Joined: 12 May 2004
|Posted: Tue Dec 03, 2013 5:26 am Post subject: [ GLSA 201312-02 ] BusyBox: Multiple vulnerabilities
|Gentoo Linux Security Advisory
Title: BusyBox: Multiple vulnerabilities (GLSA 201312-02)
Date: December 03, 2013
Bug(s): #379857, #426504, #461372
Multiple vulnerabilities have been found in BusyBox, allowing
remote attackers to execute arbitrary code or cause a Denial of Service
BusyBox is set of tools for embedded systems and is a replacement for
Vulnerable: < 1.21.0
Unaffected: >= 1.21.0
Architectures: All supported architectures
Multiple vulnerabilities have been discovered in BusyBox. Please review
the CVE identifiers referenced below for details.
A remote attacker could send a specially crafted DHCP request to
possibly execute arbitrary code or cause Denial of Service.
There is no known workaround at this time.
All BusyBox users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=sys-apps/busybox-1.21.0"