SUSE-SU-2025:03271-1
- Source
- https://www.suse.com/support/update/announcement/2025/suse-su-202503271-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:03271-1.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/SUSE-SU-2025:03271-1
- Upstream
- Related
- Published
- 2025-09-18T13:33:50Z
- Modified
- 2025-09-18T20:17:16.565779Z
- Summary
- Security update for busybox, busybox-links
- Details
-
This update for busybox, busybox-links fixes the following issues:
Updated to version 1.37.0 (jsc#PED-13039):
- CVE-2023-42363: Fixed use-after-free vulnerability in xasprintf function in xfuncs_printf.c (bsc#1217580)
- CVE-2023-42364: Fixed use-after-free in the awk.c evaluate function (bsc#1217584)
- CVE-2023-42365: Fixed use-after-free in the awk.c copyvar function (bsc#1217585)
Other fixes:
- fix generation of file lists via Dockerfile
- add copy of busybox.links from the container to catch changes to busybox config
- Blacklist creating links for halt, reboot, shutdown commands to avoid accidental use in a fully booted system (bsc#1243201)
- Add getfattr applet to attr filelist
- busybox-udhcpc conflicts with udhcp.
- Add new sub-package for udhcpc
- zgrep: don't set the label option as only the real grep supports it (bsc#1215943)
- Add conflict for coreutils-systemd, package got splitted
- Check in filelists instead of buildrequiring all non-busybox utils
- Replace transitional %usrmerged macro with regular version check (bsc#1206798)
- Create sub-package 'hexedit' [bsc#1203399]
- Create sub-package 'sha3sum' [bsc#1203397]
- Drop update-alternatives support
- Add provides smtp_daemon to busybox-sendmail
- Add conflicts: mawk to busybox-gawk
- fix mkdir path to point to /usr/bin instead of /bin
- add placeholder variable and ignore applet logic to busybox.install
- enable halt, poweroff, reboot commands (bsc#1243201)
- Fully enable udhcpc and document that this tool needs special configuration and does not work out of the box [bsc#1217883]
- Replace transitional %usrmerged macro with regular version check (bsc#1206798)
- References
-
- https://www.suse.com/support/update/announcement/2025/suse-su-202503271-1/
- https://bugzilla.suse.com/1203397
- https://bugzilla.suse.com/1203399
- https://bugzilla.suse.com/1206798
- https://bugzilla.suse.com/1215943
- https://bugzilla.suse.com/1217580
- https://bugzilla.suse.com/1217584
- https://bugzilla.suse.com/1217585
- https://bugzilla.suse.com/1217883
- https://bugzilla.suse.com/1239176
- https://bugzilla.suse.com/1243201
- https://www.suse.com/security/cve/CVE-2023-42363
- https://www.suse.com/security/cve/CVE-2023-42364
- https://www.suse.com/security/cve/CVE-2023-42365
Affected packages
openSUSE:Leap 15.6
busybox
Package
- Name
- busybox
- Purl
- pkg:rpm/opensuse/busybox&distro=openSUSE%20Leap%2015.6
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.37.0-150500.10.11.1
Ecosystem specific
{
"binaries": [
{
"busybox-psmisc": "1.37.0-150500.7.7.2",
"busybox-warewulf3": "1.37.0-150500.10.11.1",
"busybox-cpio": "1.37.0-150500.7.7.2",
"busybox-diffutils": "1.37.0-150500.7.7.2",
"busybox-netcat": "1.37.0-150500.7.7.2",
"busybox-testsuite": "1.37.0-150500.10.11.1",
"busybox-util-linux": "1.37.0-150500.7.7.2",
"busybox-unzip": "1.37.0-150500.7.7.2",
"busybox-tftp": "1.37.0-150500.7.7.2",
"busybox-time": "1.37.0-150500.7.7.2",
"busybox-patch": "1.37.0-150500.7.7.2",
"busybox-net-tools": "1.37.0-150500.7.7.2",
"busybox-ncurses-utils": "1.37.0-150500.7.7.2",
"busybox-grep": "1.37.0-150500.7.7.2",
"busybox-dos2unix": "1.37.0-150500.7.7.2",
"busybox-bind-utils": "1.37.0-150500.7.7.2",
"busybox-telnet": "1.37.0-150500.7.7.2",
"busybox-sed": "1.37.0-150500.7.7.2",
"busybox-iproute2": "1.37.0-150500.7.7.2",
"busybox-attr": "1.37.0-150500.7.7.2",
"busybox-ed": "1.37.0-150500.7.7.2",
