busybox 1:1.27.2-1ubuntu4 source package in Ubuntu

Changelog

busybox (1:1.27.2-1ubuntu4) bionic; urgency=medium

  * SECURITY UPDATE: directory traversal via tar symlink extraction
    - debian/patches/CVE-2011-5325-2.patch: do not extract unsafe symlinks
      unless env variable is set in archival/libarchive/Kbuild.src,
      archival/libarchive/data_extract_all.c,
      archival/libarchive/unsafe_symlink_target.c, archival/tar.c,
      coreutils/link.c, include/bb_archive.h, libbb/copy_file.c,
      testsuite/tar.tests.
    - CVE-2011-5325
  * SECURITY UPDATE: integer overflow in get_next_block
    - debian/patches/CVE-2017-15873.patch: fix runCnt overflow in
      archival/libarchive/decompress_bunzip2.c.
    - CVE-2017-15873
  * SECURITY UPDATE: integer underflow in unlzma
    - debian/patches/CVE-2017-15874.patch: add another check to
      archival/libarchive/decompress_unlzma.c.
    - CVE-2017-15874
  * SECURITY UPDATE: code execution in tab autocomplete feature
    - debian/patches/CVE-2017-16544.patch: check for control characters in
      libbb/lineedit.c.
    - CVE-2017-16544

 -- Marc Deslauriers <email address hidden>  Fri, 24 Nov 2017 12:55:21 -0500

Upload details

Uploaded by:
Marc Deslauriers
Uploaded to:
Bionic
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
misc
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
busybox_1.27.2.orig.tar.bz2 2.1 MiB 9d4be516b61e6480f156b11eb42577a13529f75d3383850bb75c50c285de63df
busybox_1.27.2-1ubuntu4.debian.tar.xz 61.1 KiB 28cfede4c428c7990fe850bcf32d1cc0d905eece324834ebbc6424db3a839dff
busybox_1.27.2-1ubuntu4.dsc 2.3 KiB 00f994c593d44eee95328fef01e9b53df3ad92a880831326b233ee8de4c41c82

View changes file

Binary packages built by this source

busybox: Tiny utilities for small and embedded systems

 BusyBox combines tiny versions of many common UNIX utilities into a single
 small executable. It provides minimalist replacements for the most common
 utilities you would usually find on your desktop system (i.e., ls, cp, mv,
 mount, tar, etc.). The utilities in BusyBox generally have fewer options than
 their full-featured GNU cousins; however, the options that are included
 provide the expected functionality and behave very much like their GNU
 counterparts.
 .
 This package installs the BusyBox binary but does not install
 symlinks for any of the supported utilities. Some of the utilities
 can be used in the system by installing the busybox-syslogd,
 busybox-udhcpc or busybox-udhcpd packages.

busybox-dbgsym: debug symbols for busybox
busybox-initramfs: Standalone shell setup for initramfs

 BusyBox combines tiny versions of many common UNIX utilities into a single
 small executable. It provides minimalist replacements for the most common
 utilities you would usually find on your desktop system (i.e., ls, cp, mv,
 mount, tar, etc.). The utilities in BusyBox generally have fewer options than
 their full-featured GNU cousins; however, the options that are included
 provide the expected functionality and behave very much like their GNU
 counterparts.
 .
 busybox-initramfs provides a simple stand alone shell that provides
 only the basic utilities needed for the initramfs.

busybox-initramfs-dbgsym: debug symbols for busybox-initramfs
busybox-static: Standalone rescue shell with tons of builtin utilities

 BusyBox combines tiny versions of many common UNIX utilities into a single
 small executable. It provides minimalist replacements for the most common
 utilities you would usually find on your desktop system (i.e., ls, cp, mv,
 mount, tar, etc.). The utilities in BusyBox generally have fewer options than
 their full-featured GNU cousins; however, the options that are included
 provide the expected functionality and behave very much like their GNU
 counterparts.
 .
 busybox-static provides you with a statically linked simple stand alone shell
 that provides all the utilities available in BusyBox. This package is
 intended to be used as a rescue shell, in the event that you screw up your
 system. Invoke "busybox sh" and you have a standalone shell ready to save
 your system from certain destruction. Invoke "busybox", and it will list the
 available builtin commands.

busybox-static-dbgsym: debug symbols for busybox-static
busybox-syslogd: Provides syslogd and klogd using busybox

 The system log daemon is responsible for providing logging of
 messages received from programs and facilities on the local host as
 well as from remote hosts.
 .
 The kernel log daemon listens to kernel message sources and is
 responsible for prioritizing and processing operating system
 messages.
 .
 The busybox implementation of the syslogd is particular useful on
 embedded, diskless (netboot) or flash disk based systems because it
 can use a fixed size ring buffer for logging instead of saving logs
 to the disk or sending it to remote logging servers. The ring buffer
 can be read using the (also busybox based) command logread.
 .
 This package provides the glue to the busybox syslogd and klogd to be
 used in the system by providing the appropriate symbolic links and
 scripts.

busybox-udeb: Tiny utilities for the debian-installer

 BusyBox combines tiny versions of many common UNIX utilities into a single
 small executable. It provides minimalist replacements for the most common
 utilities you would usually find on your desktop system (i.e., ls, cp, mv,
 mount, tar, etc.). The utilities in BusyBox generally have fewer options than
 their full-featured GNU cousins; however, the options that are included
 provide the expected functionality and behave very much like their GNU
 counterparts.
 .
 busybox-udeb is used by the debian-installer, so unless you are working on
 the debian-installer, this package is not for you. Installing this
 on your Debian system is a very, very bad idea. You have been warned.

udhcpc: Provides the busybox DHCP client implementation

 Busybox contains a very small yet fully functional RFC compliant DHCP
 client formerly known as udhcpc.
 .
 This package contains the glue to use the busybox udhcpc as DHCP
 client in the system by providing the appropriate symbolic links and
 scripts.

udhcpd: Provides the busybox DHCP server implementation

 Busybox contains a very small yet fully function RFC compliant DHCP
 server formerly known as udhcpd.
 .
 This package contains the glue to use the busybox udhcpd as DHCP
 server in the system by providing the appropriate symbolic links and
 scripts.