Bugzilla – Bug 1099260
VUL-0: CVE-2018-1000517:busybox: Heap-based buffer overflow in the retrieve_file_data() function
Last modified: 2022-11-28 20:23:22 UTC
BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e contains a Buffer Overflow vulnerability in Busybox wget that can result in heap buffer overflow. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in after commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e. https://git.busybox.net/busybox/commit/?id=8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e
openSUSE-SU-2021:3531-1: An update that fixes 5 vulnerabilities is now available. Category: security (important) Bug References: 1099260,1099263,1121426,1184522,951562 CVE References: CVE-2011-5325,CVE-2018-1000500,CVE-2018-1000517,CVE-2018-20679,CVE-2021-28831 JIRA References: Sources used: openSUSE Leap 15.3 (src): busybox-1.26.2-4.5.1, busybox-static-1.26.2-4.5.1
SUSE-SU-2021:3531-1: An update that fixes 5 vulnerabilities is now available. Category: security (important) Bug References: 1099260,1099263,1121426,1184522,951562 CVE References: CVE-2011-5325,CVE-2018-1000500,CVE-2018-1000517,CVE-2018-20679,CVE-2021-28831 JIRA References: Sources used: SUSE Linux Enterprise Server for SAP 15-SP1 (src): busybox-1.26.2-4.5.1, busybox-static-1.26.2-4.5.1 SUSE Linux Enterprise Server for SAP 15 (src): busybox-1.26.2-4.5.1 SUSE Linux Enterprise Server 15-SP1-LTSS (src): busybox-1.26.2-4.5.1, busybox-static-1.26.2-4.5.1 SUSE Linux Enterprise Server 15-SP1-BCL (src): busybox-1.26.2-4.5.1, busybox-static-1.26.2-4.5.1 SUSE Linux Enterprise Server 15-LTSS (src): busybox-1.26.2-4.5.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 (src): busybox-1.26.2-4.5.1, busybox-static-1.26.2-4.5.1 SUSE Linux Enterprise Module for Basesystem 15-SP2 (src): busybox-1.26.2-4.5.1, busybox-static-1.26.2-4.5.1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src): busybox-1.26.2-4.5.1, busybox-static-1.26.2-4.5.1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src): busybox-1.26.2-4.5.1, busybox-static-1.26.2-4.5.1 SUSE Linux Enterprise High Performance Computing 15-LTSS (src): busybox-1.26.2-4.5.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): busybox-1.26.2-4.5.1 SUSE Enterprise Storage 6 (src): busybox-1.26.2-4.5.1, busybox-static-1.26.2-4.5.1 SUSE CaaS Platform 4.0 (src): busybox-1.26.2-4.5.1, busybox-static-1.26.2-4.5.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2021:1408-1: An update that fixes 5 vulnerabilities is now available. Category: security (important) Bug References: 1099260,1099263,1121426,1184522,951562 CVE References: CVE-2011-5325,CVE-2018-1000500,CVE-2018-1000517,CVE-2018-20679,CVE-2021-28831 JIRA References: Sources used: openSUSE Leap 15.2 (src): busybox-1.26.2-lp152.5.3.1, busybox-static-1.26.2-lp152.5.3.1
openSUSE-SU-2022:0135-1: An update that fixes 27 vulnerabilities is now available. Category: security (important) Bug References: 1064976,1064978,1069412,1099260,1099263,1102912,1121426,1121428,1184522,1192869,951562,970662,970663,991940 CVE References: CVE-2011-5325,CVE-2015-9261,CVE-2016-2147,CVE-2016-2148,CVE-2016-6301,CVE-2017-15873,CVE-2017-15874,CVE-2017-16544,CVE-2018-1000500,CVE-2018-1000517,CVE-2018-20679,CVE-2019-5747,CVE-2021-28831,CVE-2021-42373,CVE-2021-42374,CVE-2021-42375,CVE-2021-42376,CVE-2021-42377,CVE-2021-42378,CVE-2021-42379,CVE-2021-42380,CVE-2021-42381,CVE-2021-42382,CVE-2021-42383,CVE-2021-42384,CVE-2021-42385,CVE-2021-42386 JIRA References: Sources used: openSUSE Leap 15.3 (src): busybox-1.34.1-4.9.1
