Forum: >>> Magnum BBS <<<

Bug#1055307: busybox: CVE-2023-39810

From Salvatore Bonaccorso@21:1/5 to All on Wed Apr 23 22:20:01 2025

XPost: linux.debian.maint.boot

Control: tags -1 + fixed-upstream

On Fri, Nov 03, 2023 at 08:26:28PM +0100, Moritz M�hlenhoff wrote:

Source: busybox
X-Debbugs-CC: team@security.debian.org
Severity: important
Tags: security

Hi,

The following vulnerability was published for busybox.

CVE-2023-39810[0]:
| An issue in the CPIO command of Busybox v1.33.2 allows attackers to
| execute a directory traversal.

https://www.pentagrid.ch/en/blog/busybox-cpio-directory-traversal-vulnerability/

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-39810
https://www.cve.org/CVERecord?id=CVE-2023-39810

Please adjust the affected versions in the BTS as needed.

FTR, this one has now a commit upstream as: https://git.busybox.net/busybox/commit/?id=9a8796436b9b0641e13480811902ea2ac57881d3

Regards,
Salvatore

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	481
Nodes:	16 (2 / 14)
Uptime:	12:18:30
Calls:	9,540
Calls today:	8
Files:	13,653
Messages:	6,139,338
Posted today:	1