[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1445-3] busybox regression update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : busybox
Version        : 1:1.22.0-9+deb8u4

It was found that the security update of busybox announced as
DLA-1445-1  to prevent the exploitation of CVE-2011-5325, a symlinking
attack, was too strict in case of cpio archives. This update restores
the old behavior.

For Debian 8 "Jessie", this problem has been fixed in version
1:1.22.0-9+deb8u4.

We recommend that you upgrade your busybox packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAltj5aVfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeQg5hAAgS4x6OW2obh2DayhsOTNrpVD9aXpgScQNmt/jj+B9SrZUKxn55RF+Vk0
uqa+YJmjVasBfchq5tO2qdq5y2opFpDhuReVD0CM4jQyszIoNujYm5k7uQFl7nM0
9u2idA3KmZdmLx053jTfUJl+ReCLWgeXCGNnBGik32eYvPp+o28KlZ+2SzAlBd0Z
nKhTIjf5uguV0LanE5jbedXB86VVYmT+aKI7gPMOkf9EroVtK6PDRI90Rp6T00mH
nk67m/HiDIyFTWwzsGceDjz/ZUPDulV4PL8DRLzVVptDhWaxXZnes3nXNsd889qF
8CaoJfFnf9fkv02KiL5AgnpxUCBZlNc2mPRri6xy6uklFXSnOQRmd/6bvDgBSH60
n9jmQNJE5rFHsYbL5sjyl5F0et73LQp2esblj63nbbjG8W3qZprQm8AgEaRM8EE1
HuoJBDalcvltW/ODTBKX9m2VceWyV3h10MIqbEyjRaSmaHt87tXRy0y6SxjQIb4x
kLVkFunW7CDL5lFJDzwg5qxcEfY73g4+z5SfFk8XLGU4IALVCftgHfA9u2o10VzU
J0CveWMLm8uhFTtr7K0XSY5iRAOa/48isJVCFFRVfavls4DGPcL39jXR5P1kbxYM
zcNBBVG1u1NdmCC884a0hdYvxa6h4H7OKyKiv5fHeWHcqWBY6Wg=
=r6Yy
-----END PGP SIGNATURE-----


Reply to: