Busybox Regression Update for Debian 7 Extended LTS

Debian 9890 Published by

The security update of busybox for Debian GNU/Linux 7 Extended LTS introduced a regression due to an incomplete fix for CVE-2015-9261



Package: busybox
Version: 1:1.20.0-7+deb7u2
Related CVE: CVE-2011-5325 CVE-2015-9261
The security update of busybox announced as ELA-20-1 introduced a regression due to an incomplete fix for CVE-2015-9261. It was no longer possible to decompress gzip archives which exceeded a certain file size.

It was also found that the patch to fix CVE-2011-5325, a symlinking attack, was too strict in case of cpio archives. This update restores the old behavior.

For Debian 7 Wheezy, these problems have been fixed in version 1:1.20.0-7+deb7u2.

We recommend that you upgrade your busybox packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/
  Busybox Regression Update for Debian 7 Extended LTS

GnuPG Security Update for Ubuntu

Intel SSD 660p 1TB SSD Reviews and more

Windows

Linux

macOS

Community

  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...
  • Philipp
    I would try the XanMod kernel: https://xanmod.orgĀ  I ...