Advisories » MGASA-2021-0310

Updated busybox packages fix security vulnerability

Publication date: 04 Jul 2021
Modification date: 04 Jul 2021
Type: security
Affected Mageia releases : 7 , 8
CVE: CVE-2021-28831

Description

Updated busybox packages fix security vulnerability:

decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on
the huft_build result pointer, with a resultant invalid free or segmentation
fault, via malformed gzip data (CVE-2021-28831).

References

SRPMS

7/core

busybox-1.30.1-1.2.mga7

8/core

busybox-1.32.1-1.1.mga8