Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2011-5325 (GCVE-0-2011-5325)
Vulnerability from cvelistv5 – Published: 2017-08-07 17:00 – Updated: 2024-08-07 00:30
VLAI?
EPSS
Summary
Directory traversal vulnerability in the BusyBox implementation of tar before 1.22.0 v5 allows remote attackers to point to files outside the current working directory via a symlink.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2015/10/21/7 | mailing-listx_refsource_MLIST |
| https://bugzilla.redhat.com/show_bug.cgi?id=1274215 | x_refsource_CONFIRM |
| https://lists.debian.org/debian-lts-announce/2018… | mailing-listx_refsource_MLIST |
| https://usn.ubuntu.com/3935-1/ | vendor-advisoryx_refsource_UBUNTU |
| http://seclists.org/fulldisclosure/2019/Jun/18 | mailing-listx_refsource_FULLDISC |
| https://seclists.org/bugtraq/2019/Jun/14 | mailing-listx_refsource_BUGTRAQ |
| http://packetstormsecurity.com/files/153278/WAGO-… | x_refsource_MISC |
| http://seclists.org/fulldisclosure/2020/Aug/20 | mailing-listx_refsource_FULLDISC |
| https://lists.debian.org/debian-lts-announce/2021… | mailing-listx_refsource_MLIST |
Date Public ?
2011-01-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:30:47.187Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20151021 Re: CVE Request: BusyBox tar directory traversal",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/10/21/7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274215"
},
{
"name": "[debian-lts-announce] 20180727 [SECURITY] [DLA 1445-1] busybox security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html"
},
{
"name": "USN-3935-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3935-1/"
},
{
"name": "20190612 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Jun/18"
},
{
"name": "20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jun/14"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html"
},
{
"name": "20200827 SEC Consult SA-20200827-0 :: Multiple Vulnerabilities in ZTE mobile Hotspot MS910S",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Aug/20"
},
{
"name": "[debian-lts-announce] 20210215 [SECURITY] [DLA 2559-1] busybox security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-01-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the BusyBox implementation of tar before 1.22.0 v5 allows remote attackers to point to files outside the current working directory via a symlink."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-15T13:06:15.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20151021 Re: CVE Request: BusyBox tar directory traversal",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/10/21/7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274215"
},
{
"name": "[debian-lts-announce] 20180727 [SECURITY] [DLA 1445-1] busybox security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html"
},
{
"name": "USN-3935-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3935-1/"
},
{
"name": "20190612 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Jun/18"
},
{
"name": "20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Jun/14"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html"
},
{
"name": "20200827 SEC Consult SA-20200827-0 :: Multiple Vulnerabilities in ZTE mobile Hotspot MS910S",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Aug/20"
},
{
"name": "[debian-lts-announce] 20210215 [SECURITY] [DLA 2559-1] busybox security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00020.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5325",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the BusyBox implementation of tar before 1.22.0 v5 allows remote attackers to point to files outside the current working directory via a symlink."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20151021 Re: CVE Request: BusyBox tar directory traversal",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/10/21/7"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1274215",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274215"
},
{
"name": "[debian-lts-announce] 20180727 [SECURITY] [DLA 1445-1] busybox security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html"
},
{
"name": "USN-3935-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3935-1/"
},
{
"name": "20190612 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Jun/18"
},
{
"name": "20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Jun/14"
},
{
"name": "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html"
},
{
"name": "20200827 SEC Consult SA-20200827-0 :: Multiple Vulnerabilities in ZTE mobile Hotspot MS910S",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2020/Aug/20"
},
{
"name": "[debian-lts-announce] 20210215 [SECURITY] [DLA 2559-1] busybox security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00020.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-5325",
"datePublished": "2017-08-07T17:00:00.000Z",
"dateReserved": "2015-10-21T00:00:00.000Z",
"dateUpdated": "2024-08-07T00:30:47.187Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2011-5325",
"date": "2026-05-19",
"epss": "0.03772",
"percentile": "0.8818"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:busybox:busybox:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.21.1\", \"matchCriteriaId\": \"D45EC56E-100F-4476-920D-97CA409D55B7\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*\", \"matchCriteriaId\": \"815D70A8-47D3-459C-A32C-9FEACA0659D1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07C312A0-CD2C-4B9C-B064-6409B25C278F\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Directory traversal vulnerability in the BusyBox implementation of tar before 1.22.0 v5 allows remote attackers to point to files outside the current working directory via a symlink.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad de salto de directorio en la implementaci\\u00f3n de tar en BusyBox en versiones anteriores a 1.22.0 v5 permite que atacantes remotos apunten a archivos situados fuera del actual directorio de trabajo a trav\\u00e9s de un symlink.\"}]",
"id": "CVE-2011-5325",
"lastModified": "2024-11-21T01:34:09.220",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:P/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2017-08-07T17:29:00.220",
"references": "[{\"url\": \"http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2019/Jun/18\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2020/Aug/20\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2015/10/21/7\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1274215\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2021/02/msg00020.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://seclists.org/bugtraq/2019/Jun/14\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/3935-1/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2019/Jun/18\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2020/Aug/20\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2015/10/21/7\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1274215\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2021/02/msg00020.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://seclists.org/bugtraq/2019/Jun/14\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/3935-1/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-22\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2011-5325\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2017-08-07T17:29:00.220\",\"lastModified\":\"2026-05-13T00:24:29.033\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Directory traversal vulnerability in the BusyBox implementation of tar before 1.22.0 v5 allows remote attackers to point to files outside the current working directory via a symlink.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de salto de directorio en la implementaci\u00f3n de tar en BusyBox en versiones anteriores a 1.22.0 v5 permite que atacantes remotos apunten a archivos situados fuera del actual directorio de trabajo a trav\u00e9s de un symlink.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.21.1\",\"matchCriteriaId\":\"D45EC56E-100F-4476-920D-97CA409D55B7\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*\",\"matchCriteriaId\":\"815D70A8-47D3-459C-A32C-9FEACA0659D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07C312A0-CD2C-4B9C-B064-6409B25C278F\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://seclists.org/fulldisclosure/2019/Jun/18\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2020/Aug/20\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2015/10/21/7\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1274215\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/02/msg00020.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://seclists.org/bugtraq/2019/Jun/14\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3935-1/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://seclists.org/fulldisclosure/2019/Jun/18\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2020/Aug/20\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2015/10/21/7\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1274215\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/02/msg00020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://seclists.org/bugtraq/2019/Jun/14\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3935-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
BDU:2021-03339
Vulnerability from fstec - Published: 04.01.2011
VLAI Severity ?
Title
Уязвимость набора UNIX-утилит командной строки BusyBox, связанная с некорректным ограничением имени пути к каталогу, позволяющая нарушителю оказать воздействие на целостность данных
Description
Уязвимость набора UNIX-утилит командной строки BusyBox связана с некорректным ограничением имени пути к каталогу. Эксплуатация уязвимости позволяет нарушителю, действующему удаленно, оказать воздействие на целостность данных с помощью символической ссылки
Severity ?
Vendor
Сообщество свободного программного обеспечения, ООО «РусБИТех-Астра», АО "НППКТ", АО «Концерн ВНИИНС»
Software Name
Debian GNU/Linux, Astra Linux Special Edition (запись в едином реестре российских программ №369), Astra Linux Special Edition для «Эльбрус» (запись в едином реестре российских программ №11156), BusyBox, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913), ОС ОН «Стрелец» (запись в едином реестре российских программ №6177)
Software Version
9 (Debian GNU/Linux), 1.6 «Смоленск» (Astra Linux Special Edition), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), 8.1 «Ленинград» (Astra Linux Special Edition для «Эльбрус»), до 1.21.1 включительно (BusyBox), до 2.4.3 (ОСОН ОСнова Оnyx), до 16.01.2023 (ОС ОН «Стрелец»)
Possible Mitigations
Использование рекомендаций:
Для BusyBox:
использование рекомендаций производителя: https://bugs.busybox.net/show_bug.cgi?id=8411
Для ОС Debian:
использование рекомендаций производителя: https://security-tracker.debian.org/tracker/CVE-2011-5325
Для ОС Astra Linux:
использование рекомендаций производителя:
https://wiki.astralinux.ru/astra-linux-se16-bulletin-20210730SE16
https://wiki.astralinux.ru/astra-linux-se81-bulletin-20211019SE81
Для ОСОН Основа:
Обновление программного обеспечения busybox до версии 1:1.30.1-7ubuntu3osnova4
Для ОС ОН «Стрелец»:
Обновление программного обеспечения busybox до версии 1:1.22.0-19+deb9u2.osnova4
Reference
http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html
https://bugs.busybox.net/show_bug.cgi?id=8411
https://git.busybox.net/busybox/commit/?id=a116552869db5e7793ae10968eb3c962c69b3d8c
https://nvd.nist.gov/vuln/detail/CVE-2011-5325
https://security-tracker.debian.org/tracker/CVE-2011-5325
https://wiki.astralinux.ru/astra-linux-se16-bulletin-20210611SE16
https://wiki.astralinux.ru/astra-linux-se16-bulletin-20210730SE16
https://www.openwall.com/lists/oss-security/2015/10/21/4
https://wiki.astralinux.ru/astra-linux-se81-bulletin-20211019SE81
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.4.3/
https://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.5/
CWE
CWE-22
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\", \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "9 (Debian GNU/Linux), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb), \u0434\u043e 1.21.1 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (BusyBox), \u0434\u043e 2.4.3 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), \u0434\u043e 16.01.2023 (\u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f BusyBox:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://bugs.busybox.net/show_bug.cgi?id=8411\n\n\u0414\u043b\u044f \u041e\u0421 Debian:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://security-tracker.debian.org/tracker/CVE-2011-5325\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20210730SE16\nhttps://wiki.astralinux.ru/astra-linux-se81-bulletin-20211019SE81\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0441\u043d\u043e\u0432\u0430:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f busybox \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1:1.30.1-7ubuntu3osnova4\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f busybox \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1:1.22.0-19+deb9u2.osnova4\n\n",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "04.01.2011",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "03.04.2024",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "02.07.2021",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2021-03339",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2011-5325",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Debian GNU/Linux, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), BusyBox, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 8 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb \u0434\u043e 16.01.2023 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0430\u0431\u043e\u0440\u0430 UNIX-\u0443\u0442\u0438\u043b\u0438\u0442 \u043a\u043e\u043c\u0430\u043d\u0434\u043d\u043e\u0439 \u0441\u0442\u0440\u043e\u043a\u0438 BusyBox, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u044b\u043c \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435\u043c \u0438\u043c\u0435\u043d\u0438 \u043f\u0443\u0442\u0438 \u043a \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0443, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0430 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u0445",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0432\u0435\u0440\u043d\u043e\u0435 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435 \u0438\u043c\u0435\u043d\u0438 \u043f\u0443\u0442\u0438 \u043a \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0443 \u0441 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043d\u044b\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c (\u00ab\u041e\u0431\u0445\u043e\u0434 \u043f\u0443\u0442\u0438\u00bb) (CWE-22)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0430\u0431\u043e\u0440\u0430 UNIX-\u0443\u0442\u0438\u043b\u0438\u0442 \u043a\u043e\u043c\u0430\u043d\u0434\u043d\u043e\u0439 \u0441\u0442\u0440\u043e\u043a\u0438 BusyBox \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u044b\u043c \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435\u043c \u0438\u043c\u0435\u043d\u0438 \u043f\u0443\u0442\u0438 \u043a \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0443. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0430 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u0445 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u0438\u043c\u0432\u043e\u043b\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0441\u0441\u044b\u043b\u043a\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html\nhttps://bugs.busybox.net/show_bug.cgi?id=8411\nhttps://git.busybox.net/busybox/commit/?id=a116552869db5e7793ae10968eb3c962c69b3d8c\nhttps://nvd.nist.gov/vuln/detail/CVE-2011-5325\nhttps://security-tracker.debian.org/tracker/CVE-2011-5325\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20210611SE16\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20210730SE16\nhttps://www.openwall.com/lists/oss-security/2015/10/21/4\nhttps://wiki.astralinux.ru/astra-linux-se81-bulletin-20211019SE81\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.4.3/\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.5/",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-22",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}
CNVD-2017-28259
Vulnerability from cnvd - Published: 2017-09-26
VLAI Severity ?
Title
BusyBox路径遍历漏洞
Description
BusyBox是由软件开发者Denys Viasenko开发维护的一个UNIX程序实用包。BusyBox implementation of tar是其中的一个tar(文件备份)命令的实现。
BusyBox implementation of tar存在路径遍历漏洞。远程攻击者可通过符号链接攻击利用该漏洞读取任意文件。
Severity
中
Patch Name
BusyBox路径遍历漏洞的补丁
Patch Description
BusyBox是由软件开发者Denys Viasenko开发维护的一个UNIX程序实用包。BusyBox implementation of tar是其中的一个tar(文件备份)命令的实现。
BusyBox implementation of tar存在路径遍历漏洞。远程攻击者可通过符号链接攻击利用该漏洞读取任意文件。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://bugs.busybox.net/show_bug.cgi?id=8411
Reference
http://www.openwall.com/lists/oss-security/2015/10/21/7
Impacted products
| Name | BusyBox BusyBox <1.22.0 v5 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2011-5325"
}
},
"description": "BusyBox\u662f\u7531\u8f6f\u4ef6\u5f00\u53d1\u8005Denys Viasenko\u5f00\u53d1\u7ef4\u62a4\u7684\u4e00\u4e2aUNIX\u7a0b\u5e8f\u5b9e\u7528\u5305\u3002BusyBox implementation of tar\u662f\u5176\u4e2d\u7684\u4e00\u4e2atar\uff08\u6587\u4ef6\u5907\u4efd\uff09\u547d\u4ee4\u7684\u5b9e\u73b0\u3002\r\n\r\nBusyBox implementation of tar\u5b58\u5728\u8def\u5f84\u904d\u5386\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u7b26\u53f7\u94fe\u63a5\u653b\u51fb\u5229\u7528\u8be5\u6f0f\u6d1e\u8bfb\u53d6\u4efb\u610f\u6587\u4ef6\u3002",
"discovererName": "unknwon",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://bugs.busybox.net/show_bug.cgi?id=8411",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2017-28259",
"openTime": "2017-09-26",
"patchDescription": "BusyBox\u662f\u7531\u8f6f\u4ef6\u5f00\u53d1\u8005Denys Viasenko\u5f00\u53d1\u7ef4\u62a4\u7684\u4e00\u4e2aUNIX\u7a0b\u5e8f\u5b9e\u7528\u5305\u3002BusyBox implementation of tar\u662f\u5176\u4e2d\u7684\u4e00\u4e2atar\uff08\u6587\u4ef6\u5907\u4efd\uff09\u547d\u4ee4\u7684\u5b9e\u73b0\u3002\r\n\r\nBusyBox implementation of tar\u5b58\u5728\u8def\u5f84\u904d\u5386\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u7b26\u53f7\u94fe\u63a5\u653b\u51fb\u5229\u7528\u8be5\u6f0f\u6d1e\u8bfb\u53d6\u4efb\u610f\u6587\u4ef6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "BusyBox\u8def\u5f84\u904d\u5386\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "BusyBox BusyBox \u003c1.22.0 v5"
},
"referenceLink": "http://www.openwall.com/lists/oss-security/2015/10/21/7",
"serverity": "\u4e2d",
"submitTime": "2017-08-11",
"title": "BusyBox\u8def\u5f84\u904d\u5386\u6f0f\u6d1e"
}
FKIE_CVE-2011-5325
Vulnerability from fkie_nvd - Published: 2017-08-07 17:29 - Updated: 2026-05-13 00:24
Severity ?