SUSE-SU-2022:0135-1: An update that fixes 27 vulnerabilities is now available. Category: security (important) Bug References: 1064976,1064978,1069412,1099260,1099263,1102912,1121426,1121428,1184522,1192869,951562,970662,970663,991940 CVE References: CVE-2011-5325,CVE-2015-9261,CVE-2016-2147,CVE-2016-2148,CVE-2016-6301,CVE-2017-15873,CVE-2017-15874,CVE-2017-16544,CVE-2018-1000500,CVE-2018-1000517,CVE-2018-20679,CVE-2019-5747,CVE-2021-28831,CVE-2021-42373,CVE-2021-42374,CVE-2021-42375,CVE-2021-42376,CVE-2021-42377,CVE-2021-42378,CVE-2021-42379,CVE-2021-42380,CVE-2021-42381,CVE-2021-42382,CVE-2021-42383,CVE-2021-42384,CVE-2021-42385,CVE-2021-42386 JIRA References: Sources used: SUSE Manager Server 4.1 (src): busybox-1.34.1-4.9.1 SUSE Manager Retail Branch Server 4.1 (src): busybox-1.34.1-4.9.1 SUSE Manager Proxy 4.1 (src): busybox-1.34.1-4.9.1 SUSE Linux Enterprise Server for SAP 15-SP2 (src): busybox-1.34.1-4.9.1 SUSE Linux Enterprise Server for SAP 15-SP1 (src): busybox-1.34.1-4.9.1 SUSE Linux Enterprise Server for SAP 15 (src): busybox-1.34.1-4.9.1 SUSE Linux Enterprise Server 15-SP2-LTSS (src): busybox-1.34.1-4.9.1 SUSE Linux Enterprise Server 15-SP2-BCL (src): busybox-1.34.1-4.9.1 SUSE Linux Enterprise Server 15-SP1-LTSS (src): busybox-1.34.1-4.9.1 SUSE Linux Enterprise Server 15-SP1-BCL (src): busybox-1.34.1-4.9.1 SUSE Linux Enterprise Server 15-LTSS (src): busybox-1.34.1-4.9.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 (src): busybox-1.34.1-4.9.1 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src): busybox-1.34.1-4.9.1 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src): busybox-1.34.1-4.9.1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src): busybox-1.34.1-4.9.1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src): busybox-1.34.1-4.9.1 SUSE Linux Enterprise High Performance Computing 15-LTSS (src): busybox-1.34.1-4.9.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): busybox-1.34.1-4.9.1 SUSE Enterprise Storage 7 (src): busybox-1.34.1-4.9.1 SUSE Enterprise Storage 6 (src): busybox-1.34.1-4.9.1 SUSE CaaS Platform 4.0 (src): busybox-1.34.1-4.9.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:0135-2: An update that fixes 27 vulnerabilities is now available. Category: security (important) Bug References: 1064976,1064978,1069412,1099260,1099263,1102912,1121426,1121428,1184522,1192869,951562,970662,970663,991940 CVE References: CVE-2011-5325,CVE-2015-9261,CVE-2016-2147,CVE-2016-2148,CVE-2016-6301,CVE-2017-15873,CVE-2017-15874,CVE-2017-16544,CVE-2018-1000500,CVE-2018-1000517,CVE-2018-20679,CVE-2019-5747,CVE-2021-28831,CVE-2021-42373,CVE-2021-42374,CVE-2021-42375,CVE-2021-42376,CVE-2021-42377,CVE-2021-42378,CVE-2021-42379,CVE-2021-42380,CVE-2021-42381,CVE-2021-42382,CVE-2021-42383,CVE-2021-42384,CVE-2021-42385,CVE-2021-42386 JIRA References: Sources used: SUSE Linux Enterprise Realtime Extension 15-SP2 (src): busybox-1.34.1-4.9.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Hi Ihno, could you please also submit to SUSE:SLE-11:Update and SUSE:SLE-12:Update? :)
openSUSE-SU-2022:0135-1: An update that fixes 32 vulnerabilities is now available. Category: security (important) Bug References: 1064976,1064978,1069412,1099260,1099263,1102912,1121426,1121428,1184522,1192869,1198676,1198677,1198678,1198679,1198680,1198703,951562,970662,970663,991940 CVE References: CVE-2011-5325,CVE-2015-9261,CVE-2016-2147,CVE-2016-2148,CVE-2016-6301,CVE-2017-15873,CVE-2017-15874,CVE-2017-16544,CVE-2018-1000500,CVE-2018-1000517,CVE-2018-20679,CVE-2019-5747,CVE-2021-28831,CVE-2021-42373,CVE-2021-42374,CVE-2021-42375,CVE-2021-42376,CVE-2021-42377,CVE-2021-42378,CVE-2021-42379,CVE-2021-42380,CVE-2021-42381,CVE-2021-42382,CVE-2021-42383,CVE-2021-42384,CVE-2021-42385,CVE-2021-42386,CVE-2022-21465,CVE-2022-21471,CVE-2022-21487,CVE-2022-21488,CVE-2022-21491 JIRA References: Sources used: openSUSE Leap 15.3 (src): busybox-1.34.1-4.9.1, virtualbox-6.1.34-lp153.2.27.2, virtualbox-kmp-6.1.34-lp153.2.27.1
(In reply to Thomas Leroy from comment #13) > Hi Ihno, could you please also submit to SUSE:SLE-11:Update and > SUSE:SLE-12:Update? :) @Radoslav: ping
After careful consideration on our end, we have come to the decision that backporting this fix is not economically or timely feasible. Please reach out to security@suse.de in case of any questions.
