| Errata ID | 441 |
|---|---|
| Date | 2018-08-15 |
| Source package | busybox |
| Fixed in version | 1:1.22.0-9+deb8u4 |
| Description | This update addresses the following issues: * Path traversal via crafted tar file containing symlink (CVE-2011-5325) * unprivileged arbitrary module load via basename abuse (CVE-2014-9645) * Segmentation fault when unzipping specially crafted zip file (CVE-2015-9261) * out of bounds write (heap) due to integer underflow in udhcpc (CVE-2016-2147) * heap-based buffer overflow in OPTION_6RD parsing (CVE-2016-2148) * Integer overflow in the get_next_block function (CVE-2017-15873) * Insufficient sanitization of filenames when autocompleting (CVE-2017-16544) * wget: Heap-based buffer overflow in the retrieve_file_data() function (CVE-2018-1000517) |
| Additional notes | |
| CVE ID | CVE-2011-5325 CVE-2014-9645 CVE-2015-9261 CVE-2016-2147 CVE-2016-2148 CVE-2017-15873 CVE-2017-16544 CVE-2018-1000517 |
| UCS Bug number | #47519 |
