Information on source package busybox

Available versions

ReleaseVersion
wheezy1:1.20.0-7
jessie1:1.22.0-9+deb8u1
stretch1:1.22.0-19
buster1:1.27.2-1
sid1:1.27.2-1

Open issues

BugwheezyjessiestretchbustersidDescription
TEMP-0803097-A74121vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)fixedfixedbusybox: pointer misuse unziping files
CVE-2017-16544vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableIn the add_match function in libbb/lineedit.c in BusyBox through ...
CVE-2017-15874fixedfixedfixedvulnerablevulnerablearchival/libarchive/decompress_unlzma.c in BusyBox 1.27.2 has an ...
CVE-2017-15873vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableThe get_next_block function in archival/libarchive/decompress_bunzip2.c ...
CVE-2016-2148vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)fixedfixedHeap-based buffer overflow in the DHCP client (udhcpc) in BusyBox ...
CVE-2016-2147vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)fixedfixedInteger overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 ...
CVE-2014-9645vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedThe add_probe function in modutils/modprobe.c in BusyBox before 1.23.0 ...
CVE-2014-4607vulnerable (no DSA)fixedfixedfixedfixed
CVE-2013-1813vulnerable (no DSA)fixedfixedfixedfixedutil-linux/mdev.c in BusyBox before 1.21.0 uses 0777 permissions for ...
CVE-2011-5325vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)fixedfixedDirectory traversal vulnerability in the BusyBox implementation of tar ...

Open unimportant issues

BugwheezyjessiestretchbustersidDescription
CVE-2016-6301vulnerablevulnerablevulnerablefixedfixedThe recv_and_process_client_pkt function in networking/ntpd.c in ...

Resolved issues

BugDescription
CVE-2011-2716The DHCP client (udhcpc) in BusyBox before 1.20.0 allows remote DHCP ...
CVE-2010-0001Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 ...
CVE-2006-5050Directory traversal vulnerability in httpd in Rob Landley BusyBox ...
CVE-2006-1058BusyBox 1.1.1 does not use a salt when generating passwords, which ...

Security announcements

DSA / DLADescription
DLA-337-1busybox - security update

Search for package or bug name: Reporting problems