Advisories » MGASA-2015-0041

Updated busybox packages fix CVE-2014-9645

Publication date: 27 Jan 2015
Modification date: 27 Jan 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-9645

Description

Updated busybox packages fix security vulnerability:

The modprobe command in busybox before 1.23.0 uses the basename of the module
argument as the module to load, allowing arbitrary modules, even when some
kernel subsystems try to prevent this (CVE-2014-9645).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=15133
• http://openwall.com/lists/oss-security/2015/01/26/1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9645

SRPMS

4/core

• busybox-1.21.1-3.2.mga4