Summary
Directory traversal vulnerability in the BusyBox implementation of tar before 1.22.0 v5 allows remote attackers to point to files outside the current working directory via a symlink.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| busybox | busybox | * | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 18.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:busybox:busybox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D45EC56E-100F-4476-920D-97CA409D55B7",
"versionEndIncluding": "1.21.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the BusyBox implementation of tar before 1.22.0 v5 allows remote attackers to point to files outside the current working directory via a symlink."
},
{
"lang": "es",
"value": "Una vulnerabilidad de salto de directorio en la implementaci\u00f3n de tar en BusyBox en versiones anteriores a 1.22.0 v5 permite que atacantes remotos apunten a archivos situados fuera del actual directorio de trabajo a trav\u00e9s de un symlink."
}
],
"id": "CVE-2011-5325",
"lastModified": "2026-05-13T00:24:29.033",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-07T17:29:00.220",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Jun/18"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2020/Aug/20"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/10/21/7"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274215"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00020.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Jun/14"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3935-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Jun/18"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2020/Aug/20"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/10/21/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274215"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Jun/14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3935-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-28CM-W7C9-P27F
Vulnerability from github – Published: 2022-05-13 01:11 – Updated: 2025-04-20 03:42
VLAI?
Details
Directory traversal vulnerability in the BusyBox implementation of tar before 1.22.0 v5 allows remote attackers to point to files outside the current working directory via a symlink.
Severity ?
7.5 (High)
{
"affected": [],
"aliases": [
"CVE-2011-5325"
],
"database_specific": {
"cwe_ids": [
"CWE-22"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-08-07T17:29:00Z",
"severity": "HIGH"
},
"details": "Directory traversal vulnerability in the BusyBox implementation of tar before 1.22.0 v5 allows remote attackers to point to files outside the current working directory via a symlink.",
"id": "GHSA-28cm-w7c9-p27f",
"modified": "2025-04-20T03:42:19Z",
"published": "2022-05-13T01:11:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-5325"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274215"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00020.html"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2019/Jun/14"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3935-1"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2019/Jun/18"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2020/Aug/20"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2015/10/21/7"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GSD-2011-5325
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
Directory traversal vulnerability in the BusyBox implementation of tar before 1.22.0 v5 allows remote attackers to point to files outside the current working directory via a symlink.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2011-5325",
"description": "Directory traversal vulnerability in the BusyBox implementation of tar before 1.22.0 v5 allows remote attackers to point to files outside the current working directory via a symlink.",
"id": "GSD-2011-5325",
"references": [
"https://www.suse.com/security/cve/CVE-2011-5325.html",
"https://ubuntu.com/security/CVE-2011-5325",
"https://packetstormsecurity.com/files/cve/CVE-2011-5325"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2011-5325"
],
"details": "Directory traversal vulnerability in the BusyBox implementation of tar before 1.22.0 v5 allows remote attackers to point to files outside the current working directory via a symlink.",
"id": "GSD-2011-5325",
"modified": "2023-12-13T01:19:09.053451Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5325",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the BusyBox implementation of tar before 1.22.0 v5 allows remote attackers to point to files outside the current working directory via a symlink."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20151021 Re: CVE Request: BusyBox tar directory traversal",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/10/21/7"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1274215",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274215"
},
{
"name": "[debian-lts-announce] 20180727 [SECURITY] [DLA 1445-1] busybox security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html"
},
{
"name": "USN-3935-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3935-1/"
},
{
"name": "20190612 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Jun/18"
},
{
"name": "20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Jun/14"
},
{
"name": "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html"
},
{
"name": "20200827 SEC Consult SA-20200827-0 :: Multiple Vulnerabilities in ZTE mobile Hotspot MS910S",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2020/Aug/20"
},
{
"name": "[debian-lts-announce] 20210215 [SECURITY] [DLA 2559-1] busybox security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00020.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.21.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5325"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the BusyBox implementation of tar before 1.22.0 v5 allows remote attackers to point to files outside the current working directory via a symlink."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1274215",
"refsource": "CONFIRM",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274215"
},
{
"name": "[oss-security] 20151021 Re: CVE Request: BusyBox tar directory traversal",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/10/21/7"
},
{
"name": "[debian-lts-announce] 20180727 [SECURITY] [DLA 1445-1] busybox security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html"
},
{
"name": "USN-3935-1",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3935-1/"
},
{
"name": "20190612 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series",
"refsource": "FULLDISC",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Jun/18"
},
{
"name": "20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series",
"refsource": "BUGTRAQ",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Jun/14"
},
{
"name": "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html"
},
{
"name": "20200827 SEC Consult SA-20200827-0 :: Multiple Vulnerabilities in ZTE mobile Hotspot MS910S",
"refsource": "FULLDISC",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2020/Aug/20"
},
{
"name": "[debian-lts-announce] 20210215 [SECURITY] [DLA 2559-1] busybox security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00020.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2021-02-19T15:57Z",
"publishedDate": "2017-08-07T17:29Z"
}
}
}
OPENSUSE-SU-2021:1408-1
Vulnerability from csaf_opensuse - Published: 2021-10-31 14:53 - Updated: 2021-10-31 14:53Summary
Security update for busybox
Severity
Important
Notes
Title of the patch: Security update for busybox
Description of the patch: This update for busybox fixes the following issues:
- CVE-2021-28831: Fixed invalid free or segmentation fault via malformed gzip data (bsc#1184522).
- CVE-2018-20679: Fixed out of bounds read in udhcp (bsc#1121426).
- CVE-2018-1000517: Fixed buffer overflow in the retrieve_file_data() (bsc#1099260).
- CVE-2011-5325: Fixed a directory traversal related to 'tar' command (bsc#951562).
- CVE-2018-1000500: Fixed missing SSL certificate validation related to the 'wget' command (bsc#1099263).
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames: openSUSE-2021-1408
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:busybox-1.26.2-lp152.5.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:busybox-1.26.2-lp152.5.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:busybox-static-1.26.2-lp152.5.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:busybox-1.26.2-lp152.5.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:busybox-1.26.2-lp152.5.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:busybox-static-1.26.2-lp152.5.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.6 (Medium)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:busybox-1.26.2-lp152.5.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:busybox-1.26.2-lp152.5.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:busybox-static-1.26.2-lp152.5.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:busybox-1.26.2-lp152.5.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:busybox-1.26.2-lp152.5.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:busybox-static-1.26.2-lp152.5.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:busybox-1.26.2-lp152.5.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:busybox-1.26.2-lp152.5.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:busybox-static-1.26.2-lp152.5.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
25 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for busybox",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for busybox fixes the following issues:\n\n- CVE-2021-28831: Fixed invalid free or segmentation fault via malformed gzip data (bsc#1184522).\n- CVE-2018-20679: Fixed out of bounds read in udhcp (bsc#1121426).\n- CVE-2018-1000517: Fixed buffer overflow in the retrieve_file_data() (bsc#1099260).\n- CVE-2011-5325: Fixed a directory traversal related to \u0027tar\u0027 command (bsc#951562).\n- CVE-2018-1000500: Fixed missing SSL certificate validation related to the \u0027wget\u0027 command (bsc#1099263).\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2021-1408",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_1408-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2021:1408-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LTZHQ6OAWXY23IUCNO7X25C5CHHCWLOM/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2021:1408-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LTZHQ6OAWXY23IUCNO7X25C5CHHCWLOM/"
},
{
"category": "self",
"summary": "SUSE Bug 1099260",
"url": "https://bugzilla.suse.com/1099260"
},
{
"category": "self",
"summary": "SUSE Bug 1099263",
"url": "https://bugzilla.suse.com/1099263"
},
{
"category": "self",
"summary": "SUSE Bug 1121426",
"url": "https://bugzilla.suse.com/1121426"
},
{
"category": "self",
"summary": "SUSE Bug 1184522",
"url": "https://bugzilla.suse.com/1184522"
},
{
"category": "self",
"summary": "SUSE Bug 951562",
"url": "https://bugzilla.suse.com/951562"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2011-5325 page",
"url": "https://www.suse.com/security/cve/CVE-2011-5325/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1000500 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1000500/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1000517 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1000517/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-20679 page",
"url": "https://www.suse.com/security/cve/CVE-2018-20679/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-28831 page",
"url": "https://www.suse.com/security/cve/CVE-2021-28831/"
}
],
"title": "Security update for busybox",
"tracking": {
"current_release_date": "2021-10-31T14:53:16Z",
"generator": {
"date": "2021-10-31T14:53:16Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2021:1408-1",
"initial_release_date": "2021-10-31T14:53:16Z",
"revision_history": [
{
"date": "2021-10-31T14:53:16Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "busybox-1.26.2-lp152.5.3.1.i586",
"product": {
"name": "busybox-1.26.2-lp152.5.3.1.i586",
"product_id": "busybox-1.26.2-lp152.5.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "busybox-1.26.2-lp152.5.3.1.x86_64",
"product": {
"name": "busybox-1.26.2-lp152.5.3.1.x86_64",
"product_id": "busybox-1.26.2-lp152.5.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "busybox-static-1.26.2-lp152.5.3.1.x86_64",
"product": {
"name": "busybox-static-1.26.2-lp152.5.3.1.x86_64",
"product_id": "busybox-static-1.26.2-lp152.5.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.2",
"product": {
"name": "openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1.26.2-lp152.5.3.1.i586 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:busybox-1.26.2-lp152.5.3.1.i586"
},
"product_reference": "busybox-1.26.2-lp152.5.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1.26.2-lp152.5.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:busybox-1.26.2-lp152.5.3.1.x86_64"
},
"product_reference": "busybox-1.26.2-lp152.5.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-static-1.26.2-lp152.5.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:busybox-static-1.26.2-lp152.5.3.1.x86_64"
},
"product_reference": "busybox-static-1.26.2-lp152.5.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2011-5325",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2011-5325"
}
],
"notes": [
{
"category": "general",
"text": "Directory traversal vulnerability in the BusyBox implementation of tar before 1.22.0 v5 allows remote attackers to point to files outside the current working directory via a symlink.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:busybox-1.26.2-lp152.5.3.1.i586",
"openSUSE Leap 15.2:busybox-1.26.2-lp152.5.3.1.x86_64",
"openSUSE Leap 15.2:busybox-static-1.26.2-lp152.5.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2011-5325",
"url": "https://www.suse.com/security/cve/CVE-2011-5325"
},
{
"category": "external",
"summary": "SUSE Bug 951562 for CVE-2011-5325",
"url": "https://bugzilla.suse.com/951562"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:busybox-1.26.2-lp152.5.3.1.i586",
"openSUSE Leap 15.2:busybox-1.26.2-lp152.5.3.1.x86_64",
"openSUSE Leap 15.2:busybox-static-1.26.2-lp152.5.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:busybox-1.26.2-lp152.5.3.1.i586",
"openSUSE Leap 15.2:busybox-1.26.2-lp152.5.3.1.x86_64",
"openSUSE Leap 15.2:busybox-static-1.26.2-lp152.5.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-10-31T14:53:16Z",
"details": "moderate"
}
],
"title": "CVE-2011-5325"
},
{
"cve": "CVE-2018-1000500",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1000500"
}
],
"notes": [
{
"category": "general",
"text": "Busybox contains a Missing SSL certificate validation vulnerability in The \"busybox wget\" applet that can result in arbitrary code execution. This attack appear to be exploitable via Simply download any file over HTTPS using \"busybox wget https://compromised-domain.com/important-file\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:busybox-1.26.2-lp152.5.3.1.i586",
"openSUSE Leap 15.2:busybox-1.26.2-lp152.5.3.1.x86_64",
"openSUSE Leap 15.2:busybox-static-1.26.2-lp152.5.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1000500",
"url": "https://www.suse.com/security/cve/CVE-2018-1000500"
},
{
"category": "external",
"summary": "SUSE Bug 1099263 for CVE-2018-1000500",
"url": "https://bugzilla.suse.com/1099263"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:busybox-1.26.2-lp152.5.3.1.i586",
"openSUSE Leap 15.2:busybox-1.26.2-lp152.5.3.1.x86_64",
"openSUSE Leap 15.2:busybox-static-1.26.2-lp152.5.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.2:busybox-1.26.2-lp152.5.3.1.i586",
"openSUSE Leap 15.2:busybox-1.26.2-lp152.5.3.1.x86_64",
"openSUSE Leap 15.2:busybox-static-1.26.2-lp152.5.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-10-31T14:53:16Z",
"details": "important"
}
],
"title": "CVE-2018-1000500"
},
{
"cve": "CVE-2018-1000517",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1000517"
}
],
"notes": [
{
"category": "general",
"text": "BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e contains a Buffer Overflow vulnerability in Busybox wget that can result in heap buffer overflow. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in after commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:busybox-1.26.2-lp152.5.3.1.i586",
"openSUSE Leap 15.2:busybox-1.26.2-lp152.5.3.1.x86_64",
"openSUSE Leap 15.2:busybox-static-1.26.2-lp152.5.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1000517",
"url": "https://www.suse.com/security/cve/CVE-2018-1000517"
},
{
"category": "external",
"summary": "SUSE Bug 1099260 for CVE-2018-1000517",
"url": "https://bugzilla.suse.com/1099260"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:busybox-1.26.2-lp152.5.3.1.i586",
"openSUSE Leap 15.2:busybox-1.26.2-lp152.5.3.1.x86_64",
"openSUSE Leap 15.2:busybox-static-1.26.2-lp152.5.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.2:busybox-1.26.2-lp152.5.3.1.i586",
"openSUSE Leap 15.2:busybox-1.26.2-lp152.5.3.1.x86_64",
"openSUSE Leap 15.2:busybox-static-1.26.2-lp152.5.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-10-31T14:53:16Z",
"details": "important"
}
],
"title": "CVE-2018-1000517"
},
{
"cve": "CVE-2018-20679",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-20679"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in BusyBox before 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP server, client, and relay) allows a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to verification in udhcp_get_option() in networking/udhcp/common.c that 4-byte options are indeed 4 bytes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:busybox-1.26.2-lp152.5.3.1.i586",
"openSUSE Leap 15.2:busybox-1.26.2-lp152.5.3.1.x86_64",
"openSUSE Leap 15.2:busybox-static-1.26.2-lp152.5.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-20679",
"url": "https://www.suse.com/security/cve/CVE-2018-20679"
},
{
"category": "external",
"summary": "SUSE Bug 1121426 for CVE-2018-20679",
"url": "https://bugzilla.suse.com/1121426"
},
{
"category": "external",
"summary": "SUSE Bug 1121428 for CVE-2018-20679",
"url": "https://bugzilla.suse.com/1121428"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:busybox-1.26.2-lp152.5.3.1.i586",
"openSUSE Leap 15.2:busybox-1.26.2-lp152.5.3.1.x86_64",
"openSUSE Leap 15.2:busybox-static-1.26.2-lp152.5.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.2:busybox-1.26.2-lp152.5.3.1.i586",
"openSUSE Leap 15.2:busybox-1.26.2-lp152.5.3.1.x86_64",
"openSUSE Leap 15.2:busybox-static-1.26.2-lp152.5.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-10-31T14:53:16Z",
"details": "moderate"
}
],
"title": "CVE-2018-20679"
},
{
"cve": "CVE-2021-28831",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-28831"
}
],
"notes": [
{
"category": "general",
"text": "decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:busybox-1.26.2-lp152.5.3.1.i586",
"openSUSE Leap 15.2:busybox-1.26.2-lp152.5.3.1.x86_64",
"openSUSE Leap 15.2:busybox-static-1.26.2-lp152.5.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-28831",
"url": "https://www.suse.com/security/cve/CVE-2021-28831"
},
{
"category": "external",
"summary": "SUSE Bug 1184522 for CVE-2021-28831",
"url": "https://bugzilla.suse.com/1184522"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:busybox-1.26.2-lp152.5.3.1.i586",
"openSUSE Leap 15.2:busybox-1.26.2-lp152.5.3.1.x86_64",
"openSUSE Leap 15.2:busybox-static-1.26.2-lp152.5.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:busybox-1.26.2-lp152.5.3.1.i586",
"openSUSE Leap 15.2:busybox-1.26.2-lp152.5.3.1.x86_64",
"openSUSE Leap 15.2:busybox-static-1.26.2-lp152.5.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-10-31T14:53:16Z",
"details": "important"
}
],
"title": "CVE-2021-28831"
}
]
}
OPENSUSE-SU-2021:3531-1
Vulnerability from csaf_opensuse - Published: 2021-10-27 08:07 - Updated: 2021-10-27 08:07Summary
Security update for busybox
Severity
Important
Notes
Title of the patch: Security update for busybox
Description of the patch: This update for busybox fixes the following issues:
- CVE-2021-28831: Fixed invalid free or segmentation fault via malformed gzip data (bsc#1184522).