SUSE-SU-2022:3959-1: An update that fixes 27 vulnerabilities is now available. Category: security (important) Bug References: 1064976,1064978,1069412,1099260,1099263,1102912,1121426,1121428,1184522,1192869,951562,970662,970663,991940 CVE References: CVE-2011-5325,CVE-2015-9261,CVE-2016-2147,CVE-2016-2148,CVE-2016-6301,CVE-2017-15873,CVE-2017-15874,CVE-2017-16544,CVE-2018-1000500,CVE-2018-1000517,CVE-2018-20679,CVE-2019-5747,CVE-2021-28831,CVE-2021-42373,CVE-2021-42374,CVE-2021-42375,CVE-2021-42376,CVE-2021-42377,CVE-2021-42378,CVE-2021-42379,CVE-2021-42380,CVE-2021-42381,CVE-2021-42382,CVE-2021-42383,CVE-2021-42384,CVE-2021-42385,CVE-2021-42386 JIRA References: Sources used: openSUSE Leap 15.4 (src): busybox-1.35.0-150400.3.3.1 SUSE Linux Enterprise Module for Basesystem 15-SP4 (src): busybox-1.35.0-150400.3.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:4253-1: An update that fixes 28 vulnerabilities is now available. Category: security (important) Bug References: 1029961,1064976,1064978,1069412,1099260,1099263,1102912,1121426,1121428,1184522,1191514,1192869,914660,951562,970662,970663,991940 CVE References: CVE-2011-5325,CVE-2014-9645,CVE-2015-9261,CVE-2016-2147,CVE-2016-2148,CVE-2016-6301,CVE-2017-15873,CVE-2017-15874,CVE-2017-16544,CVE-2018-1000500,CVE-2018-1000517,CVE-2018-20679,CVE-2019-5747,CVE-2021-28831,CVE-2021-42373,CVE-2021-42374,CVE-2021-42375,CVE-2021-42376,CVE-2021-42377,CVE-2021-42378,CVE-2021-42379,CVE-2021-42380,CVE-2021-42381,CVE-2021-42382,CVE-2021-42383,CVE-2021-42384,CVE-2021-42385,CVE-2021-42386 JIRA References: Sources used: SUSE OpenStack Cloud Crowbar 9 (src): busybox-1.35.0-4.3.1 SUSE OpenStack Cloud 9 (src): busybox-1.35.0-4.3.1 SUSE Linux Enterprise Server for SAP 12-SP4 (src): busybox-1.35.0-4.3.1 SUSE Linux Enterprise Server 12-SP5 (src): busybox-1.35.0-4.3.1 SUSE Linux Enterprise Server 12-SP4-LTSS (src): busybox-1.35.0-4.3.1 SUSE Linux Enterprise Server 12-SP3-BCL (src): busybox-1.35.0-4.3.1 SUSE Linux Enterprise Server 12-SP2-BCL (src): busybox-1.35.0-4.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:4260-1: An update that fixes two vulnerabilities is now available. Category: security (important) Bug References: 1099260,914660 CVE References: CVE-2014-9645,CVE-2018-1000517 JIRA References: Sources used: openSUSE Leap 15.3 (src): busybox-1.35.0-150000.4.14.1 SUSE Manager Server 4.1 (src): busybox-1.35.0-150000.4.14.1 SUSE Manager Retail Branch Server 4.1 (src): busybox-1.35.0-150000.4.14.1 SUSE Manager Proxy 4.1 (src): busybox-1.35.0-150000.4.14.1 SUSE Linux Enterprise Server for SAP 15-SP2 (src): busybox-1.35.0-150000.4.14.1 SUSE Linux Enterprise Server for SAP 15-SP1 (src): busybox-1.35.0-150000.4.14.1 SUSE Linux Enterprise Server for SAP 15 (src): busybox-1.35.0-150000.4.14.1 SUSE Linux Enterprise Server 15-SP2-LTSS (src): busybox-1.35.0-150000.4.14.1 SUSE Linux Enterprise Server 15-SP2-BCL (src): busybox-1.35.0-150000.4.14.1 SUSE Linux Enterprise Server 15-SP1-LTSS (src): busybox-1.35.0-150000.4.14.1 SUSE Linux Enterprise Server 15-SP1-BCL (src): busybox-1.35.0-150000.4.14.1 SUSE Linux Enterprise Server 15-LTSS (src): busybox-1.35.0-150000.4.14.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 (src): busybox-1.35.0-150000.4.14.1 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src): busybox-1.35.0-150000.4.14.1 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src): busybox-1.35.0-150000.4.14.1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src): busybox-1.35.0-150000.4.14.1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src): busybox-1.35.0-150000.4.14.1 SUSE Linux Enterprise High Performance Computing 15-LTSS (src): busybox-1.35.0-150000.4.14.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): busybox-1.35.0-150000.4.14.1 SUSE Enterprise Storage 7 (src): busybox-1.35.0-150000.4.14.1 SUSE Enterprise Storage 6 (src): busybox-1.35.0-150000.4.14.1 SUSE CaaS Platform 4.0 (src): busybox-1.35.0-150000.4.14.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.