USN-6961-1 (Several security issues were fixed)

USN-6961-1: BusyBox vulnerabilities
14 August 2024

Several security issues were fixed in BusyBox.

Releases
Ubuntu 24.04 LTS Ubuntu 22.04 LTS Ubuntu 20.04 LTS

Packages
busybox - Tiny utilities for small and embedded systems

Details
It was discovered that BusyBox did not properly validate user input when
performing certain arithmetic operations. If a user or automated system
were tricked into processing a specially crafted file, an attacker could
possibly use this issue to cause a denial of service, or execute arbitrary
code. (CVE-2022-48174)
It was discovered that BusyBox incorrectly managed memory when evaluating
certain awk expressions. An attacker could possibly use this issue to cause
a denial of service, or execute arbitrary code. This issue only affected
Ubuntu 24.04 LTS. (CVE-2023-42363, CVE-2023-42364, CVE-2023-42365)
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Update instructions
The problem can be corrected by updating your system to the following package versions:

Ubuntu 24.04

• busybox - 1:1.36.1-6ubuntu3.1
• busybox-initramfs - 1:1.36.1-6ubuntu3.1
• busybox-static - 1:1.36.1-6ubuntu3.1

Ubuntu 22.04

• busybox - 1:1.30.1-7ubuntu3.1
• busybox-initramfs - 1:1.30.1-7ubuntu3.1
• busybox-static - 1:1.30.1-7ubuntu3.1Ubuntu 20.04
• busybox - 1:1.30.1-4ubuntu6.5
• busybox-initramfs - 1:1.30.1-4ubuntu6.5
• busybox-static - 1:1.30.1-4ubuntu6.5

In general, a standard system update will make all the necessary changes.