- CVE-2018-20679: Fixed out of bounds read in udhcp (bsc#1121426).
- CVE-2018-1000517: Fixed buffer overflow in the retrieve_file_data() (bsc#1099260).
- CVE-2011-5325: Fixed a directory traversal related to 'tar' command (bsc#951562).
- CVE-2018-1000500: Fixed missing SSL certificate validation related to the 'wget' command (bsc#1099263).
Patchnames: openSUSE-SLE-15.3-2021-3531
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.26.2-4.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.26.2-4.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.26.2-4.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.26.2-4.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.26.2-4.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.26.2-4.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.26.2-4.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.26.2-4.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.26.2-4.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.26.2-4.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.26.2-4.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.26.2-4.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.6 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.26.2-4.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.26.2-4.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.26.2-4.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.26.2-4.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.26.2-4.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.26.2-4.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.26.2-4.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.26.2-4.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.26.2-4.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.26.2-4.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.26.2-4.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.26.2-4.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.26.2-4.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.26.2-4.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.26.2-4.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.26.2-4.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.26.2-4.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.26.2-4.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
25 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for busybox",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for busybox fixes the following issues:\n\n- CVE-2021-28831: Fixed invalid free or segmentation fault via malformed gzip data (bsc#1184522).\n- CVE-2018-20679: Fixed out of bounds read in udhcp (bsc#1121426).\n- CVE-2018-1000517: Fixed buffer overflow in the retrieve_file_data() (bsc#1099260).\n- CVE-2011-5325: Fixed a directory traversal related to \u0027tar\u0027 command (bsc#951562).\n- CVE-2018-1000500: Fixed missing SSL certificate validation related to the \u0027wget\u0027 command (bsc#1099263).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-SLE-15.3-2021-3531",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_3531-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2021:3531-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/EXGVAQ34C33F4R3O65TKB73FYUDCIM6B/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2021:3531-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/EXGVAQ34C33F4R3O65TKB73FYUDCIM6B/"
},
{
"category": "self",
"summary": "SUSE Bug 1099260",
"url": "https://bugzilla.suse.com/1099260"
},
{
"category": "self",
"summary": "SUSE Bug 1099263",
"url": "https://bugzilla.suse.com/1099263"
},
{
"category": "self",
"summary": "SUSE Bug 1121426",
"url": "https://bugzilla.suse.com/1121426"
},
{
"category": "self",
"summary": "SUSE Bug 1184522",
"url": "https://bugzilla.suse.com/1184522"
},
{
"category": "self",
"summary": "SUSE Bug 951562",
"url": "https://bugzilla.suse.com/951562"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2011-5325 page",
"url": "https://www.suse.com/security/cve/CVE-2011-5325/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1000500 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1000500/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1000517 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1000517/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-20679 page",
"url": "https://www.suse.com/security/cve/CVE-2018-20679/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-28831 page",
"url": "https://www.suse.com/security/cve/CVE-2021-28831/"
}
],
"title": "Security update for busybox",
"tracking": {
"current_release_date": "2021-10-27T08:07:47Z",
"generator": {
"date": "2021-10-27T08:07:47Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2021:3531-1",
"initial_release_date": "2021-10-27T08:07:47Z",
"revision_history": [
{
"date": "2021-10-27T08:07:47Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "busybox-1.26.2-4.5.1.aarch64",
"product": {
"name": "busybox-1.26.2-4.5.1.aarch64",
"product_id": "busybox-1.26.2-4.5.1.aarch64"
}
},
{
"category": "product_version",
"name": "busybox-static-1.26.2-4.5.1.aarch64",
"product": {
"name": "busybox-static-1.26.2-4.5.1.aarch64",
"product_id": "busybox-static-1.26.2-4.5.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "busybox-1.26.2-4.5.1.ppc64le",
"product": {
"name": "busybox-1.26.2-4.5.1.ppc64le",
"product_id": "busybox-1.26.2-4.5.1.ppc64le"
}
},
{
"category": "product_version",
"name": "busybox-static-1.26.2-4.5.1.ppc64le",
"product": {
"name": "busybox-static-1.26.2-4.5.1.ppc64le",
"product_id": "busybox-static-1.26.2-4.5.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "busybox-1.26.2-4.5.1.s390x",
"product": {
"name": "busybox-1.26.2-4.5.1.s390x",
"product_id": "busybox-1.26.2-4.5.1.s390x"
}
},
{
"category": "product_version",
"name": "busybox-static-1.26.2-4.5.1.s390x",
"product": {
"name": "busybox-static-1.26.2-4.5.1.s390x",
"product_id": "busybox-static-1.26.2-4.5.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "busybox-1.26.2-4.5.1.x86_64",
"product": {
"name": "busybox-1.26.2-4.5.1.x86_64",
"product_id": "busybox-1.26.2-4.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "busybox-static-1.26.2-4.5.1.x86_64",
"product": {
"name": "busybox-static-1.26.2-4.5.1.x86_64",
"product_id": "busybox-static-1.26.2-4.5.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.3",
"product": {
"name": "openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1.26.2-4.5.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:busybox-1.26.2-4.5.1.aarch64"
},
"product_reference": "busybox-1.26.2-4.5.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1.26.2-4.5.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:busybox-1.26.2-4.5.1.ppc64le"
},
"product_reference": "busybox-1.26.2-4.5.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1.26.2-4.5.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:busybox-1.26.2-4.5.1.s390x"
},
"product_reference": "busybox-1.26.2-4.5.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1.26.2-4.5.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:busybox-1.26.2-4.5.1.x86_64"
},
"product_reference": "busybox-1.26.2-4.5.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-static-1.26.2-4.5.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:busybox-static-1.26.2-4.5.1.aarch64"
},
"product_reference": "busybox-static-1.26.2-4.5.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-static-1.26.2-4.5.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:busybox-static-1.26.2-4.5.1.ppc64le"
},
"product_reference": "busybox-static-1.26.2-4.5.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-static-1.26.2-4.5.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:busybox-static-1.26.2-4.5.1.s390x"
},
"product_reference": "busybox-static-1.26.2-4.5.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-static-1.26.2-4.5.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:busybox-static-1.26.2-4.5.1.x86_64"
},
"product_reference": "busybox-static-1.26.2-4.5.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2011-5325",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2011-5325"
}
],
"notes": [
{
"category": "general",
"text": "Directory traversal vulnerability in the BusyBox implementation of tar before 1.22.0 v5 allows remote attackers to point to files outside the current working directory via a symlink.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:busybox-1.26.2-4.5.1.aarch64",
"openSUSE Leap 15.3:busybox-1.26.2-4.5.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.26.2-4.5.1.s390x",
"openSUSE Leap 15.3:busybox-1.26.2-4.5.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.26.2-4.5.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.26.2-4.5.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.26.2-4.5.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.26.2-4.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2011-5325",
"url": "https://www.suse.com/security/cve/CVE-2011-5325"
},
{
"category": "external",
"summary": "SUSE Bug 951562 for CVE-2011-5325",
"url": "https://bugzilla.suse.com/951562"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:busybox-1.26.2-4.5.1.aarch64",
"openSUSE Leap 15.3:busybox-1.26.2-4.5.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.26.2-4.5.1.s390x",
"openSUSE Leap 15.3:busybox-1.26.2-4.5.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.26.2-4.5.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.26.2-4.5.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.26.2-4.5.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.26.2-4.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:busybox-1.26.2-4.5.1.aarch64",
"openSUSE Leap 15.3:busybox-1.26.2-4.5.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.26.2-4.5.1.s390x",
"openSUSE Leap 15.3:busybox-1.26.2-4.5.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.26.2-4.5.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.26.2-4.5.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.26.2-4.5.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.26.2-4.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-10-27T08:07:47Z",
"details": "moderate"
}
],
"title": "CVE-2011-5325"
},
{
"cve": "CVE-2018-1000500",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1000500"
}
],
"notes": [
{
"category": "general",
"text": "Busybox contains a Missing SSL certificate validation vulnerability in The \"busybox wget\" applet that can result in arbitrary code execution. This attack appear to be exploitable via Simply download any file over HTTPS using \"busybox wget https://compromised-domain.com/important-file\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:busybox-1.26.2-4.5.1.aarch64",
"openSUSE Leap 15.3:busybox-1.26.2-4.5.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.26.2-4.5.1.s390x",
"openSUSE Leap 15.3:busybox-1.26.2-4.5.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.26.2-4.5.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.26.2-4.5.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.26.2-4.5.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.26.2-4.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1000500",
"url": "https://www.suse.com/security/cve/CVE-2018-1000500"
},
{
"category": "external",
"summary": "SUSE Bug 1099263 for CVE-2018-1000500",
"url": "https://bugzilla.suse.com/1099263"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:busybox-1.26.2-4.5.1.aarch64",
"openSUSE Leap 15.3:busybox-1.26.2-4.5.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.26.2-4.5.1.s390x",
"openSUSE Leap 15.3:busybox-1.26.2-4.5.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.26.2-4.5.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.26.2-4.5.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.26.2-4.5.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.26.2-4.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.3:busybox-1.26.2-4.5.1.aarch64",
"openSUSE Leap 15.3:busybox-1.26.2-4.5.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.26.2-4.5.1.s390x",
"openSUSE Leap 15.3:busybox-1.26.2-4.5.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.26.2-4.5.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.26.2-4.5.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.26.2-4.5.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.26.2-4.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-10-27T08:07:47Z",
"details": "important"
}
],
"title": "CVE-2018-1000500"
},
{
"cve": "CVE-2018-1000517",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1000517"
}
],
"notes": [
{
"category": "general",
"text": "BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e contains a Buffer Overflow vulnerability in Busybox wget that can result in heap buffer overflow. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in after commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:busybox-1.26.2-4.5.1.aarch64",
"openSUSE Leap 15.3:busybox-1.26.2-4.5.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.26.2-4.5.1.s390x",
"openSUSE Leap 15.3:busybox-1.26.2-4.5.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.26.2-4.5.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.26.2-4.5.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.26.2-4.5.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.26.2-4.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1000517",
"url": "https://www.suse.com/security/cve/CVE-2018-1000517"
},
{
"category": "external",
"summary": "SUSE Bug 1099260 for CVE-2018-1000517",
"url": "https://bugzilla.suse.com/1099260"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:busybox-1.26.2-4.5.1.aarch64",
"openSUSE Leap 15.3:busybox-1.26.2-4.5.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.26.2-4.5.1.s390x",
"openSUSE Leap 15.3:busybox-1.26.2-4.5.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.26.2-4.5.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.26.2-4.5.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.26.2-4.5.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.26.2-4.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.3:busybox-1.26.2-4.5.1.aarch64",
"openSUSE Leap 15.3:busybox-1.26.2-4.5.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.26.2-4.5.1.s390x",
"openSUSE Leap 15.3:busybox-1.26.2-4.5.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.26.2-4.5.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.26.2-4.5.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.26.2-4.5.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.26.2-4.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-10-27T08:07:47Z",
"details": "important"
}
],
"title": "CVE-2018-1000517"
},
{
"cve": "CVE-2018-20679",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-20679"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in BusyBox before 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP server, client, and relay) allows a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to verification in udhcp_get_option() in networking/udhcp/common.c that 4-byte options are indeed 4 bytes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:busybox-1.26.2-4.5.1.aarch64",
"openSUSE Leap 15.3:busybox-1.26.2-4.5.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.26.2-4.5.1.s390x",
"openSUSE Leap 15.3:busybox-1.26.2-4.5.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.26.2-4.5.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.26.2-4.5.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.26.2-4.5.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.26.2-4.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-20679",
"url": "https://www.suse.com/security/cve/CVE-2018-20679"
},
{
"category": "external",
"summary": "SUSE Bug 1121426 for CVE-2018-20679",
"url": "https://bugzilla.suse.com/1121426"
},
{
"category": "external",
"summary": "SUSE Bug 1121428 for CVE-2018-20679",
"url": "https://bugzilla.suse.com/1121428"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:busybox-1.26.2-4.5.1.aarch64",
"openSUSE Leap 15.3:busybox-1.26.2-4.5.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.26.2-4.5.1.s390x",
"openSUSE Leap 15.3:busybox-1.26.2-4.5.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.26.2-4.5.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.26.2-4.5.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.26.2-4.5.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.26.2-4.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.3:busybox-1.26.2-4.5.1.aarch64",
"openSUSE Leap 15.3:busybox-1.26.2-4.5.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.26.2-4.5.1.s390x",
"openSUSE Leap 15.3:busybox-1.26.2-4.5.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.26.2-4.5.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.26.2-4.5.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.26.2-4.5.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.26.2-4.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-10-27T08:07:47Z",
"details": "moderate"
}
],
"title": "CVE-2018-20679"
},
{
"cve": "CVE-2021-28831",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-28831"
}
],
"notes": [
{
"category": "general",
"text": "decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:busybox-1.26.2-4.5.1.aarch64",
"openSUSE Leap 15.3:busybox-1.26.2-4.5.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.26.2-4.5.1.s390x",
"openSUSE Leap 15.3:busybox-1.26.2-4.5.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.26.2-4.5.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.26.2-4.5.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.26.2-4.5.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.26.2-4.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-28831",
"url": "https://www.suse.com/security/cve/CVE-2021-28831"
},
{
"category": "external",
"summary": "SUSE Bug 1184522 for CVE-2021-28831",
"url": "https://bugzilla.suse.com/1184522"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:busybox-1.26.2-4.5.1.aarch64",
"openSUSE Leap 15.3:busybox-1.26.2-4.5.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.26.2-4.5.1.s390x",
"openSUSE Leap 15.3:busybox-1.26.2-4.5.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.26.2-4.5.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.26.2-4.5.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.26.2-4.5.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.26.2-4.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:busybox-1.26.2-4.5.1.aarch64",
"openSUSE Leap 15.3:busybox-1.26.2-4.5.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.26.2-4.5.1.s390x",
"openSUSE Leap 15.3:busybox-1.26.2-4.5.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.26.2-4.5.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.26.2-4.5.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.26.2-4.5.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.26.2-4.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-10-27T08:07:47Z",
"details": "important"
}
],
"title": "CVE-2021-28831"
}
]
}
OPENSUSE-SU-2022:0135-1
Vulnerability from csaf_opensuse - Published: 2022-01-20 09:04 - Updated: 2022-01-20 09:04Summary
Security update for busybox
Severity
Important
Notes
Title of the patch: Security update for busybox
Description of the patch: This update for busybox fixes the following issues:
- CVE-2011-5325: Fixed tar directory traversal (bsc#951562).
- CVE-2015-9261: Fixed segfalts and application crashes in huft_build (bsc#1102912).
- CVE-2016-2147: Fixed out of bounds write (heap) due to integer underflow in udhcpc (bsc#970663).
- CVE-2016-2148: Fixed heap-based buffer overflow in OPTION_6RD parsing (bsc#970662).
