUBNET, ensure
it is 4 bytes long in networking/udhcp/common.*,
networking/udhcp/dhcpc.c.
- CVE-2019-5747
-- Marc Deslauriers <email address hidden> Wed, 27 Mar 2019 12:49:34 -0400
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Trusty
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any all
- Section:
- utils
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section | |
|---|---|---|---|---|
| Trusty | updates | main | misc | |
| Trusty | security | main | misc |
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| busybox_1.21.0.orig.tar.bz2 | 2.1 MiB | eb9d268627783297f5f459cb9bd61a94e395dc7cb3647e10ec186e0159aa36ed |
| busybox_1.21.0-1ubuntu1.4.debian.tar.gz | 85.2 KiB | e3bec1b48a353370985c660e0684bf17e9d5bb67a085d04908a5b40aff32f282 |
| busybox_1.21.0-1ubuntu1.4.dsc | 2.3 KiB | 953180efaf3b40f5fb143bd392e3f50106385ce43165f6733323f5058d2cdc18 |
Available diffs
Binary packages built by this source
- busybox: Tiny utilities for small and embedded systems
BusyBox combines tiny versions of many common UNIX utilities into a single
small executable. It provides minimalist replacements for the most common
utilities you would usually find on your desktop system (i.e., ls, cp, mv,
mount, tar, etc.). The utilities in BusyBox generally have fewer options than
their full-featured GNU cousins; however, the options that are included
provide the expected functionality and behave very much like their GNU
counterparts.
.
This package installs the BusyBox binary but does not install
symlinks for any of the supported utilities. Some of the utilities
can be used in the system by installing the busybox-syslogd,
busybox-udhcpc or busybox-udhcpd packages.
- busybox-dbgsym: debug symbols for package busybox
BusyBox combines tiny versions of many common UNIX utilities into a single
small executable. It provides minimalist replacements for the most common
utilities you would usually find on your desktop system (i.e., ls, cp, mv,
mount, tar, etc.). The utilities in BusyBox generally have fewer options than
their full-featured GNU cousins; however, the options that are included
provide the expected functionality and behave very much like their GNU
counterparts.
.
This package installs the BusyBox binary but does not install
symlinks for any of the supported utilities. Some of the utilities
can be used in the system by installing the busybox-syslogd,
busybox-udhcpc or busybox-udhcpd packages.
- busybox-initramfs: Standalone shell setup for initramfs
BusyBox combines tiny versions of many common UNIX utilities into a single
small executable. It provides minimalist replacements for the most common
utilities you would usually find on your desktop system (i.e., ls, cp, mv,
mount, tar, etc.). The utilities in BusyBox generally have fewer options than
their full-featured GNU cousins; however, the options that are included
provide the expected functionality and behave very much like their GNU
counterparts.
.
busybox-initramfs provides a simple stand alone shell that provides
only the basic utilities needed for the initramfs.
- busybox-initramfs-dbgsym: debug symbols for package busybox-initramfs
BusyBox combines tiny versions of many common UNIX utilities into a single
small executable. It provides minimalist replacements for the most common
utilities you would usually find on your desktop system (i.e., ls, cp, mv,
mount, tar, etc.). The utilities in BusyBox generally have fewer options than
their full-featured GNU cousins; however, the options that are included
provide the expected functionality and behave very much like their GNU
counterparts.
.
busybox-initramfs provides a simple stand alone shell that provides
only the basic utilities needed for the initramfs.
- busybox-static: Standalone rescue shell with tons of builtin utilities
BusyBox combines tiny versions of many common UNIX utilities into a single
small executable. It provides minimalist replacements for the most common
utilities you would usually find on your desktop system (i.e., ls, cp, mv,
mount, tar, etc.). The utilities in BusyBox generally have fewer options than
their full-featured GNU cousins; however, the options that are included
provide the expected functionality and behave very much like their GNU
counterparts.
.
busybox-static provides you with a statically linked simple stand alone shell
that provides all the utilities available in BusyBox. This package is
intended to be used as a rescue shell, in the event that you screw up your
system. Invoke "busybox sh" and you have a standalone shell ready to save
your system from certain destruction. Invoke "busybox", and it will list the
available builtin commands.
- busybox-static-dbgsym: debug symbols for package busybox-static
BusyBox combines tiny versions of many common UNIX utilities into a single
small executable. It provides minimalist replacements for the most common
utilities you would usually find on your desktop system (i.e., ls, cp, mv,
mount, tar, etc.). The utilities in BusyBox generally have fewer options than
their full-featured GNU cousins; however, the options that are included
provide the expected functionality and behave very much like their GNU
counterparts.
.
busybox-static provides you with a statically linked simple stand alone shell
that provides all the utilities available in BusyBox. This package is
intended to be used as a rescue shell, in the event that you screw up your
system. Invoke "busybox sh" and you have a standalone shell ready to save
your system from certain destruction. Invoke "busybox", and it will list the
available builtin commands.
- busybox-syslogd: Provides syslogd and klogd using busybox
The system log daemon is responsible for providing logging of
messages received from programs and facilities on the local host as
well as from remote hosts.
.
The kernel log daemon listens to kernel message sources and is
responsible for prioritizing and processing operating system
messages.
.
The busybox implementation of the syslogd is particular useful on
embedded, diskless (netboot) or flash disk based systems because it
can use a fixed size ring buffer for logging instead of saving logs
to the disk or sending it to remote logging servers. The ring buffer
can be read using the (also busybox based) command logread.
.
This package provides the glue to the busybox syslogd and klogd to be
used in the system by providing the appropriate symbolic links and
scripts.
- busybox-udeb: Tiny utilities for the debian-installer
BusyBox combines tiny versions of many common UNIX utilities into a single
small executable. It provides minimalist replacements for the most common
utilities you would usually find on your desktop system (i.e., ls, cp, mv,
mount, tar, etc.). The utilities in BusyBox generally have fewer options than
their full-featured GNU cousins; however, the options that are included
provide the expected functionality and behave very much like their GNU
counterparts.
.
busybox-udeb is used by the debian-installer, so unless you are working on
the debian-installer, this package is not for you. Installing this
on your Debian system is a very, very bad idea. You have been warned.
- busybox-udeb-dbgsym: debug symbols for package busybox-udeb
BusyBox combines tiny versions of many common UNIX utilities into a single
small executable. It provides minimalist replacements for the most common
utilities you would usually find on your desktop system (i.e., ls, cp, mv,
mount, tar, etc.). The utilities in BusyBox generally have fewer options than
their full-featured GNU cousins; however, the options that are included
provide the expected functionality and behave very much like their GNU
counterparts.
.
busybox-udeb is used by the debian-installer, so unless you are working on
the debian-installer, this package is not for you. Installing this
on your Debian system is a very, very bad idea. You have been warned.
- udhcpc: Provides the busybox DHCP client implementation
Busybox contains a very small yet fully function RFC compliant DHCP
client formerly known as udhcpc.
.
This package contains the glue to use the busybox udhcpc as DHCP
client in the system by providing the appropriate symbolic links and
scripts.
- udhcpd: Provides the busybox DHCP server implementation
Busybox contains a very small yet fully function RFC compliant DHCP
server formerly known as udhcpd.
.
This package contains the glue to use the busybox udhcpd as DHCP
server in the system by providing the appropriate symbolic links and
scripts.
