Release Info

Advisory: CLSA-2021:1638804058

OS: Ubuntu 16.04 ELS

Public date: 2021-12-06 00:00:00

Project: busybox

Version: 2:1.22.0-15ubuntu1.4+tuxcare.els2

Errata link: https://errata.cloudlinux.com/ubuntu16-els/CLSA-2021-1638804058.html

Changelog

* SECURITY UPDATE: use-after-free in concat op - debian/patches/CVE-awk-use-after-free.patch: second reference to a field reallocs/moves Fields[] array, but first ref still tries to use the element where it was before move. - CVE-2021-42378 - CVE-2021-42379 - CVE-2021-42380 - CVE-2021-42381 - CVE-2021-42382 - CVE-2021-42383 - CVE-2021-42384 - CVE-2021-42385 - CVE-2021-42386 - debian/patches/CVE-awk-printf-buffer-overflow.patch: printf buffer overflow. - No CVE assigned (but mentioned by upstream maintainer as important at http://lists.busybox.net/pipermail/busybox/2021-November/089328.html).

Update

Packages list

busybox_1.22.0-15ubuntu1.4+tuxcare.els2_amd64.deb busybox-initramfs_1.22.0-15ubuntu1.4+tuxcare.els2_amd64.deb busybox-static_1.22.0-15ubuntu1.4+tuxcare.els2_amd64.deb busybox-syslogd_1.22.0-15ubuntu1.4+tuxcare.els2_all.deb udhcpc_1.22.0-15ubuntu1.4+tuxcare.els2_amd64.deb udhcpd_1.22.0-15ubuntu1.4+tuxcare.els2_amd64.deb

CVEs

CVE-2021-42382
CVE-2021-42378
CVE-2021-42384
CVE-2021-42379
CVE-2021-42385
CVE-2021-42381
CVE-2021-42380
CVE-2021-42383
CVE-2021-42386