- CVE-2016-6301: Fixed NTP server denial of service flaw (bsc#991940).
- CVE-2017-15873: Fixed integer overflow in get_next_block function in archival/libarchive/decompress_bunzip2.c (bsc#1064976).
- CVE-2017-15874: Fixed integer underflow in archival/libarchive/decompress_unlzma.c (bsc#1064978).
- CVE-2017-16544: Fixed Insufficient sanitization of filenames when autocompleting (bsc#1069412).
- CVE-2018-1000500 : Fixed missing SSL certificate validation in wget (bsc#1099263).
- CVE-2018-1000517: Fixed heap-based buffer overflow in the retrieve_file_data() (bsc#1099260).
- CVE-2018-20679: Fixed out of bounds read in udhcp (bsc#1121426).
- CVE-2019-5747: Fixed out of bounds read in udhcp components (bsc#1121428).
- CVE-2021-28831: Fixed invalid free or segmentation fault via malformed gzip data (bsc#1184522).
- CVE-2021-42373: Fixed NULL pointer dereference in man leading to DoS when a section name is supplied but no page argument is given (bsc#1192869).
- CVE-2021-42374: Fixed out-of-bounds heap read in unlzma leading to information leak and DoS when crafted LZMA-compressed input is decompressed (bsc#1192869).
- CVE-2021-42375: Fixed incorrect handling of a special element in ash leading to DoS when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters (bsc#1192869).
- CVE-2021-42376: Fixed NULL pointer dereference in hush leading to DoS when processing a crafted shell command (bsc#1192869).
- CVE-2021-42377: Fixed attacker-controlled pointer free in hush leading to DoS and possible code execution when processing a crafted shell command (bsc#1192869).
- CVE-2021-42378: Fixed use-after-free in awk leading to DoS and possibly code execution when processing a crafted awk pattern in the getvar_i function (bsc#1192869).
- CVE-2021-42379: Fixed use-after-free in awk leading to DoS and possibly code execution when processing a crafted awk pattern in the next_input_file function (bsc#1192869).
- CVE-2021-42380: Fixed use-after-free in awk leading to DoS and possibly code execution when processing a crafted awk pattern in the clrvar function (bsc#1192869).
- CVE-2021-42381: Fixed use-after-free in awk leading to DoS and possibly code execution when processing a crafted awk pattern in the hash_init function (bsc#1192869).
- CVE-2021-42382: Fixed use-after-free in awk leading to DoS and possibly code execution when processing a crafted awk pattern in the getvar_s function (bsc#1192869).
- CVE-2021-42383: Fixed use-after-free in awk leading to DoS and possibly code execution when processing a crafted awk pattern in the evaluate function (bsc#1192869).
- CVE-2021-42384: Fixed use-after-free in awk leading to DoS and possibly code execution when processing a crafted awk pattern in the handle_special function (bsc#1192869).
- CVE-2021-42385: Fixed use-after-free in awk leading to DoS and possibly code execution when processing a crafted awk pattern in the evaluate function (bsc#1192869).
- CVE-2021-42386: Fixed use-after-free in awk leading to DoS and possibly code execution when processing a crafted awk pattern in the nvalloc function (bsc#1192869).
Patchnames: openSUSE-2022-135,openSUSE-SLE-15.3-2022-135
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.5 (Medium)
Affected products
Recommended
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
9.8 (Critical)
Affected products
Recommended
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.8 (High)
Affected products
Recommended
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
7.8 (High)
Affected products
Recommended
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.6 (Medium)
Affected products
Recommended
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
7.5 (High)
Affected products
Recommended
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.5 (Medium)
Affected products
Recommended
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.7 (Medium)
Affected products
Recommended
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.1 (Medium)
Affected products
Recommended
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.1 (Medium)
Affected products
Recommended
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.4 (Medium)
Affected products
Recommended
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.6 (Medium)
Affected products
Recommended
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.6 (Medium)
Affected products
Recommended
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.6 (Medium)
Affected products
Recommended
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.6 (Medium)
Affected products
Recommended
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.6 (Medium)
Affected products
Recommended
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.6 (Medium)
Affected products
Recommended
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.6 (Medium)
Affected products
Recommended
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.6 (Medium)
Affected products
Recommended
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.6 (Medium)
Affected products
Recommended
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
87 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for busybox",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for busybox fixes the following issues:\n\n- CVE-2011-5325: Fixed tar directory traversal (bsc#951562).\n- CVE-2015-9261: Fixed segfalts and application crashes in huft_build (bsc#1102912).\n- CVE-2016-2147: Fixed out of bounds write (heap) due to integer underflow in udhcpc (bsc#970663).\n- CVE-2016-2148: Fixed heap-based buffer overflow in OPTION_6RD parsing (bsc#970662).\n- CVE-2016-6301: Fixed NTP server denial of service flaw (bsc#991940).\n- CVE-2017-15873: Fixed integer overflow in get_next_block function in archival/libarchive/decompress_bunzip2.c (bsc#1064976).\n- CVE-2017-15874: Fixed integer underflow in archival/libarchive/decompress_unlzma.c (bsc#1064978).\n- CVE-2017-16544: Fixed Insufficient sanitization of filenames when autocompleting (bsc#1069412).\n- CVE-2018-1000500 : Fixed missing SSL certificate validation in wget (bsc#1099263).\n- CVE-2018-1000517: Fixed heap-based buffer overflow in the retrieve_file_data() (bsc#1099260).\n- CVE-2018-20679: Fixed out of bounds read in udhcp (bsc#1121426).\n- CVE-2019-5747: Fixed out of bounds read in udhcp components (bsc#1121428).\n- CVE-2021-28831: Fixed invalid free or segmentation fault via malformed gzip data (bsc#1184522).\n- CVE-2021-42373: Fixed NULL pointer dereference in man leading to DoS when a section name is supplied but no page argument is given (bsc#1192869).\n- CVE-2021-42374: Fixed out-of-bounds heap read in unlzma leading to information leak and DoS when crafted LZMA-compressed input is decompressed (bsc#1192869).\n- CVE-2021-42375: Fixed incorrect handling of a special element in ash leading to DoS when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters (bsc#1192869).\n- CVE-2021-42376: Fixed NULL pointer dereference in hush leading to DoS when processing a crafted shell command (bsc#1192869).\n- CVE-2021-42377: Fixed attacker-controlled pointer free in hush leading to DoS and possible code execution when processing a crafted shell command (bsc#1192869).\n- CVE-2021-42378: Fixed use-after-free in awk leading to DoS and possibly code execution when processing a crafted awk pattern in the getvar_i function (bsc#1192869).\n- CVE-2021-42379: Fixed use-after-free in awk leading to DoS and possibly code execution when processing a crafted awk pattern in the next_input_file function (bsc#1192869).\n- CVE-2021-42380: Fixed use-after-free in awk leading to DoS and possibly code execution when processing a crafted awk pattern in the clrvar function (bsc#1192869).\n- CVE-2021-42381: Fixed use-after-free in awk leading to DoS and possibly code execution when processing a crafted awk pattern in the hash_init function (bsc#1192869).\n- CVE-2021-42382: Fixed use-after-free in awk leading to DoS and possibly code execution when processing a crafted awk pattern in the getvar_s function (bsc#1192869).\n- CVE-2021-42383: Fixed use-after-free in awk leading to DoS and possibly code execution when processing a crafted awk pattern in the evaluate function (bsc#1192869).\n- CVE-2021-42384: Fixed use-after-free in awk leading to DoS and possibly code execution when processing a crafted awk pattern in the handle_special function (bsc#1192869).\n- CVE-2021-42385: Fixed use-after-free in awk leading to DoS and possibly code execution when processing a crafted awk pattern in the evaluate function (bsc#1192869).\n- CVE-2021-42386: Fixed use-after-free in awk leading to DoS and possibly code execution when processing a crafted awk pattern in the nvalloc function (bsc#1192869).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2022-135,openSUSE-SLE-15.3-2022-135",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2022_0135-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2022:0135-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/YB6DIPEMLRTDD3RU77DD7UYYKBEEKYDY/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2022:0135-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/YB6DIPEMLRTDD3RU77DD7UYYKBEEKYDY/"
},
{
"category": "self",
"summary": "SUSE Bug 1064976",
"url": "https://bugzilla.suse.com/1064976"
},
{
"category": "self",
"summary": "SUSE Bug 1064978",
"url": "https://bugzilla.suse.com/1064978"
},
{
"category": "self",
"summary": "SUSE Bug 1069412",
"url": "https://bugzilla.suse.com/1069412"
},
{
"category": "self",
"summary": "SUSE Bug 1099260",
"url": "https://bugzilla.suse.com/1099260"
},
{
"category": "self",
"summary": "SUSE Bug 1099263",
"url": "https://bugzilla.suse.com/1099263"
},
{
"category": "self",
"summary": "SUSE Bug 1102912",
"url": "https://bugzilla.suse.com/1102912"
},
{
"category": "self",
"summary": "SUSE Bug 1121426",
"url": "https://bugzilla.suse.com/1121426"
},
{
"category": "self",
"summary": "SUSE Bug 1121428",
"url": "https://bugzilla.suse.com/1121428"
},
{
"category": "self",
"summary": "SUSE Bug 1184522",
"url": "https://bugzilla.suse.com/1184522"
},
{
"category": "self",
"summary": "SUSE Bug 1192869",
"url": "https://bugzilla.suse.com/1192869"
},
{
"category": "self",
"summary": "SUSE Bug 951562",
"url": "https://bugzilla.suse.com/951562"
},
{
"category": "self",
"summary": "SUSE Bug 970662",
"url": "https://bugzilla.suse.com/970662"
},
{
"category": "self",
"summary": "SUSE Bug 970663",
"url": "https://bugzilla.suse.com/970663"
},
{
"category": "self",
"summary": "SUSE Bug 991940",
"url": "https://bugzilla.suse.com/991940"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2011-5325 page",
"url": "https://www.suse.com/security/cve/CVE-2011-5325/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-9261 page",
"url": "https://www.suse.com/security/cve/CVE-2015-9261/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-2147 page",
"url": "https://www.suse.com/security/cve/CVE-2016-2147/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-2148 page",
"url": "https://www.suse.com/security/cve/CVE-2016-2148/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-6301 page",
"url": "https://www.suse.com/security/cve/CVE-2016-6301/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-15873 page",
"url": "https://www.suse.com/security/cve/CVE-2017-15873/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-15874 page",
"url": "https://www.suse.com/security/cve/CVE-2017-15874/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-16544 page",
"url": "https://www.suse.com/security/cve/CVE-2017-16544/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1000500 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1000500/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1000517 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1000517/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-20679 page",
"url": "https://www.suse.com/security/cve/CVE-2018-20679/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5747 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5747/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-28831 page",
"url": "https://www.suse.com/security/cve/CVE-2021-28831/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-42373 page",
"url": "https://www.suse.com/security/cve/CVE-2021-42373/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-42374 page",
"url": "https://www.suse.com/security/cve/CVE-2021-42374/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-42375 page",
"url": "https://www.suse.com/security/cve/CVE-2021-42375/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-42376 page",
"url": "https://www.suse.com/security/cve/CVE-2021-42376/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-42377 page",
"url": "https://www.suse.com/security/cve/CVE-2021-42377/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-42378 page",
"url": "https://www.suse.com/security/cve/CVE-2021-42378/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-42379 page",
"url": "https://www.suse.com/security/cve/CVE-2021-42379/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-42380 page",
"url": "https://www.suse.com/security/cve/CVE-2021-42380/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-42381 page",
"url": "https://www.suse.com/security/cve/CVE-2021-42381/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-42382 page",
"url": "https://www.suse.com/security/cve/CVE-2021-42382/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-42383 page",
"url": "https://www.suse.com/security/cve/CVE-2021-42383/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-42384 page",
"url": "https://www.suse.com/security/cve/CVE-2021-42384/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-42385 page",
"url": "https://www.suse.com/security/cve/CVE-2021-42385/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-42386 page",
"url": "https://www.suse.com/security/cve/CVE-2021-42386/"
}
],
"title": "Security update for busybox",
"tracking": {
"current_release_date": "2022-01-20T09:04:27Z",
"generator": {
"date": "2022-01-20T09:04:27Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2022:0135-1",
"initial_release_date": "2022-01-20T09:04:27Z",
"revision_history": [
{
"date": "2022-01-20T09:04:27Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "busybox-1.34.1-4.9.1.aarch64",
"product": {
"name": "busybox-1.34.1-4.9.1.aarch64",
"product_id": "busybox-1.34.1-4.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "busybox-static-1.34.1-4.9.1.aarch64",
"product": {
"name": "busybox-static-1.34.1-4.9.1.aarch64",
"product_id": "busybox-static-1.34.1-4.9.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch",
"product": {
"name": "virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch",
"product_id": "virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch"
}
},
{
"category": "product_version",
"name": "virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch",
"product": {
"name": "virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch",
"product_id": "virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch"
}
},
{
"category": "product_version",
"name": "virtualbox-host-source-6.1.34-lp153.2.27.2.noarch",
"product": {
"name": "virtualbox-host-source-6.1.34-lp153.2.27.2.noarch",
"product_id": "virtualbox-host-source-6.1.34-lp153.2.27.2.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "busybox-1.34.1-4.9.1.ppc64le",
"product": {
"name": "busybox-1.34.1-4.9.1.ppc64le",
"product_id": "busybox-1.34.1-4.9.1.ppc64le"
}
},
{
"category": "product_version",
"name": "busybox-static-1.34.1-4.9.1.ppc64le",
"product": {
"name": "busybox-static-1.34.1-4.9.1.ppc64le",
"product_id": "busybox-static-1.34.1-4.9.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "busybox-1.34.1-4.9.1.s390x",
"product": {
"name": "busybox-1.34.1-4.9.1.s390x",
"product_id": "busybox-1.34.1-4.9.1.s390x"
}
},
{
"category": "product_version",
"name": "busybox-static-1.34.1-4.9.1.s390x",
"product": {
"name": "busybox-static-1.34.1-4.9.1.s390x",
"product_id": "busybox-static-1.34.1-4.9.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python3-virtualbox-6.1.34-lp153.2.27.2.x86_64",
"product": {
"name": "python3-virtualbox-6.1.34-lp153.2.27.2.x86_64",
"product_id": "python3-virtualbox-6.1.34-lp153.2.27.2.x86_64"
}
},
{
"category": "product_version",
"name": "virtualbox-6.1.34-lp153.2.27.2.x86_64",
"product": {
"name": "virtualbox-6.1.34-lp153.2.27.2.x86_64",
"product_id": "virtualbox-6.1.34-lp153.2.27.2.x86_64"
}
},
{
"category": "product_version",
"name": "virtualbox-devel-6.1.34-lp153.2.27.2.x86_64",
"product": {
"name": "virtualbox-devel-6.1.34-lp153.2.27.2.x86_64",
"product_id": "virtualbox-devel-6.1.34-lp153.2.27.2.x86_64"
}
},
{
"category": "product_version",
"name": "virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64",
"product": {
"name": "virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64",
"product_id": "virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64"
}
},
{
"category": "product_version",
"name": "virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64",
"product": {
"name": "virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64",
"product_id": "virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64"
}
},
{
"category": "product_version",
"name": "virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"product": {
"name": "virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"product_id": "virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64"
}
},
{
"category": "product_version",
"name": "virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"product": {
"name": "virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"product_id": "virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64"
}
},
{
"category": "product_version",
"name": "virtualbox-qt-6.1.34-lp153.2.27.2.x86_64",
"product": {
"name": "virtualbox-qt-6.1.34-lp153.2.27.2.x86_64",
"product_id": "virtualbox-qt-6.1.34-lp153.2.27.2.x86_64"
}
},
{
"category": "product_version",
"name": "virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64",
"product": {
"name": "virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64",
"product_id": "virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64"
}
},
{
"category": "product_version",
"name": "virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64",
"product": {
"name": "virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64",
"product_id": "virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64"
}
},
{
"category": "product_version",
"name": "busybox-1.34.1-4.9.1.x86_64",
"product": {
"name": "busybox-1.34.1-4.9.1.x86_64",
"product_id": "busybox-1.34.1-4.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "busybox-static-1.34.1-4.9.1.x86_64",
"product": {
"name": "busybox-static-1.34.1-4.9.1.x86_64",
"product_id": "busybox-static-1.34.1-4.9.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.3",
"product": {
"name": "openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.3"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.3",
"product": {
"name": "openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-virtualbox-6.1.34-lp153.2.27.2.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64"
},
"product_reference": "python3-virtualbox-6.1.34-lp153.2.27.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "virtualbox-6.1.34-lp153.2.27.2.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64"
},
"product_reference": "virtualbox-6.1.34-lp153.2.27.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "virtualbox-devel-6.1.34-lp153.2.27.2.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64"
},
"product_reference": "virtualbox-devel-6.1.34-lp153.2.27.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch"
},
"product_reference": "virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch"
},
"product_reference": "virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64"
},
"product_reference": "virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64"
},
"product_reference": "virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "virtualbox-host-source-6.1.34-lp153.2.27.2.noarch as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch"
},
"product_reference": "virtualbox-host-source-6.1.34-lp153.2.27.2.noarch",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64"
},
"product_reference": "virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64"
},
"product_reference": "virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "virtualbox-qt-6.1.34-lp153.2.27.2.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64"
},
"product_reference": "virtualbox-qt-6.1.34-lp153.2.27.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64"
},
"product_reference": "virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64"
},
"product_reference": "virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1.34.1-4.9.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64"
},
"product_reference": "busybox-1.34.1-4.9.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1.34.1-4.9.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le"
},
"product_reference": "busybox-1.34.1-4.9.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1.34.1-4.9.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x"
},
"product_reference": "busybox-1.34.1-4.9.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1.34.1-4.9.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64"
},
"product_reference": "busybox-1.34.1-4.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-static-1.34.1-4.9.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64"
},
"product_reference": "busybox-static-1.34.1-4.9.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-static-1.34.1-4.9.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le"
},
"product_reference": "busybox-static-1.34.1-4.9.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-static-1.34.1-4.9.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x"
},
"product_reference": "busybox-static-1.34.1-4.9.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-static-1.34.1-4.9.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64"
},
"product_reference": "busybox-static-1.34.1-4.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-virtualbox-6.1.34-lp153.2.27.2.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64"
},
"product_reference": "python3-virtualbox-6.1.34-lp153.2.27.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "virtualbox-6.1.34-lp153.2.27.2.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64"
},
"product_reference": "virtualbox-6.1.34-lp153.2.27.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "virtualbox-devel-6.1.34-lp153.2.27.2.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64"
},
"product_reference": "virtualbox-devel-6.1.34-lp153.2.27.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch"
},
"product_reference": "virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch"
},
"product_reference": "virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64"
},
"product_reference": "virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64"
},
"product_reference": "virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "virtualbox-host-source-6.1.34-lp153.2.27.2.noarch as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch"
},
"product_reference": "virtualbox-host-source-6.1.34-lp153.2.27.2.noarch",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64"
},
"product_reference": "virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64"
},
"product_reference": "virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "virtualbox-qt-6.1.34-lp153.2.27.2.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64"
},
"product_reference": "virtualbox-qt-6.1.34-lp153.2.27.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64"
},
"product_reference": "virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64"
},
"product_reference": "virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1.34.1-4.9.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64"
},
"product_reference": "busybox-1.34.1-4.9.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1.34.1-4.9.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le"
},
"product_reference": "busybox-1.34.1-4.9.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1.34.1-4.9.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x"
},
"product_reference": "busybox-1.34.1-4.9.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1.34.1-4.9.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64"
},
"product_reference": "busybox-1.34.1-4.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-static-1.34.1-4.9.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64"
},
