Format: 1.8 Date: Thu, 30 Nov 2017 09:01:18 -0500 Source: busybox Binary: busybox busybox-static busybox-initramfs busybox-udeb busybox-syslogd udhcpc udhcpd Architecture: s390x Version: 1:1.22.0-19ubuntu2.17.04.2 Distribution: zesty Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: busybox - Tiny utilities for small and embedded systems busybox-initramfs - Standalone shell setup for initramfs busybox-static - Standalone rescue shell with tons of builtin utilities busybox-syslogd - Provides syslogd and klogd using busybox busybox-udeb - Tiny utilities for the debian-installer (udeb) udhcpc - Provides the busybox DHCP client implementation udhcpd - Provides the busybox DHCP server implementation Changes: busybox (1:1.22.0-19ubuntu2.17.04.2) zesty-security; urgency=medium . * SECURITY UPDATE: directory traversal via tar symlink extraction - debian/patches/CVE-2011-5325-1.patch: postpone creation of symlinks with "suspicious" targets in archival/libarchive/data_extract_all.c, archival/tar.c, archival/tar_symlink_attack, include/bb_archive.h, testsuite/tar.tests. - debian/patches/CVE-2011-5325-2.patch: do not extract unsafe symlinks unless env variable is set in archival/libarchive/Kbuild.src, archival/libarchive/data_extract_all.c, archival/libarchive/unsafe_symlink_target.c, archival/tar.c, include/bb_archive.h, libbb/copy_file.c, testsuite/tar.tests. - CVE-2011-5325 * SECURITY UPDATE: integer overflow in the DHCP client - debian/patches/CVE-2016-2147-1.patch: fix a SEGV on malformed RFC1035-encoded domain name in networking/udhcp/domain_codec.c. - debian/patches/CVE-2016-2147-2.patch: fix a warning in debug code in networking/udhcp/domain_codec.c. - CVE-2016-2147 * SECURITY UPDATE: heap-based buffer overflow in the DHCP client - debian/patches/CVE-2016-2148.patch: fix OPTION_6RD parsing in networking/udhcp/common.c, networking/udhcp/dhcpc.c. - CVE-2016-2148 * SECURITY UPDATE: integer overflow in get_next_block - debian/patches/CVE-2017-15873.patch: fix runCnt overflow in archival/libarchive/decompress_bunzip2.c. - CVE-2017-15873 * SECURITY UPDATE: code execution in tab autocomplete feature - debian/patches/CVE-2017-16544.patch: check for control characters in libbb/lineedit.c. - CVE-2017-16544 * debian/rules: fix nocheck test so test suite gets run during build and set SKIP_INTERNET_TESTS=y. Checksums-Sha1: b239d7e0560dcfe31cc4508b65c8709ebb6660a3 936954 busybox-dbgsym_1.22.0-19ubuntu2.17.04.2_s390x.ddeb 20c3c408dfe0c250340f9147d4aaf283203661d8 508934 busybox-initramfs-dbgsym_1.22.0-19ubuntu2.17.04.2_s390x.ddeb 3c9b89d4ba9bea60037dd79a227ac38fc5389819 180142 busybox-initramfs_1.22.0-19ubuntu2.17.04.2_s390x.deb 3d4d7e076d97f9dbdaa52cf863607c393f890126 1078206 busybox-static-dbgsym_1.22.0-19ubuntu2.17.04.2_s390x.ddeb 2837ee74c38388cb9858dd1f369a32b7fb10fdac 787932 busybox-static_1.22.0-19ubuntu2.17.04.2_s390x.deb 481dd061771b2f7b6bf1f6aec6441e9654196b43 561404 busybox-udeb-dbgsym_1.22.0-19ubuntu2.17.04.2_s390x.ddeb fa93bbb3bc0d98053f97eab7ef46db08d2db4454 184188 busybox-udeb_1.22.0-19ubuntu2.17.04.2_s390x.udeb aacc004ca10f5276a3a5a63d03a3e5b18def396e 379340 busybox_1.22.0-19ubuntu2.17.04.2_s390x.deb 66b01720dade73ca523ff6ee0eb11bd7524e3b86 2874 udhcpc_1.22.0-19ubuntu2.17.04.2_s390x.deb 55f54c040bdbc9416b40b3a76da324d580f06145 5626 udhcpd_1.22.0-19ubuntu2.17.04.2_s390x.deb Checksums-Sha256: 9d9e9c6b0e89067e89f9e8df5a10485bf54391e511083e5a728ecc0ab412c207 936954 busybox-dbgsym_1.22.0-19ubuntu2.17.04.2_s390x.ddeb b3bd00297d169ca2e7e4716bc096a35e7f6351605beadfed8fe7579c44a8f2b2 508934 busybox-initramfs-dbgsym_1.22.0-19ubuntu2.17.04.2_s390x.ddeb 27c65d722cc9de620b94de4a7acd50a46f1d5189842525c5b10b4fedb3194f55 180142 busybox-initramfs_1.22.0-19ubuntu2.17.04.2_s390x.deb 5c40abc52fda8beea285289f2bb01b42bdf89021627cc00a30e14bd2847c918a 1078206 busybox-static-dbgsym_1.22.0-19ubuntu2.17.04.2_s390x.ddeb a9923575470d074a55aacee893963ca4e7f6db2d0d0191ed73765bfd7fb89c46 787932 busybox-static_1.22.0-19ubuntu2.17.04.2_s390x.deb 2b0647b6cab98b68773c7caafa3b1c29adfc1e63db4411796f8b2187ae57a6d1 561404 busybox-udeb-dbgsym_1.22.0-19ubuntu2.17.04.2_s390x.ddeb 13d99ded6dee9e8f25bfc36d610ad4bda3f4b0c6a3b56fd2d05268ddebaa7475 184188 busybox-udeb_1.22.0-19ubuntu2.17.04.2_s390x.udeb 6e818eb31b3b1d5533fa54d1abf6e4972627776c1c2093441f7e7641df7cc05a 379340 busybox_1.22.0-19ubuntu2.17.04.2_s390x.deb 7159f91f3642fe298cc139fb172bb70d60e5ca318f76f88b6d7c2533d1fbc1a5 2874 udhcpc_1.22.0-19ubuntu2.17.04.2_s390x.deb cd6ecf5f85d54918297b3ba385f52adf56a628b6e2d956227fe37a168e043251 5626 udhcpd_1.22.0-19ubuntu2.17.04.2_s390x.deb Files: b25e96db5d40ffc8853776b6741835f1 936954 utils extra busybox-dbgsym_1.22.0-19ubuntu2.17.04.2_s390x.ddeb 1648fbd47d33a3694e1a10bf7b95d865 508934 shells extra busybox-initramfs-dbgsym_1.22.0-19ubuntu2.17.04.2_s390x.ddeb 20f8e0d214b161dff2738dc4197ca6bd 180142 shells optional busybox-initramfs_1.22.0-19ubuntu2.17.04.2_s390x.deb 78e773d7f422a5ed9eb526d30506fe21 1078206 shells extra busybox-static-dbgsym_1.22.0-19ubuntu2.17.04.2_s390x.ddeb 36227d82816582262535debe642d4b0e 787932 shells extra busybox-static_1.22.0-19ubuntu2.17.04.2_s390x.deb 1b81f55683d688808d7d7ae8f4adbb9f 561404 debian-installer extra busybox-udeb-dbgsym_1.22.0-19ubuntu2.17.04.2_s390x.ddeb 62f8c50198c486b0741869b815f42131 184188 debian-installer extra busybox-udeb_1.22.0-19ubuntu2.17.04.2_s390x.udeb 7a4a5a83f2f08f141d0c92cebce7c9ce 379340 utils optional busybox_1.22.0-19ubuntu2.17.04.2_s390x.deb 6dea996b02f8ee3b03e5f788ecb23c71 2874 net optional udhcpc_1.22.0-19ubuntu2.17.04.2_s390x.deb d4cb77bce661bef4231c6660a08a1ac0 5626 net optional udhcpd_1.22.0-19ubuntu2.17.04.2_s390x.deb Original-Maintainer: Debian Install System Team