[Secure-testing-team] Bug#879732: CVE-2017-15874 / CVE-2017-15873
Moritz Muehlenhoff
jmm at debian.org
Wed Oct 25 06:52:34 UTC 2017
Package: busybox
Version: 1:1.27.2-1
Severity: important
Tags: security
Hi,
please see:
CVE-2017-15873
The get_next_block function in archival/libarchive/decompress_bunzip2.c
in BusyBox 1.27.2 has an Integer Overflow that may lead to a write
access violation.
https://bugs.busybox.net/show_bug.cgi?id=10431
https://git.busybox.net/busybox/commit/?id=0402cb32df015d9372578e3db27db47b33d5c7b0
CVE-2017-15874
archival/libarchive/decompress_unlzma.c in BusyBox 1.27.2 has an Integer
Underflow that leads to a read access violation.
https://bugs.busybox.net/show_bug.cgi?id=10436
Cheers,
Moritz
More information about the Secure-testing-team
mailing list