"product_reference": "busybox-static-1.34.1-4.9.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-static-1.34.1-4.9.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le"
},
"product_reference": "busybox-static-1.34.1-4.9.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-static-1.34.1-4.9.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x"
},
"product_reference": "busybox-static-1.34.1-4.9.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-static-1.34.1-4.9.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64"
},
"product_reference": "busybox-static-1.34.1-4.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2011-5325",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2011-5325"
}
],
"notes": [
{
"category": "general",
"text": "Directory traversal vulnerability in the BusyBox implementation of tar before 1.22.0 v5 allows remote attackers to point to files outside the current working directory via a symlink.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2011-5325",
"url": "https://www.suse.com/security/cve/CVE-2011-5325"
},
{
"category": "external",
"summary": "SUSE Bug 951562 for CVE-2011-5325",
"url": "https://bugzilla.suse.com/951562"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-01-20T09:04:27Z",
"details": "moderate"
}
],
"title": "CVE-2011-5325"
},
{
"cve": "CVE-2015-9261",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-9261"
}
],
"notes": [
{
"category": "general",
"text": "huft_build in archival/libarchive/decompress_gunzip.c in BusyBox before 1.27.2 misuses a pointer, causing segfaults and an application crash during an unzip operation on a specially crafted ZIP file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-9261",
"url": "https://www.suse.com/security/cve/CVE-2015-9261"
},
{
"category": "external",
"summary": "SUSE Bug 1102912 for CVE-2015-9261",
"url": "https://bugzilla.suse.com/1102912"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-01-20T09:04:27Z",
"details": "moderate"
}
],
"title": "CVE-2015-9261"
},
{
"cve": "CVE-2016-2147",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-2147"
}
],
"notes": [
{
"category": "general",
"text": "Integer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to cause a denial of service (crash) via a malformed RFC1035-encoded domain name, which triggers an out-of-bounds heap write.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-2147",
"url": "https://www.suse.com/security/cve/CVE-2016-2147"
},
{
"category": "external",
"summary": "SUSE Bug 970663 for CVE-2016-2147",
"url": "https://bugzilla.suse.com/970663"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-01-20T09:04:27Z",
"details": "important"
}
],
"title": "CVE-2016-2147"
},
{
"cve": "CVE-2016-2148",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-2148"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based buffer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to have unspecified impact via vectors involving OPTION_6RD parsing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-2148",
"url": "https://www.suse.com/security/cve/CVE-2016-2148"
},
{
"category": "external",
"summary": "SUSE Bug 970662 for CVE-2016-2148",
"url": "https://bugzilla.suse.com/970662"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-01-20T09:04:27Z",
"details": "moderate"
}
],
"title": "CVE-2016-2148"
},
{
"cve": "CVE-2016-6301",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-6301"
}
],
"notes": [
{
"category": "general",
"text": "The recv_and_process_client_pkt function in networking/ntpd.c in busybox allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged NTP packet, which triggers a communication loop.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-6301",
"url": "https://www.suse.com/security/cve/CVE-2016-6301"
},
{
"category": "external",
"summary": "SUSE Bug 991940 for CVE-2016-6301",
"url": "https://bugzilla.suse.com/991940"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-01-20T09:04:27Z",
"details": "moderate"
}
],
"title": "CVE-2016-6301"
},
{
"cve": "CVE-2017-15873",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-15873"
}
],
"notes": [
{
"category": "general",
"text": "The get_next_block function in archival/libarchive/decompress_bunzip2.c in BusyBox 1.27.2 has an Integer Overflow that may lead to a write access violation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-15873",
"url": "https://www.suse.com/security/cve/CVE-2017-15873"
},
{
"category": "external",
"summary": "SUSE Bug 1064976 for CVE-2017-15873",
"url": "https://bugzilla.suse.com/1064976"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-01-20T09:04:27Z",
"details": "moderate"
}
],
"title": "CVE-2017-15873"
},
{
"cve": "CVE-2017-15874",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-15874"
}
],
"notes": [
{
"category": "general",
"text": "archival/libarchive/decompress_unlzma.c in BusyBox 1.27.2 has an Integer Underflow that leads to a read access violation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-15874",
"url": "https://www.suse.com/security/cve/CVE-2017-15874"
},
{
"category": "external",
"summary": "SUSE Bug 1064978 for CVE-2017-15874",
"url": "https://bugzilla.suse.com/1064978"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-01-20T09:04:27Z",
"details": "low"
}
],
"title": "CVE-2017-15874"
},
{
"cve": "CVE-2017-16544",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-16544"
}
],
"notes": [
{
"category": "general",
"text": "In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-16544",
"url": "https://www.suse.com/security/cve/CVE-2017-16544"
},
{
"category": "external",
"summary": "SUSE Bug 1069412 for CVE-2017-16544",
"url": "https://bugzilla.suse.com/1069412"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-01-20T09:04:27Z",
"details": "important"
}
],
"title": "CVE-2017-16544"
},
{
"cve": "CVE-2018-1000500",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1000500"
}
],
"notes": [
{
"category": "general",
"text": "Busybox contains a Missing SSL certificate validation vulnerability in The \"busybox wget\" applet that can result in arbitrary code execution. This attack appear to be exploitable via Simply download any file over HTTPS using \"busybox wget https://compromised-domain.com/important-file\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1000500",
"url": "https://www.suse.com/security/cve/CVE-2018-1000500"
},
{
"category": "external",
"summary": "SUSE Bug 1099263 for CVE-2018-1000500",
"url": "https://bugzilla.suse.com/1099263"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-01-20T09:04:27Z",
"details": "important"
}
],
"title": "CVE-2018-1000500"
},
{
"cve": "CVE-2018-1000517",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1000517"
}
],
"notes": [
{
"category": "general",
"text": "BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e contains a Buffer Overflow vulnerability in Busybox wget that can result in heap buffer overflow. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in after commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1000517",
"url": "https://www.suse.com/security/cve/CVE-2018-1000517"
},
{
"category": "external",
"summary": "SUSE Bug 1099260 for CVE-2018-1000517",
"url": "https://bugzilla.suse.com/1099260"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-01-20T09:04:27Z",
"details": "important"
}
],
"title": "CVE-2018-1000517"
},
{
"cve": "CVE-2018-20679",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-20679"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in BusyBox before 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP server, client, and relay) allows a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to verification in udhcp_get_option() in networking/udhcp/common.c that 4-byte options are indeed 4 bytes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-20679",
"url": "https://www.suse.com/security/cve/CVE-2018-20679"
},
{
"category": "external",
"summary": "SUSE Bug 1121426 for CVE-2018-20679",
"url": "https://bugzilla.suse.com/1121426"
},
{
"category": "external",
"summary": "SUSE Bug 1121428 for CVE-2018-20679",
"url": "https://bugzilla.suse.com/1121428"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-01-20T09:04:27Z",
"details": "moderate"
}
],
"title": "CVE-2018-20679"
},
{
"cve": "CVE-2019-5747",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5747"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in BusyBox through 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP client, server, and/or relay) might allow a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to assurance of a 4-byte length when decoding DHCP_SUBNET. NOTE: this issue exists because of an incomplete fix for CVE-2018-20679.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5747",
"url": "https://www.suse.com/security/cve/CVE-2019-5747"
},
{
"category": "external",
"summary": "SUSE Bug 1121426 for CVE-2019-5747",
"url": "https://bugzilla.suse.com/1121426"
},
{
"category": "external",
"summary": "SUSE Bug 1121428 for CVE-2019-5747",
"url": "https://bugzilla.suse.com/1121428"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-01-20T09:04:27Z",
"details": "low"
}
],
"title": "CVE-2019-5747"
},
{
"cve": "CVE-2021-28831",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-28831"
}
],
"notes": [
{
"category": "general",
"text": "decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-28831",
"url": "https://www.suse.com/security/cve/CVE-2021-28831"
},
{
"category": "external",
"summary": "SUSE Bug 1184522 for CVE-2021-28831",
"url": "https://bugzilla.suse.com/1184522"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-01-20T09:04:27Z",
"details": "important"
}
],
"title": "CVE-2021-28831"
},
{
"cve": "CVE-2021-42373",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-42373"
}
],
"notes": [
{
"category": "general",
"text": "A NULL pointer dereference in Busybox\u0027s man applet leads to denial of service when a section name is supplied but no page argument is given",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-42373",
"url": "https://www.suse.com/security/cve/CVE-2021-42373"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-01-20T09:04:27Z",
"details": "moderate"
}
],
"title": "CVE-2021-42373"
},
{
"cve": "CVE-2021-42374",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-42374"
}
],
"notes": [
{
"category": "general",
"text": "An out-of-bounds heap read in Busybox\u0027s unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. This can be triggered by any applet/format that",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-42374",
"url": "https://www.suse.com/security/cve/CVE-2021-42374"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-01-20T09:04:27Z",
"details": "moderate"
}
],
"title": "CVE-2021-42374"
},
{
"cve": "CVE-2021-42375",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-42375"
}
],
"notes": [
{
"category": "general",
"text": "An incorrect handling of a special element in Busybox\u0027s ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters. This may be used for DoS under rare conditions of filtered command input.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-42375",
"url": "https://www.suse.com/security/cve/CVE-2021-42375"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-01-20T09:04:27Z",
"details": "moderate"
}
],
"title": "CVE-2021-42375"
},
{
"cve": "CVE-2021-42376",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-42376"
}
],
"notes": [
{
"category": "general",
"text": "A NULL pointer dereference in Busybox\u0027s hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \\x03 delimiter character. This may be used for DoS under very rare conditions of filtered command input.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-42376",
"url": "https://www.suse.com/security/cve/CVE-2021-42376"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-01-20T09:04:27Z",
"details": "moderate"
}
],
"title": "CVE-2021-42376"
},
{
"cve": "CVE-2021-42377",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-42377"
}
],
"notes": [
{
"category": "general",
"text": "An attacker-controlled pointer free in Busybox\u0027s hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the \u0026\u0026\u0026 string. This may be used for remote code execution under rare conditions of filtered command input.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-42377",
"url": "https://www.suse.com/security/cve/CVE-2021-42377"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-01-20T09:04:27Z",
"details": "moderate"
}
],
"title": "CVE-2021-42377"
},
{
"cve": "CVE-2021-42378",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-42378"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free in Busybox\u0027s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_i function",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-42378",
"url": "https://www.suse.com/security/cve/CVE-2021-42378"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-01-20T09:04:27Z",
"details": "moderate"
}
],
"title": "CVE-2021-42378"
},
{
"cve": "CVE-2021-42379",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-42379"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free in Busybox\u0027s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file function",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-42379",
"url": "https://www.suse.com/security/cve/CVE-2021-42379"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-01-20T09:04:27Z",
"details": "moderate"
}
],
"title": "CVE-2021-42379"
},
{
"cve": "CVE-2021-42380",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-42380"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free in Busybox\u0027s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the clrvar function",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-42380",
"url": "https://www.suse.com/security/cve/CVE-2021-42380"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-01-20T09:04:27Z",
"details": "moderate"
}
],
"title": "CVE-2021-42380"
},
{
"cve": "CVE-2021-42381",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-42381"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free in Busybox\u0027s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the hash_init function",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-42381",
"url": "https://www.suse.com/security/cve/CVE-2021-42381"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-01-20T09:04:27Z",
"details": "moderate"
}
],
"title": "CVE-2021-42381"
},
{
"cve": "CVE-2021-42382",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-42382"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free in Busybox\u0027s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_s function",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-42382",
"url": "https://www.suse.com/security/cve/CVE-2021-42382"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-01-20T09:04:27Z",
"details": "moderate"
}
],
"title": "CVE-2021-42382"
},
{
"cve": "CVE-2021-42383",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-42383"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free in Busybox\u0027s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-42383",
"url": "https://www.suse.com/security/cve/CVE-2021-42383"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-01-20T09:04:27Z",
"details": "moderate"
}
],
"title": "CVE-2021-42383"
},
{
"cve": "CVE-2021-42384",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-42384"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free in Busybox\u0027s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handle_special function",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-42384",
"url": "https://www.suse.com/security/cve/CVE-2021-42384"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-01-20T09:04:27Z",
"details": "moderate"
}
],
"title": "CVE-2021-42384"
},
{
"cve": "CVE-2021-42385",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-42385"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free in Busybox\u0027s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-42385",
"url": "https://www.suse.com/security/cve/CVE-2021-42385"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-01-20T09:04:27Z",
"details": "moderate"
}
],
"title": "CVE-2021-42385"
},
{
"cve": "CVE-2021-42386",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-42386"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free in Busybox\u0027s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc function",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-42386",
"url": "https://www.suse.com/security/cve/CVE-2021-42386"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.aarch64",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.ppc64le",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.s390x",
"openSUSE Leap 15.3:busybox-static-1.34.1-4.9.1.x86_64",
"openSUSE Leap 15.3:python3-virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-devel-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-guest-tools-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-guest-x11-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-host-source-6.1.34-lp153.2.27.2.noarch",
"openSUSE Leap 15.3:virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1.x86_64",
"openSUSE Leap 15.3:virtualbox-qt-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-vnc-6.1.34-lp153.2.27.2.x86_64",
"openSUSE Leap 15.3:virtualbox-websrv-6.1.34-lp153.2.27.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-01-20T09:04:27Z",
"details": "moderate"
}
],
"title": "CVE-2021-42386"
}
]
}
OPENSUSE-SU-2024:11738-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
busybox-1.35.0-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: busybox-1.35.0-1.1 on GA media
Description of the patch: These are all security issues fixed in the busybox-1.35.0-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-11738
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:busybox-1.35.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-1.35.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-1.35.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-1.35.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-static-1.35.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-static-1.35.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-static-1.35.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-static-1.35.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.5 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:busybox-1.35.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-1.35.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-1.35.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-1.35.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-static-1.35.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-static-1.35.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-static-1.35.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-static-1.35.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:busybox-1.35.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-1.35.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-1.35.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-1.35.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-static-1.35.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-static-1.35.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-static-1.35.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-static-1.35.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
9.8 (Critical)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:busybox-1.35.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-1.35.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-1.35.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-1.35.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-static-1.35.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-static-1.35.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-static-1.35.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-static-1.35.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:busybox-1.35.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-1.35.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-1.35.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-1.35.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-static-1.35.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-static-1.35.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-static-1.35.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-static-1.35.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.8 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:busybox-1.35.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-1.35.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-1.35.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-1.35.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-static-1.35.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-static-1.35.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-static-1.35.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-static-1.35.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:busybox-1.35.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-1.35.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-1.35.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-1.35.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-static-1.35.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-static-1.35.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-static-1.35.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-static-1.35.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
7.8 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:busybox-1.35.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-1.35.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-1.35.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-1.35.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-static-1.35.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-static-1.35.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-static-1.35.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-static-1.35.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:busybox-1.35.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-1.35.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-1.35.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-1.35.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-static-1.35.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-static-1.35.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-static-1.35.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-static-1.35.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.6 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:busybox-1.35.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-1.35.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-1.35.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-1.35.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-static-1.35.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-static-1.35.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-static-1.35.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-static-1.35.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:busybox-1.35.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-1.35.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-1.35.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-1.35.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-static-1.35.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-static-1.35.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-static-1.35.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-static-1.35.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:busybox-1.35.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-1.35.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-1.35.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-1.35.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-static-1.35.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-static-1.35.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-static-1.35.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-static-1.35.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
