busybox (SL6)

Synopsis: Low: busybox security and bug fix update
Advisory ID: SLSA-2013:1732-2
Issue Date: 2013-11-21
CVE Numbers: CVE-2013-1813

It was found that the mdev BusyBox utility could create certain
directories within /dev with world-writable permissions. A local
unprivileged user could use this flaw to manipulate portions of the /dev
directory tree. (CVE-2013-1813)

This update also fixes the following bugs:

* Previously, due to a too eager string size optimization on the IBM
System z architecture, the “wc” BusyBox command failed after processing
standard input with the following error:

wc: : No such file or directory

This bug was fixed by disabling the string size optimization and the “wc”
command works properly on IBM System z architectures.

* Prior to this update, the “mknod” command was unable to create device
nodes with a major or minor number larger than 255. Consequently, the
kdump utility failed to handle such a device. The underlying source code
has been modified, and it is now possible to use the “mknod” command to
create device nodes with a major or minor number larger than 255.

* If a network installation from an NFS server was selected, the “mount”
command used the UDP protocol by default. If only TCP mounts were
supported by the server, this led to a failure of the mount command. As a
result, Anaconda could not continue with the installation. This bug is now
fixed and NFS mount operations default to the TCP protocol.


– Scientific Linux Development Team