Synopsis: Low: busybox security and bug fix update
Advisory ID: SLSA-2013:1732-2
Issue Date: 2013-11-21
CVE Numbers: CVE-2013-1813
—
It was found that the mdev BusyBox utility could create certain
directories within /dev with world-writable permissions. A local
unprivileged user could use this flaw to manipulate portions of the /dev
directory tree. (CVE-2013-1813)
This update also fixes the following bugs:
* Previously, due to a too eager string size optimization on the IBM
System z architecture, the “wc” BusyBox command failed after processing
standard input with the following error:
wc: : No such file or directory
This bug was fixed by disabling the string size optimization and the “wc”
command works properly on IBM System z architectures.
* Prior to this update, the “mknod” command was unable to create device
nodes with a major or minor number larger than 255. Consequently, the
kdump utility failed to handle such a device. The underlying source code
has been modified, and it is now possible to use the “mknod” command to
create device nodes with a major or minor number larger than 255.
* If a network installation from an NFS server was selected, the “mount”
command used the UDP protocol by default. If only TCP mounts were
supported by the server, this led to a failure of the mount command. As a
result, Anaconda could not continue with the installation. This bug is now
fixed and NFS mount operations default to the TCP protocol.
—
SL6
x86_64
busybox-1.15.1-20.el6.x86_64.rpm
busybox-petitboot-1.15.1-20.el6.x86_64.rpm
i386
busybox-1.15.1-20.el6.i686.rpm
busybox-petitboot-1.15.1-20.el6.i686.rpm
– Scientific Linux Development Team