7.5 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:busybox-1.35.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-1.35.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-1.35.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-1.35.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-static-1.35.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-static-1.35.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-static-1.35.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-static-1.35.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.5 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:busybox-1.35.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-1.35.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-1.35.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-1.35.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-static-1.35.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-static-1.35.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-static-1.35.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-static-1.35.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.4 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:busybox-1.35.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-1.35.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-1.35.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-1.35.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-static-1.35.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-static-1.35.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-static-1.35.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-static-1.35.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.6 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:busybox-1.35.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-1.35.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-1.35.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-1.35.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-static-1.35.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-static-1.35.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-static-1.35.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-static-1.35.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.6 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:busybox-1.35.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-1.35.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-1.35.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-1.35.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-static-1.35.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-static-1.35.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-static-1.35.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-static-1.35.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
51 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "busybox-1.35.0-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the busybox-1.35.0-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-11738",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11738-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2011-5325 page",
"url": "https://www.suse.com/security/cve/CVE-2011-5325/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-9261 page",
"url": "https://www.suse.com/security/cve/CVE-2015-9261/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-2147 page",
"url": "https://www.suse.com/security/cve/CVE-2016-2147/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-2148 page",
"url": "https://www.suse.com/security/cve/CVE-2016-2148/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-6301 page",
"url": "https://www.suse.com/security/cve/CVE-2016-6301/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-15873 page",
"url": "https://www.suse.com/security/cve/CVE-2017-15873/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-15874 page",
"url": "https://www.suse.com/security/cve/CVE-2017-15874/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-16544 page",
"url": "https://www.suse.com/security/cve/CVE-2017-16544/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1000500 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1000500/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1000517 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1000517/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-20679 page",
"url": "https://www.suse.com/security/cve/CVE-2018-20679/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5747 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5747/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-28831 page",
"url": "https://www.suse.com/security/cve/CVE-2021-28831/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-42373 page",
"url": "https://www.suse.com/security/cve/CVE-2021-42373/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-42377 page",
"url": "https://www.suse.com/security/cve/CVE-2021-42377/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-42381 page",
"url": "https://www.suse.com/security/cve/CVE-2021-42381/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-42385 page",
"url": "https://www.suse.com/security/cve/CVE-2021-42385/"
}
],
"title": "busybox-1.35.0-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:11738-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "busybox-1.35.0-1.1.aarch64",
"product": {
"name": "busybox-1.35.0-1.1.aarch64",
"product_id": "busybox-1.35.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "busybox-static-1.35.0-1.1.aarch64",
"product": {
"name": "busybox-static-1.35.0-1.1.aarch64",
"product_id": "busybox-static-1.35.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "busybox-testsuite-1.35.0-1.1.aarch64",
"product": {
"name": "busybox-testsuite-1.35.0-1.1.aarch64",
"product_id": "busybox-testsuite-1.35.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "busybox-warewulf3-1.35.0-1.1.aarch64",
"product": {
"name": "busybox-warewulf3-1.35.0-1.1.aarch64",
"product_id": "busybox-warewulf3-1.35.0-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "busybox-1.35.0-1.1.ppc64le",
"product": {
"name": "busybox-1.35.0-1.1.ppc64le",
"product_id": "busybox-1.35.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "busybox-static-1.35.0-1.1.ppc64le",
"product": {
"name": "busybox-static-1.35.0-1.1.ppc64le",
"product_id": "busybox-static-1.35.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "busybox-testsuite-1.35.0-1.1.ppc64le",
"product": {
"name": "busybox-testsuite-1.35.0-1.1.ppc64le",
"product_id": "busybox-testsuite-1.35.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "busybox-warewulf3-1.35.0-1.1.ppc64le",
"product": {
"name": "busybox-warewulf3-1.35.0-1.1.ppc64le",
"product_id": "busybox-warewulf3-1.35.0-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "busybox-1.35.0-1.1.s390x",
"product": {
"name": "busybox-1.35.0-1.1.s390x",
"product_id": "busybox-1.35.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "busybox-static-1.35.0-1.1.s390x",
"product": {
"name": "busybox-static-1.35.0-1.1.s390x",
"product_id": "busybox-static-1.35.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "busybox-testsuite-1.35.0-1.1.s390x",
"product": {
"name": "busybox-testsuite-1.35.0-1.1.s390x",
"product_id": "busybox-testsuite-1.35.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "busybox-warewulf3-1.35.0-1.1.s390x",
"product": {
"name": "busybox-warewulf3-1.35.0-1.1.s390x",
"product_id": "busybox-warewulf3-1.35.0-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "busybox-1.35.0-1.1.x86_64",
"product": {
"name": "busybox-1.35.0-1.1.x86_64",
"product_id": "busybox-1.35.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "busybox-static-1.35.0-1.1.x86_64",
"product": {
"name": "busybox-static-1.35.0-1.1.x86_64",
"product_id": "busybox-static-1.35.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "busybox-testsuite-1.35.0-1.1.x86_64",
"product": {
"name": "busybox-testsuite-1.35.0-1.1.x86_64",
"product_id": "busybox-testsuite-1.35.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "busybox-warewulf3-1.35.0-1.1.x86_64",
"product": {
"name": "busybox-warewulf3-1.35.0-1.1.x86_64",
"product_id": "busybox-warewulf3-1.35.0-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1.35.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:busybox-1.35.0-1.1.aarch64"
},
"product_reference": "busybox-1.35.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1.35.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:busybox-1.35.0-1.1.ppc64le"
},
"product_reference": "busybox-1.35.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1.35.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:busybox-1.35.0-1.1.s390x"
},
"product_reference": "busybox-1.35.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1.35.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:busybox-1.35.0-1.1.x86_64"
},
"product_reference": "busybox-1.35.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-static-1.35.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:busybox-static-1.35.0-1.1.aarch64"
},
"product_reference": "busybox-static-1.35.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-static-1.35.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:busybox-static-1.35.0-1.1.ppc64le"
},
"product_reference": "busybox-static-1.35.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-static-1.35.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:busybox-static-1.35.0-1.1.s390x"
},
"product_reference": "busybox-static-1.35.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-static-1.35.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:busybox-static-1.35.0-1.1.x86_64"
},
"product_reference": "busybox-static-1.35.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-testsuite-1.35.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.aarch64"
},
"product_reference": "busybox-testsuite-1.35.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-testsuite-1.35.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.ppc64le"
},
"product_reference": "busybox-testsuite-1.35.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-testsuite-1.35.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.s390x"
},
"product_reference": "busybox-testsuite-1.35.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-testsuite-1.35.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.x86_64"
},
"product_reference": "busybox-testsuite-1.35.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-warewulf3-1.35.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.aarch64"
},
"product_reference": "busybox-warewulf3-1.35.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-warewulf3-1.35.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.ppc64le"
},
"product_reference": "busybox-warewulf3-1.35.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-warewulf3-1.35.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.s390x"
},
"product_reference": "busybox-warewulf3-1.35.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-warewulf3-1.35.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.x86_64"
},
"product_reference": "busybox-warewulf3-1.35.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2011-5325",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2011-5325"
}
],
"notes": [
{
"category": "general",
"text": "Directory traversal vulnerability in the BusyBox implementation of tar before 1.22.0 v5 allows remote attackers to point to files outside the current working directory via a symlink.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:busybox-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2011-5325",
"url": "https://www.suse.com/security/cve/CVE-2011-5325"
},
{
"category": "external",
"summary": "SUSE Bug 951562 for CVE-2011-5325",
"url": "https://bugzilla.suse.com/951562"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:busybox-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:busybox-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2011-5325"
},
{
"cve": "CVE-2015-9261",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-9261"
}
],
"notes": [
{
"category": "general",
"text": "huft_build in archival/libarchive/decompress_gunzip.c in BusyBox before 1.27.2 misuses a pointer, causing segfaults and an application crash during an unzip operation on a specially crafted ZIP file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:busybox-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-9261",
"url": "https://www.suse.com/security/cve/CVE-2015-9261"
},
{
"category": "external",
"summary": "SUSE Bug 1102912 for CVE-2015-9261",
"url": "https://bugzilla.suse.com/1102912"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:busybox-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:busybox-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2015-9261"
},
{
"cve": "CVE-2016-2147",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-2147"
}
],
"notes": [
{
"category": "general",
"text": "Integer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to cause a denial of service (crash) via a malformed RFC1035-encoded domain name, which triggers an out-of-bounds heap write.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:busybox-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-2147",
"url": "https://www.suse.com/security/cve/CVE-2016-2147"
},
{
"category": "external",
"summary": "SUSE Bug 970663 for CVE-2016-2147",
"url": "https://bugzilla.suse.com/970663"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:busybox-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:busybox-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2016-2147"
},
{
"cve": "CVE-2016-2148",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-2148"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based buffer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to have unspecified impact via vectors involving OPTION_6RD parsing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:busybox-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-2148",
"url": "https://www.suse.com/security/cve/CVE-2016-2148"
},
{
"category": "external",
"summary": "SUSE Bug 970662 for CVE-2016-2148",
"url": "https://bugzilla.suse.com/970662"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:busybox-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:busybox-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-2148"
},
{
"cve": "CVE-2016-6301",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-6301"
}
],
"notes": [
{
"category": "general",
"text": "The recv_and_process_client_pkt function in networking/ntpd.c in busybox allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged NTP packet, which triggers a communication loop.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:busybox-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-6301",
"url": "https://www.suse.com/security/cve/CVE-2016-6301"
},
{
"category": "external",
"summary": "SUSE Bug 991940 for CVE-2016-6301",
"url": "https://bugzilla.suse.com/991940"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:busybox-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:busybox-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-6301"
},
{
"cve": "CVE-2017-15873",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-15873"
}
],
"notes": [
{
"category": "general",
"text": "The get_next_block function in archival/libarchive/decompress_bunzip2.c in BusyBox 1.27.2 has an Integer Overflow that may lead to a write access violation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:busybox-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-15873",
"url": "https://www.suse.com/security/cve/CVE-2017-15873"
},
{
"category": "external",
"summary": "SUSE Bug 1064976 for CVE-2017-15873",
"url": "https://bugzilla.suse.com/1064976"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:busybox-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:busybox-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-15873"
},
{
"cve": "CVE-2017-15874",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-15874"
}
],
"notes": [
{
"category": "general",
"text": "archival/libarchive/decompress_unlzma.c in BusyBox 1.27.2 has an Integer Underflow that leads to a read access violation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:busybox-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-15874",
"url": "https://www.suse.com/security/cve/CVE-2017-15874"
},
{
"category": "external",
"summary": "SUSE Bug 1064978 for CVE-2017-15874",
"url": "https://bugzilla.suse.com/1064978"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:busybox-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:busybox-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2017-15874"
},
{
"cve": "CVE-2017-16544",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-16544"
}
],
"notes": [
{
"category": "general",
"text": "In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:busybox-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-16544",
"url": "https://www.suse.com/security/cve/CVE-2017-16544"
},
{
"category": "external",
"summary": "SUSE Bug 1069412 for CVE-2017-16544",
"url": "https://bugzilla.suse.com/1069412"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:busybox-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:busybox-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-16544"
},
{
"cve": "CVE-2018-1000500",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1000500"
}
],
"notes": [
{
"category": "general",
"text": "Busybox contains a Missing SSL certificate validation vulnerability in The \"busybox wget\" applet that can result in arbitrary code execution. This attack appear to be exploitable via Simply download any file over HTTPS using \"busybox wget https://compromised-domain.com/important-file\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:busybox-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1000500",
"url": "https://www.suse.com/security/cve/CVE-2018-1000500"
},
{
"category": "external",
"summary": "SUSE Bug 1099263 for CVE-2018-1000500",
"url": "https://bugzilla.suse.com/1099263"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:busybox-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:busybox-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-1000500"
},
{
"cve": "CVE-2018-1000517",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1000517"
}
],
"notes": [
{
"category": "general",
"text": "BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e contains a Buffer Overflow vulnerability in Busybox wget that can result in heap buffer overflow. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in after commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:busybox-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1000517",
"url": "https://www.suse.com/security/cve/CVE-2018-1000517"
},
{
"category": "external",
"summary": "SUSE Bug 1099260 for CVE-2018-1000517",
"url": "https://bugzilla.suse.com/1099260"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:busybox-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:busybox-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-1000517"
},
{
"cve": "CVE-2018-20679",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-20679"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in BusyBox before 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP server, client, and relay) allows a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to verification in udhcp_get_option() in networking/udhcp/common.c that 4-byte options are indeed 4 bytes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:busybox-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-20679",
"url": "https://www.suse.com/security/cve/CVE-2018-20679"
},
{
"category": "external",
"summary": "SUSE Bug 1121426 for CVE-2018-20679",
"url": "https://bugzilla.suse.com/1121426"
},
{
"category": "external",
"summary": "SUSE Bug 1121428 for CVE-2018-20679",
"url": "https://bugzilla.suse.com/1121428"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:busybox-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:busybox-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-20679"
},
{
"cve": "CVE-2019-5747",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5747"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in BusyBox through 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP client, server, and/or relay) might allow a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to assurance of a 4-byte length when decoding DHCP_SUBNET. NOTE: this issue exists because of an incomplete fix for CVE-2018-20679.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:busybox-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5747",
"url": "https://www.suse.com/security/cve/CVE-2019-5747"
},
{
"category": "external",
"summary": "SUSE Bug 1121426 for CVE-2019-5747",
"url": "https://bugzilla.suse.com/1121426"
},
{
"category": "external",
"summary": "SUSE Bug 1121428 for CVE-2019-5747",
"url": "https://bugzilla.suse.com/1121428"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:busybox-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:busybox-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2019-5747"
},
{
"cve": "CVE-2021-28831",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-28831"
}
],
"notes": [
{
"category": "general",
"text": "decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:busybox-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-28831",
"url": "https://www.suse.com/security/cve/CVE-2021-28831"
},
{
"category": "external",
"summary": "SUSE Bug 1184522 for CVE-2021-28831",
"url": "https://bugzilla.suse.com/1184522"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:busybox-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:busybox-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-28831"
},
{
"cve": "CVE-2021-42373",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-42373"
}
],
"notes": [
{
"category": "general",
"text": "A NULL pointer dereference in Busybox\u0027s man applet leads to denial of service when a section name is supplied but no page argument is given",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:busybox-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-42373",
"url": "https://www.suse.com/security/cve/CVE-2021-42373"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:busybox-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:busybox-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-42373"
},
{
"cve": "CVE-2021-42377",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-42377"
}
],
"notes": [
{
"category": "general",
"text": "An attacker-controlled pointer free in Busybox\u0027s hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the \u0026\u0026\u0026 string. This may be used for remote code execution under rare conditions of filtered command input.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:busybox-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-42377",
"url": "https://www.suse.com/security/cve/CVE-2021-42377"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:busybox-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:busybox-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-42377"
},
{
"cve": "CVE-2021-42381",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-42381"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free in Busybox\u0027s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the hash_init function",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:busybox-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-42381",
"url": "https://www.suse.com/security/cve/CVE-2021-42381"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:busybox-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:busybox-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-42381"
},
{
"cve": "CVE-2021-42385",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-42385"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free in Busybox\u0027s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:busybox-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-42385",
"url": "https://www.suse.com/security/cve/CVE-2021-42385"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:busybox-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:busybox-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-static-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-testsuite-1.35.0-1.1.x86_64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.aarch64",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.ppc64le",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.s390x",
"openSUSE Tumbleweed:busybox-warewulf3-1.35.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-42385"
}
]
}
SUSE-SU-2021:3531-1
Vulnerability from csaf_suse - Published: 2021-10-27 08:08 - Updated: 2021-10-27 08:08Summary
Security update for busybox
Severity
Important
Notes
Title of the patch: Security update for busybox
Description of the patch: This update for busybox fixes the following issues:
- CVE-2021-28831: Fixed invalid free or segmentation fault via malformed gzip data (bsc#1184522).
- CVE-2018-20679: Fixed out of bounds read in udhcp (bsc#1121426).
- CVE-2018-1000517: Fixed buffer overflow in the retrieve_file_data() (bsc#1099260).
- CVE-2011-5325: Fixed a directory traversal related to 'tar' command (bsc#951562).
- CVE-2018-1000500: Fixed missing SSL certificate validation related to the 'wget' command (bsc#1099263).
Patchnames: SUSE-2021-3531,SUSE-SLE-Module-Basesystem-15-SP2-2021-3531,SUSE-SLE-Module-Basesystem-15-SP3-2021-3531,SUSE-SLE-Product-HPC-15-2021-3531,SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-3531,SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-3531,SUSE-SLE-Product-SLES-15-2021-3531,SUSE-SLE-Product-SLES-15-SP1-BCL-2021-3531,SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-3531,SUSE-SLE-Product-SLES_SAP-15-2021-3531,SUSE-SLE-Product-SLES_SAP-15-SP1-2021-3531,SUSE-Storage-6-2021-3531
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
52 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 6:busybox-1.26.2-4.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 6:busybox-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 6:busybox-static-1.26.2-4.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 6:busybox-static-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:busybox-1.26.2-4.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:busybox-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:busybox-static-1.26.2-4.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:busybox-static-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:busybox-1.26.2-4.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:busybox-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:busybox-1.26.2-4.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:busybox-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:busybox-1.26.2-4.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:busybox-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-1.26.2-4.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-1.26.2-4.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-1.26.2-4.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-static-1.26.2-4.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-static-1.26.2-4.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-static-1.26.2-4.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-static-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-1.26.2-4.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-1.26.2-4.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-1.26.2-4.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-static-1.26.2-4.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-static-1.26.2-4.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-static-1.26.2-4.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-static-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:busybox-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:busybox-static-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-1.26.2-4.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-1.26.2-4.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-1.26.2-4.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:busybox-1.26.2-4.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:busybox-1.26.2-4.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:busybox-1.26.2-4.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:busybox-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:busybox-1.26.2-4.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:busybox-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:busybox-static-1.26.2-4.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:busybox-static-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:busybox-1.26.2-4.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:busybox-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
52 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 6:busybox-1.26.2-4.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 6:busybox-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 6:busybox-static-1.26.2-4.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 6:busybox-static-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:busybox-1.26.2-4.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:busybox-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:busybox-static-1.26.2-4.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:busybox-static-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:busybox-1.26.2-4.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:busybox-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:busybox-1.26.2-4.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:busybox-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:busybox-1.26.2-4.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:busybox-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-1.26.2-4.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-1.26.2-4.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-1.26.2-4.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-static-1.26.2-4.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-static-1.26.2-4.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-static-1.26.2-4.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-static-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-1.26.2-4.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-1.26.2-4.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-1.26.2-4.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-static-1.26.2-4.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-static-1.26.2-4.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-static-1.26.2-4.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-static-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:busybox-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:busybox-static-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-1.26.2-4.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-1.26.2-4.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-1.26.2-4.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:busybox-1.26.2-4.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:busybox-1.26.2-4.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:busybox-1.26.2-4.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:busybox-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:busybox-1.26.2-4.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:busybox-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:busybox-static-1.26.2-4.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:busybox-static-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:busybox-1.26.2-4.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:busybox-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.6 (Medium)
Affected products
Recommended
52 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 6:busybox-1.26.2-4.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 6:busybox-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 6:busybox-static-1.26.2-4.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 6:busybox-static-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:busybox-1.26.2-4.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:busybox-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:busybox-static-1.26.2-4.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:busybox-static-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:busybox-1.26.2-4.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:busybox-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:busybox-1.26.2-4.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:busybox-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:busybox-1.26.2-4.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:busybox-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-1.26.2-4.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-1.26.2-4.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-1.26.2-4.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-static-1.26.2-4.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-static-1.26.2-4.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-static-1.26.2-4.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-static-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-1.26.2-4.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-1.26.2-4.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-1.26.2-4.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-static-1.26.2-4.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-static-1.26.2-4.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-static-1.26.2-4.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-static-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:busybox-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:busybox-static-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-1.26.2-4.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-1.26.2-4.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-1.26.2-4.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:busybox-1.26.2-4.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:busybox-1.26.2-4.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:busybox-1.26.2-4.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:busybox-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:busybox-1.26.2-4.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:busybox-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:busybox-static-1.26.2-4.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:busybox-static-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:busybox-1.26.2-4.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:busybox-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
52 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 6:busybox-1.26.2-4.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 6:busybox-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 6:busybox-static-1.26.2-4.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 6:busybox-static-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:busybox-1.26.2-4.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:busybox-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:busybox-static-1.26.2-4.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:busybox-static-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:busybox-1.26.2-4.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:busybox-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:busybox-1.26.2-4.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:busybox-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:busybox-1.26.2-4.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:busybox-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-1.26.2-4.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-1.26.2-4.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-1.26.2-4.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-static-1.26.2-4.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-static-1.26.2-4.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-static-1.26.2-4.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-static-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-1.26.2-4.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-1.26.2-4.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-1.26.2-4.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-static-1.26.2-4.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-static-1.26.2-4.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-static-1.26.2-4.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-static-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:busybox-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:busybox-static-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-1.26.2-4.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-1.26.2-4.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-1.26.2-4.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:busybox-1.26.2-4.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:busybox-1.26.2-4.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:busybox-1.26.2-4.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:busybox-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:busybox-1.26.2-4.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:busybox-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:busybox-static-1.26.2-4.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:busybox-static-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:busybox-1.26.2-4.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:busybox-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
52 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 6:busybox-1.26.2-4.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 6:busybox-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 6:busybox-static-1.26.2-4.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 6:busybox-static-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:busybox-1.26.2-4.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:busybox-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:busybox-static-1.26.2-4.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:busybox-static-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:busybox-1.26.2-4.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:busybox-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:busybox-1.26.2-4.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:busybox-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:busybox-1.26.2-4.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:busybox-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-1.26.2-4.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-1.26.2-4.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-1.26.2-4.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-static-1.26.2-4.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-static-1.26.2-4.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-static-1.26.2-4.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-static-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-1.26.2-4.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-1.26.2-4.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-1.26.2-4.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-static-1.26.2-4.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-static-1.26.2-4.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-static-1.26.2-4.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-static-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:busybox-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:busybox-static-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-1.26.2-4.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-1.26.2-4.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-1.26.2-4.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:busybox-1.26.2-4.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:busybox-1.26.2-4.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:busybox-1.26.2-4.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:busybox-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:busybox-1.26.2-4.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:busybox-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:busybox-static-1.26.2-4.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:busybox-static-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:busybox-1.26.2-4.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:busybox-1.26.2-4.5.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
25 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for busybox",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for busybox fixes the following issues:\n\n- CVE-2021-28831: Fixed invalid free or segmentation fault via malformed gzip data (bsc#1184522).\n- CVE-2018-20679: Fixed out of bounds read in udhcp (bsc#1121426).\n- CVE-2018-1000517: Fixed buffer overflow in the retrieve_file_data() (bsc#1099260).\n- CVE-2011-5325: Fixed a directory traversal related to \u0027tar\u0027 command (bsc#951562).\n- CVE-2018-1000500: Fixed missing SSL certificate validation related to the \u0027wget\u0027 command (bsc#1099263).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2021-3531,SUSE-SLE-Module-Basesystem-15-SP2-2021-3531,SUSE-SLE-Module-Basesystem-15-SP3-2021-3531,SUSE-SLE-Product-HPC-15-2021-3531,SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-3531,SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-3531,SUSE-SLE-Product-SLES-15-2021-3531,SUSE-SLE-Product-SLES-15-SP1-BCL-2021-3531,SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-3531,SUSE-SLE-Product-SLES_SAP-15-2021-3531,SUSE-SLE-Product-SLES_SAP-15-SP1-2021-3531,SUSE-Storage-6-2021-3531",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2021_3531-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2021:3531-1",
"url": "https://www.suse.com/support/update/announcement/2021/suse-su-20213531-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2021:3531-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-October/009658.html"
},
{
"category": "self",
"summary": "SUSE Bug 1099260",
"url": "https://bugzilla.suse.com/1099260"
},
{
"category": "self",
"summary": "SUSE Bug 1099263",
"url": "https://bugzilla.suse.com/1099263"
},
{
"category": "self",
"summary": "SUSE Bug 1121426",
"url": "https://bugzilla.suse.com/1121426"
},
{
"category": "self",
"summary": "SUSE Bug 1184522",
"url": "https://bugzilla.suse.com/1184522"
},
{
"category": "self",
"summary": "SUSE Bug 951562",
"url": "https://bugzilla.suse.com/951562"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2011-5325 page",
"url": "https://www.suse.com/security/cve/CVE-2011-5325/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1000500 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1000500/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1000517 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1000517/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-20679 page",
"url": "https://www.suse.com/security/cve/CVE-2018-20679/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-28831 page",
"url": "https://www.suse.com/security/cve/CVE-2021-28831/"
}
],
"title": "Security update for busybox",
"tracking": {
"current_release_date": "2021-10-27T08:08:18Z",
"generator": {
"date": "2021-10-27T08:08:18Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2021:3531-1",
"initial_release_date": "2021-10-27T08:08:18Z",
"revision_history": [
{
"date": "2021-10-27T08:08:18Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "busybox-1.26.2-4.5.1.aarch64",
"product": {
"name": "busybox-1.26.2-4.5.1.aarch64",
"product_id": "busybox-1.26.2-4.5.1.aarch64"
}
},
{
"category": "product_version",
"name": "busybox-static-1.26.2-4.5.1.aarch64",
"product": {
"name": "busybox-static-1.26.2-4.5.1.aarch64",
"product_id": "busybox-static-1.26.2-4.5.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "busybox-1.26.2-4.5.1.i586",
"product": {
"name": "busybox-1.26.2-4.5.1.i586",
"product_id": "busybox-1.26.2-4.5.1.i586"
}
},
{
"category": "product_version",
"name": "busybox-static-1.26.2-4.5.1.i586",
"product": {
"name": "busybox-static-1.26.2-4.5.1.i586",
"product_id": "busybox-static-1.26.2-4.5.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "busybox-1.26.2-4.5.1.ppc64le",
"product": {
"name": "busybox-1.26.2-4.5.1.ppc64le",
"product_id": "busybox-1.26.2-4.5.1.ppc64le"
}
},
{
"category": "product_version",
"name": "busybox-static-1.26.2-4.5.1.ppc64le",
"product": {
"name": "busybox-static-1.26.2-4.5.1.ppc64le",
"product_id": "busybox-static-1.26.2-4.5.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "busybox-1.26.2-4.5.1.s390x",
"product": {
"name": "busybox-1.26.2-4.5.1.s390x",
"product_id": "busybox-1.26.2-4.5.1.s390x"
}
},
{
"category": "product_version",
"name": "busybox-static-1.26.2-4.5.1.s390x",
"product": {
"name": "busybox-static-1.26.2-4.5.1.s390x",
"product_id": "busybox-static-1.26.2-4.5.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "busybox-1.26.2-4.5.1.x86_64",
"product": {
"name": "busybox-1.26.2-4.5.1.x86_64",
"product_id": "busybox-1.26.2-4.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "busybox-static-1.26.2-4.5.1.x86_64",
"product": {
"name": "busybox-static-1.26.2-4.5.1.x86_64",
"product_id": "busybox-static-1.26.2-4.5.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP1-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP1-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP1-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_bcl:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 6",
"product": {
"name": "SUSE Enterprise Storage 6",
"product_id": "SUSE Enterprise Storage 6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1.26.2-4.5.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-1.26.2-4.5.1.aarch64"
},
"product_reference": "busybox-1.26.2-4.5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1.26.2-4.5.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-1.26.2-4.5.1.ppc64le"
},
"product_reference": "busybox-1.26.2-4.5.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1.26.2-4.5.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-1.26.2-4.5.1.s390x"
},
"product_reference": "busybox-1.26.2-4.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1.26.2-4.5.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-1.26.2-4.5.1.x86_64"
},
"product_reference": "busybox-1.26.2-4.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-static-1.26.2-4.5.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-static-1.26.2-4.5.1.aarch64"
},
"product_reference": "busybox-static-1.26.2-4.5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-static-1.26.2-4.5.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-static-1.26.2-4.5.1.ppc64le"
},
"product_reference": "busybox-static-1.26.2-4.5.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-static-1.26.2-4.5.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-static-1.26.2-4.5.1.s390x"
},
"product_reference": "busybox-static-1.26.2-4.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-static-1.26.2-4.5.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-static-1.26.2-4.5.1.x86_64"
},
"product_reference": "busybox-static-1.26.2-4.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1.26.2-4.5.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-1.26.2-4.5.1.aarch64"
},
"product_reference": "busybox-1.26.2-4.5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1.26.2-4.5.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-1.26.2-4.5.1.ppc64le"
},
