| |||||||||||||||||||
Mageia alert MGASA-2012-0172 (busybox)
MGASA-2012-0172 Date: July 19th, 2012 Affected releases: 2 Description: Updated busybox packages fix security vulnerability: The BusyBox DHCP client, udhcpc, did not sufficiently sanitize certain options provided in DHCP server replies, such as the client hostname. A malicious DHCP server could send such an option with a specially-crafted value to a DHCP client. If this option's value was saved on the client system, and then later insecurely evaluated by a process that assumes the option is trusted, it could lead to arbitrary code execution with the privileges of that process. Note: udhcpc is not used on Red Hat Enterprise Linux by default, and no DHCP client script is provided with the busybox packages (CVE-2011-2716). Additionally, build issues with Linux kernel 3.3 have been fixed. Updated Packages: busybox-1.19.3-1.1.mga2 busybox-static-1.19.3-1.1.mga2 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2716 https://rhn.redhat.com/errata/RHSA-2012-0810.html https://bugs.mageia.org/show_bug.cgi?id=6673 https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-... (Log in to post comments)
|
|||||||||||||||||||