SUSE-SU-2022:4260-1

Details

This update for busybox fixes the following issues:

CVE-2014-9645: Fixed loading of unwanted module with / in module names (bsc#914660).
Enable switch_root With this change virtme --force-initramfs works as expected.
Enable udhcpc

Update to 1.35.0:

awk: fix printf %%, fix read beyond end of buffer
Adjust busybox.config for new features in find, date and cpio
chrt: silence analyzer warning
libarchive: remove duplicate forward declaration
mount: 'mount -o rw ....' should not fall back to RO mount
ps: fix -o pid=PID,args interpreting entire 'PID,args' as header
tar: prevent malicious archives with long name sizes causing OOM
udhcpc6: fix udhcp_find_option to actually find DHCP6 options
xxd: fix -p -r
support for new optoins added to basename, cpio, date, find, mktemp, wget and others
Adjust busybox.config for new features in find, date and cpio

Affected Packages

busybox

SUSE Enterprise Storage 6SUSE Enterprise Storage 7SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP1-LTSSSUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS

Fixed in:

1.35.0-150000.4.14.1

busybox-static

SUSE Enterprise Storage 6SUSE Enterprise Storage 7SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP1-LTSSSUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS

Fixed in:

1.35.0-150000.4.14.1

References

REPORT

https://bugzilla.suse.com/1099260

REPORT

https://bugzilla.suse.com/914660

WEB

https://www.suse.com/security/cve/CVE-2014-9645

WEB

https://www.suse.com/security/cve/CVE-2018-1000517

ADVISORY

https://www.suse.com/support/update/announcement/2022/suse-su-20224260-1/