Ubuntu has issued an advisory today (September 22): https://ubuntu.com/security/notices/USN-4531-1 The issue is fixed upstream in 1.32.0.
Assigning this to you, Stig, as the principle recent committer of this SRPM.
Assignee: bugsquad => smelror
Thanks Lewis. This package belongs to Shlomi. Assigning to him as I do not have the time to take of this at the moment.
Assignee: smelror => shlomif
*** Bug 27734 has been marked as a duplicate of this bug. ***
CC: (none) => zombie_ryushu
Assignee: shlomif => pkg-bugs
Status comment: (none) => Patch available from Ubuntu
Suggested advisory: ======================== The updated packages fix a security vulnerability: Busybox contains a Missing SSL certificate validation vulnerability in The "busybox wget" applet that can result in arbitrary code execution. This attack appear to be exploitable via Simply download any file over HTTPS using "busybox wget https://compromised-domain.com/important-file". (CVE-2018-1000500) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000500 https://ubuntu.com/security/notices/USN-4531-1 ======================== Updated packages in core/updates_testing: ======================== busybox-1.30.1-1.1.mga7 busybox-static-1.30.1-1.1.mga7 from SRPM: busybox-1.30.1-1.1.mga7.src.rpm
Status comment: Patch available from Ubuntu => (none)CC: (none) => nicolas.salgueroCVE: (none) => CVE-2018-1000500Status: NEW => ASSIGNEDAssignee: pkg-bugs => qa-bugs
Installed and tested without issues. Tested a bunch of busybox commands (applets as called in busybox), including wget. Tested both dynamic and static busybox packages. No issues noticed. System: Mageia 7, x86_64, Intel CPU. $ uname -a Linux marte 5.7.19-desktop-3.mga7 #1 SMP Sun Oct 18 15:46:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ rpm -qa | grep busybox busybox-1.30.1-1.1.mga7 busybox-static-1.30.1-1.1.mga7
CC: (none) => mageiaWhiteboard: (none) => MGA7-64-OK
Validating. Advisory in Comment 4.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
Advisory pushed to SVN.
Keywords: (none) => advisoryCC: (none) => ouaurelien
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0009.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED