Joined: 12 May 2004
|Posted: Sun Dec 04, 2016 7:26 am Post subject: [ GLSA 201612-04 ] BusyBox
|Gentoo Linux Security Advisory
Title: BusyBox: Multiple vulnerabilities (GLSA 201612-04)
Exploitable: local, remote
Date: December 04, 2016
Bug(s): #564246, #577610
Multiple vulnerabilities have been found in BusyBox, the worst of
which allows remote attackers to execute arbitrary code.
BusyBox is a set of tools for embedded systems and is a replacement for
Vulnerable: < 1.24.2
Unaffected: >= 1.24.2
Architectures: All supported architectures
Multiple vulnerabilities have been discovered in BusyBox. Please review
the CVE identifiers referenced below for details.
A remote attacker could possibly execute arbitrary code with the
privileges of the process, or cause a Denial of Service condition.
There is no known workaround at this time. However, on Gentoo, the
remote code execution vulnerability can be avoided if you don’t use
BusyBox’s udhcpc or build the package without the “ipv6” USE flag
All BusyBox users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=sys-apps/busybox-1.24.2"