"product_reference": "busybox-1.26.2-4.5.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1.26.2-4.5.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-1.26.2-4.5.1.s390x"
},
"product_reference": "busybox-1.26.2-4.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1.26.2-4.5.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-1.26.2-4.5.1.x86_64"
},
"product_reference": "busybox-1.26.2-4.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-static-1.26.2-4.5.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-static-1.26.2-4.5.1.aarch64"
},
"product_reference": "busybox-static-1.26.2-4.5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-static-1.26.2-4.5.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-static-1.26.2-4.5.1.ppc64le"
},
"product_reference": "busybox-static-1.26.2-4.5.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-static-1.26.2-4.5.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-static-1.26.2-4.5.1.s390x"
},
"product_reference": "busybox-static-1.26.2-4.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-static-1.26.2-4.5.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-static-1.26.2-4.5.1.x86_64"
},
"product_reference": "busybox-static-1.26.2-4.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1.26.2-4.5.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS:busybox-1.26.2-4.5.1.aarch64"
},
"product_reference": "busybox-1.26.2-4.5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1.26.2-4.5.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS:busybox-1.26.2-4.5.1.x86_64"
},
"product_reference": "busybox-1.26.2-4.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1.26.2-4.5.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS:busybox-1.26.2-4.5.1.aarch64"
},
"product_reference": "busybox-1.26.2-4.5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1.26.2-4.5.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS:busybox-1.26.2-4.5.1.x86_64"
},
"product_reference": "busybox-1.26.2-4.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1.26.2-4.5.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:busybox-1.26.2-4.5.1.aarch64"
},
"product_reference": "busybox-1.26.2-4.5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1.26.2-4.5.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:busybox-1.26.2-4.5.1.x86_64"
},
"product_reference": "busybox-1.26.2-4.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-static-1.26.2-4.5.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:busybox-static-1.26.2-4.5.1.aarch64"
},
"product_reference": "busybox-static-1.26.2-4.5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-static-1.26.2-4.5.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:busybox-static-1.26.2-4.5.1.x86_64"
},
"product_reference": "busybox-static-1.26.2-4.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1.26.2-4.5.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:busybox-1.26.2-4.5.1.aarch64"
},
"product_reference": "busybox-1.26.2-4.5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1.26.2-4.5.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:busybox-1.26.2-4.5.1.x86_64"
},
"product_reference": "busybox-1.26.2-4.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-static-1.26.2-4.5.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.aarch64"
},
"product_reference": "busybox-static-1.26.2-4.5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-static-1.26.2-4.5.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.x86_64"
},
"product_reference": "busybox-static-1.26.2-4.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1.26.2-4.5.1.aarch64 as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:busybox-1.26.2-4.5.1.aarch64"
},
"product_reference": "busybox-1.26.2-4.5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1.26.2-4.5.1.ppc64le as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:busybox-1.26.2-4.5.1.ppc64le"
},
"product_reference": "busybox-1.26.2-4.5.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1.26.2-4.5.1.s390x as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:busybox-1.26.2-4.5.1.s390x"
},
"product_reference": "busybox-1.26.2-4.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1.26.2-4.5.1.x86_64 as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:busybox-1.26.2-4.5.1.x86_64"
},
"product_reference": "busybox-1.26.2-4.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1.26.2-4.5.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP1-BCL:busybox-1.26.2-4.5.1.x86_64"
},
"product_reference": "busybox-1.26.2-4.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-static-1.26.2-4.5.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP1-BCL:busybox-static-1.26.2-4.5.1.x86_64"
},
"product_reference": "busybox-static-1.26.2-4.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1.26.2-4.5.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-1.26.2-4.5.1.aarch64"
},
"product_reference": "busybox-1.26.2-4.5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1.26.2-4.5.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-1.26.2-4.5.1.ppc64le"
},
"product_reference": "busybox-1.26.2-4.5.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1.26.2-4.5.1.s390x as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-1.26.2-4.5.1.s390x"
},
"product_reference": "busybox-1.26.2-4.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1.26.2-4.5.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-1.26.2-4.5.1.x86_64"
},
"product_reference": "busybox-1.26.2-4.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-static-1.26.2-4.5.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.aarch64"
},
"product_reference": "busybox-static-1.26.2-4.5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-static-1.26.2-4.5.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.ppc64le"
},
"product_reference": "busybox-static-1.26.2-4.5.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-static-1.26.2-4.5.1.s390x as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.s390x"
},
"product_reference": "busybox-static-1.26.2-4.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-static-1.26.2-4.5.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.x86_64"
},
"product_reference": "busybox-static-1.26.2-4.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1.26.2-4.5.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15:busybox-1.26.2-4.5.1.ppc64le"
},
"product_reference": "busybox-1.26.2-4.5.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1.26.2-4.5.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15:busybox-1.26.2-4.5.1.x86_64"
},
"product_reference": "busybox-1.26.2-4.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1.26.2-4.5.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:busybox-1.26.2-4.5.1.ppc64le"
},
"product_reference": "busybox-1.26.2-4.5.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1.26.2-4.5.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:busybox-1.26.2-4.5.1.x86_64"
},
"product_reference": "busybox-1.26.2-4.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-static-1.26.2-4.5.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:busybox-static-1.26.2-4.5.1.ppc64le"
},
"product_reference": "busybox-static-1.26.2-4.5.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-static-1.26.2-4.5.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:busybox-static-1.26.2-4.5.1.x86_64"
},
"product_reference": "busybox-static-1.26.2-4.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1.26.2-4.5.1.aarch64 as component of SUSE Enterprise Storage 6",
"product_id": "SUSE Enterprise Storage 6:busybox-1.26.2-4.5.1.aarch64"
},
"product_reference": "busybox-1.26.2-4.5.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1.26.2-4.5.1.x86_64 as component of SUSE Enterprise Storage 6",
"product_id": "SUSE Enterprise Storage 6:busybox-1.26.2-4.5.1.x86_64"
},
"product_reference": "busybox-1.26.2-4.5.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-static-1.26.2-4.5.1.aarch64 as component of SUSE Enterprise Storage 6",
"product_id": "SUSE Enterprise Storage 6:busybox-static-1.26.2-4.5.1.aarch64"
},
"product_reference": "busybox-static-1.26.2-4.5.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-static-1.26.2-4.5.1.x86_64 as component of SUSE Enterprise Storage 6",
"product_id": "SUSE Enterprise Storage 6:busybox-static-1.26.2-4.5.1.x86_64"
},
"product_reference": "busybox-static-1.26.2-4.5.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2011-5325",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2011-5325"
}
],
"notes": [
{
"category": "general",
"text": "Directory traversal vulnerability in the BusyBox implementation of tar before 1.22.0 v5 allows remote attackers to point to files outside the current working directory via a symlink.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 6:busybox-1.26.2-4.5.1.aarch64",
"SUSE Enterprise Storage 6:busybox-1.26.2-4.5.1.x86_64",
"SUSE Enterprise Storage 6:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Enterprise Storage 6:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-static-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-static-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-static-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-static-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:busybox-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:busybox-static-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:busybox-1.26.2-4.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2011-5325",
"url": "https://www.suse.com/security/cve/CVE-2011-5325"
},
{
"category": "external",
"summary": "SUSE Bug 951562 for CVE-2011-5325",
"url": "https://bugzilla.suse.com/951562"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 6:busybox-1.26.2-4.5.1.aarch64",
"SUSE Enterprise Storage 6:busybox-1.26.2-4.5.1.x86_64",
"SUSE Enterprise Storage 6:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Enterprise Storage 6:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-static-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-static-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-static-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-static-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:busybox-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:busybox-static-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:busybox-1.26.2-4.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 6:busybox-1.26.2-4.5.1.aarch64",
"SUSE Enterprise Storage 6:busybox-1.26.2-4.5.1.x86_64",
"SUSE Enterprise Storage 6:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Enterprise Storage 6:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-static-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-static-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-static-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-static-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:busybox-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:busybox-static-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:busybox-1.26.2-4.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-10-27T08:08:18Z",
"details": "moderate"
}
],
"title": "CVE-2011-5325"
},
{
"cve": "CVE-2018-1000500",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1000500"
}
],
"notes": [
{
"category": "general",
"text": "Busybox contains a Missing SSL certificate validation vulnerability in The \"busybox wget\" applet that can result in arbitrary code execution. This attack appear to be exploitable via Simply download any file over HTTPS using \"busybox wget https://compromised-domain.com/important-file\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 6:busybox-1.26.2-4.5.1.aarch64",
"SUSE Enterprise Storage 6:busybox-1.26.2-4.5.1.x86_64",
"SUSE Enterprise Storage 6:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Enterprise Storage 6:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-static-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-static-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-static-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-static-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:busybox-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:busybox-static-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:busybox-1.26.2-4.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1000500",
"url": "https://www.suse.com/security/cve/CVE-2018-1000500"
},
{
"category": "external",
"summary": "SUSE Bug 1099263 for CVE-2018-1000500",
"url": "https://bugzilla.suse.com/1099263"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 6:busybox-1.26.2-4.5.1.aarch64",
"SUSE Enterprise Storage 6:busybox-1.26.2-4.5.1.x86_64",
"SUSE Enterprise Storage 6:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Enterprise Storage 6:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-static-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-static-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-static-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-static-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:busybox-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:busybox-static-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:busybox-1.26.2-4.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 6:busybox-1.26.2-4.5.1.aarch64",
"SUSE Enterprise Storage 6:busybox-1.26.2-4.5.1.x86_64",
"SUSE Enterprise Storage 6:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Enterprise Storage 6:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-static-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-static-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-static-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-static-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:busybox-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:busybox-static-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:busybox-1.26.2-4.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-10-27T08:08:18Z",
"details": "important"
}
],
"title": "CVE-2018-1000500"
},
{
"cve": "CVE-2018-1000517",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1000517"
}
],
"notes": [
{
"category": "general",
"text": "BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e contains a Buffer Overflow vulnerability in Busybox wget that can result in heap buffer overflow. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in after commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 6:busybox-1.26.2-4.5.1.aarch64",
"SUSE Enterprise Storage 6:busybox-1.26.2-4.5.1.x86_64",
"SUSE Enterprise Storage 6:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Enterprise Storage 6:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-static-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-static-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-static-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-static-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:busybox-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:busybox-static-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:busybox-1.26.2-4.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1000517",
"url": "https://www.suse.com/security/cve/CVE-2018-1000517"
},
{
"category": "external",
"summary": "SUSE Bug 1099260 for CVE-2018-1000517",
"url": "https://bugzilla.suse.com/1099260"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 6:busybox-1.26.2-4.5.1.aarch64",
"SUSE Enterprise Storage 6:busybox-1.26.2-4.5.1.x86_64",
"SUSE Enterprise Storage 6:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Enterprise Storage 6:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-static-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-static-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-static-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-static-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:busybox-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:busybox-static-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:busybox-1.26.2-4.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 6:busybox-1.26.2-4.5.1.aarch64",
"SUSE Enterprise Storage 6:busybox-1.26.2-4.5.1.x86_64",
"SUSE Enterprise Storage 6:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Enterprise Storage 6:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-static-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-static-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-static-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-static-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:busybox-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:busybox-static-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:busybox-1.26.2-4.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-10-27T08:08:18Z",
"details": "important"
}
],
"title": "CVE-2018-1000517"
},
{
"cve": "CVE-2018-20679",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-20679"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in BusyBox before 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP server, client, and relay) allows a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to verification in udhcp_get_option() in networking/udhcp/common.c that 4-byte options are indeed 4 bytes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 6:busybox-1.26.2-4.5.1.aarch64",
"SUSE Enterprise Storage 6:busybox-1.26.2-4.5.1.x86_64",
"SUSE Enterprise Storage 6:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Enterprise Storage 6:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-static-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-static-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-static-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-static-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:busybox-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:busybox-static-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:busybox-1.26.2-4.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-20679",
"url": "https://www.suse.com/security/cve/CVE-2018-20679"
},
{
"category": "external",
"summary": "SUSE Bug 1121426 for CVE-2018-20679",
"url": "https://bugzilla.suse.com/1121426"
},
{
"category": "external",
"summary": "SUSE Bug 1121428 for CVE-2018-20679",
"url": "https://bugzilla.suse.com/1121428"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 6:busybox-1.26.2-4.5.1.aarch64",
"SUSE Enterprise Storage 6:busybox-1.26.2-4.5.1.x86_64",
"SUSE Enterprise Storage 6:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Enterprise Storage 6:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-static-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-static-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-static-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-static-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:busybox-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:busybox-static-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:busybox-1.26.2-4.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 6:busybox-1.26.2-4.5.1.aarch64",
"SUSE Enterprise Storage 6:busybox-1.26.2-4.5.1.x86_64",
"SUSE Enterprise Storage 6:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Enterprise Storage 6:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-static-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-static-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-static-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-static-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:busybox-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:busybox-static-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:busybox-1.26.2-4.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-10-27T08:08:18Z",
"details": "moderate"
}
],
"title": "CVE-2018-20679"
},
{
"cve": "CVE-2021-28831",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-28831"
}
],
"notes": [
{
"category": "general",
"text": "decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 6:busybox-1.26.2-4.5.1.aarch64",
"SUSE Enterprise Storage 6:busybox-1.26.2-4.5.1.x86_64",
"SUSE Enterprise Storage 6:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Enterprise Storage 6:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-static-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-static-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-static-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-static-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:busybox-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:busybox-static-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:busybox-1.26.2-4.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-28831",
"url": "https://www.suse.com/security/cve/CVE-2021-28831"
},
{
"category": "external",
"summary": "SUSE Bug 1184522 for CVE-2021-28831",
"url": "https://bugzilla.suse.com/1184522"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 6:busybox-1.26.2-4.5.1.aarch64",
"SUSE Enterprise Storage 6:busybox-1.26.2-4.5.1.x86_64",
"SUSE Enterprise Storage 6:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Enterprise Storage 6:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-static-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-static-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-static-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-static-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:busybox-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:busybox-static-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:busybox-1.26.2-4.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 6:busybox-1.26.2-4.5.1.aarch64",
"SUSE Enterprise Storage 6:busybox-1.26.2-4.5.1.x86_64",
"SUSE Enterprise Storage 6:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Enterprise Storage 6:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-static-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-static-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-static-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-static-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:busybox-1.26.2-4.5.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:busybox-1.26.2-4.5.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:busybox-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:busybox-static-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:busybox-static-1.26.2-4.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:busybox-1.26.2-4.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:busybox-1.26.2-4.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-10-27T08:08:18Z",
"details": "important"
}
],
"title": "CVE-2021-28831"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…