An issue fixed upstream in busybox was posted to oss-security on October 25: http://seclists.org/oss-sec/2015/q4/158 MITRE declined to assign a CVE for now: http://openwall.com/lists/oss-security/2015/10/29/2 Debian-LTS has issued an advisory for this on October 31: http://lwn.net/Alerts/662740/ I've already included the patch in Cauldron and it's checked into Mageia 5 SVN. Any future update will include this fix. Reproducible: Steps to Reproduce:
Assigning to yourself David, since you've already patched the package for this issue.
Assignee: bugsquad => luigiwalser
Two more busybox fixes were posted to oss-security on March 11: http://openwall.com/lists/oss-security/2016/03/11/16 They are CVE-2016-2147 and CVE-2016-2148. They don't sound very serious either. Fixed in Cauldron and patched in Mageia 5 SVN.
Summary: busybox new DoS issue in unzip command => busybox new DoS issue in unzip command and udhcp issues CVE-2016-214[78]
Depends on: (none) => 19128
Fixes included in the Bug 19128 update.
Marking as FIXED.
Status: NEW => RESOLVEDResolution: (none) => FIXED
LWN reference for CVE-2016-214[78]: https://lwn.net/Vulnerabilities/708152/