"busybox-procps": "1.37.0-150500.7.7.2",
"busybox-coreutils": "1.37.0-150500.7.7.2",
"busybox-bc": "1.37.0-150500.7.7.2",
"busybox-findutils": "1.37.0-150500.7.7.2",
"busybox-kbd": "1.37.0-150500.7.7.2",
"busybox-vi": "1.37.0-150500.7.7.2",
"busybox-sysvinit-tools": "1.37.0-150500.7.7.2",
"busybox-sh": "1.37.0-150500.7.7.2",
"busybox-vlan": "1.37.0-150500.7.7.2",
"busybox-xz": "1.37.0-150500.7.7.2",
"busybox-selinux-tools": "1.37.0-150500.7.7.2",
"busybox-syslogd": "1.37.0-150500.7.7.2",
"busybox-bzip2": "1.37.0-150500.7.7.2",
"busybox-iputils": "1.37.0-150500.7.7.2",
"busybox-misc": "1.37.0-150500.7.7.2",
"busybox-gawk": "1.37.0-150500.7.7.2",
"busybox-sharutils": "1.37.0-150500.7.7.2",
"busybox-man": "1.37.0-150500.7.7.2",
"busybox-whois": "1.37.0-150500.7.7.2",
"busybox-gzip": "1.37.0-150500.7.7.2",
"busybox-less": "1.37.0-150500.7.7.2",
"busybox-kmod": "1.37.0-150500.7.7.2",
"busybox-hostname": "1.37.0-150500.7.7.2",
"busybox-traceroute": "1.37.0-150500.7.7.2",
"busybox-links": "1.37.0-150500.7.7.2",
"busybox-policycoreutils": "1.37.0-150500.7.7.2",
"busybox-adduser": "1.37.0-150500.7.7.2",
"busybox-wget": "1.37.0-150500.7.7.2",
"busybox-tunctl": "1.37.0-150500.7.7.2",
"busybox-static": "1.37.0-150500.10.11.1",
"busybox-tar": "1.37.0-150500.7.7.2",
"busybox-sendmail": "1.37.0-150500.7.7.2",
"busybox-which": "1.37.0-150500.7.7.2"
}
]
}busybox-links
Package
- Name
- busybox-links
- Purl
- pkg:rpm/opensuse/busybox-links&distro=openSUSE%20Leap%2015.6
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.37.0-150500.7.7.2
Ecosystem specific
{
"binaries": [
{
"busybox-psmisc": "1.37.0-150500.7.7.2",
"busybox-warewulf3": "1.37.0-150500.10.11.1",
"busybox-cpio": "1.37.0-150500.7.7.2",
"busybox-diffutils": "1.37.0-150500.7.7.2",
"busybox-netcat": "1.37.0-150500.7.7.2",
"busybox-testsuite": "1.37.0-150500.10.11.1",
"busybox-util-linux": "1.37.0-150500.7.7.2",
"busybox-unzip": "1.37.0-150500.7.7.2",
"busybox-tftp": "1.37.0-150500.7.7.2",
"busybox-time": "1.37.0-150500.7.7.2",
"busybox-patch": "1.37.0-150500.7.7.2",
"busybox-net-tools": "1.37.0-150500.7.7.2",
"busybox-ncurses-utils": "1.37.0-150500.7.7.2",
"busybox-grep": "1.37.0-150500.7.7.2",
"busybox-dos2unix": "1.37.0-150500.7.7.2",
"busybox-bind-utils": "1.37.0-150500.7.7.2",
"busybox-telnet": "1.37.0-150500.7.7.2",
"busybox-sed": "1.37.0-150500.7.7.2",
"busybox-iproute2": "1.37.0-150500.7.7.2",
"busybox-attr": "1.37.0-150500.7.7.2",
"busybox-ed": "1.37.0-150500.7.7.2",
"busybox-procps": "1.37.0-150500.7.7.2",
"busybox-coreutils": "1.37.0-150500.7.7.2",
"busybox-bc": "1.37.0-150500.7.7.2",
"busybox-findutils": "1.37.0-150500.7.7.2",
"busybox-kbd": "1.37.0-150500.7.7.2",
"busybox-vi": "1.37.0-150500.7.7.2",
"busybox-sysvinit-tools": "1.37.0-150500.7.7.2",
"busybox-sh": "1.37.0-150500.7.7.2",
"busybox-vlan": "1.37.0-150500.7.7.2",
"busybox-xz": "1.37.0-150500.7.7.2",
"busybox-selinux-tools": "1.37.0-150500.7.7.2",
"busybox-syslogd": "1.37.0-150500.7.7.2",
"busybox-bzip2": "1.37.0-150500.7.7.2",
"busybox-iputils": "1.37.0-150500.7.7.2",
"busybox-misc": "1.37.0-150500.7.7.2",
"busybox-gawk": "1.37.0-150500.7.7.2",
"busybox-sharutils": "1.37.0-150500.7.7.2",
"busybox-man": "1.37.0-150500.7.7.2",
"busybox-whois": "1.37.0-150500.7.7.2",
"busybox-gzip": "1.37.0-150500.7.7.2",
"busybox-less": "1.37.0-150500.7.7.2",
"busybox-kmod": "1.37.0-150500.7.7.2",
"busybox-hostname": "1.37.0-150500.7.7.2",
"busybox-traceroute": "1.37.0-150500.7.7.2",
"busybox-links": "1.37.0-150500.7.7.2",
"busybox-policycoreutils": "1.37.0-150500.7.7.2",
"busybox-adduser": "1.37.0-150500.7.7.2",
"busybox-wget": "1.37.0-150500.7.7.2",
"busybox-tunctl": "1.37.0-150500.7.7.2",
"busybox-static": "1.37.0-150500.10.11.1",
"busybox-tar": "1.37.0-150500.7.7.2",
"busybox-sendmail": "1.37.0-150500.7.7.2",
"busybox-which": "1.37.0-150500.7.7.2"
}
]
}