{"affected":[{"ecosystem_specific":{"binaries":[{"busybox":"1.37.0-150500.10.11.1","busybox-adduser":"1.37.0-150500.7.7.2","busybox-attr":"1.37.0-150500.7.7.2","busybox-bc":"1.37.0-150500.7.7.2","busybox-bind-utils":"1.37.0-150500.7.7.2","busybox-bzip2":"1.37.0-150500.7.7.2","busybox-coreutils":"1.37.0-150500.7.7.2","busybox-cpio":"1.37.0-150500.7.7.2","busybox-diffutils":"1.37.0-150500.7.7.2","busybox-dos2unix":"1.37.0-150500.7.7.2","busybox-ed":"1.37.0-150500.7.7.2","busybox-findutils":"1.37.0-150500.7.7.2","busybox-gawk":"1.37.0-150500.7.7.2","busybox-grep":"1.37.0-150500.7.7.2","busybox-gzip":"1.37.0-150500.7.7.2","busybox-hexedit":"1.37.0-150500.7.7.2","busybox-hostname":"1.37.0-150500.7.7.2","busybox-iproute2":"1.37.0-150500.7.7.2","busybox-iputils":"1.37.0-150500.7.7.2","busybox-kbd":"1.37.0-150500.7.7.2","busybox-kmod":"1.37.0-150500.7.7.2","busybox-less":"1.37.0-150500.7.7.2","busybox-links":"1.37.0-150500.7.7.2","busybox-man":"1.37.0-150500.7.7.2","busybox-misc":"1.37.0-150500.7.7.2","busybox-ncurses-utils":"1.37.0-150500.7.7.2","busybox-net-tools":"1.37.0-150500.7.7.2","busybox-netcat":"1.37.0-150500.7.7.2","busybox-patch":"1.37.0-150500.7.7.2","busybox-policycoreutils":"1.37.0-150500.7.7.2","busybox-procps":"1.37.0-150500.7.7.2","busybox-psmisc":"1.37.0-150500.7.7.2","busybox-sed":"1.37.0-150500.7.7.2","busybox-selinux-tools":"1.37.0-150500.7.7.2","busybox-sendmail":"1.37.0-150500.7.7.2","busybox-sh":"1.37.0-150500.7.7.2","busybox-sha3sum":"1.37.0-150500.7.7.2","busybox-sharutils":"1.37.0-150500.7.7.2","busybox-static":"1.37.0-150500.10.11.1","busybox-syslogd":"1.37.0-150500.7.7.2","busybox-sysvinit-tools":"1.37.0-150500.7.7.2","busybox-tar":"1.37.0-150500.7.7.2","busybox-telnet":"1.37.0-150500.7.7.2","busybox-testsuite":"1.37.0-150500.10.11.1","busybox-tftp":"1.37.0-150500.7.7.2","busybox-time":"1.37.0-150500.7.7.2","busybox-traceroute":"1.37.0-150500.7.7.2","busybox-tunctl":"1.37.0-150500.7.7.2","busybox-udhcpc":"1.37.0-150500.7.7.2","busybox-unzip":"1.37.0-150500.7.7.2","busybox-util-linux":"1.37.0-150500.7.7.2","busybox-vi":"1.37.0-150500.7.7.2","busybox-vlan":"1.37.0-150500.7.7.2","busybox-warewulf3":"1.37.0-150500.10.11.1","busybox-wget":"1.37.0-150500.7.7.2","busybox-which":"1.37.0-150500.7.7.2","busybox-whois":"1.37.0-150500.7.7.2","busybox-xz":"1.37.0-150500.7.7.2"}]},"package":{"ecosystem":"openSUSE:Leap 15.6","name":"busybox","purl":"pkg:rpm/opensuse/busybox&distro=openSUSE%20Leap%2015.6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.37.0-150500.10.11.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"busybox":"1.37.0-150500.10.11.1","busybox-adduser":"1.37.0-150500.7.7.2","busybox-attr":"1.37.0-150500.7.7.2","busybox-bc":"1.37.0-150500.7.7.2","busybox-bind-utils":"1.37.0-150500.7.7.2","busybox-bzip2":"1.37.0-150500.7.7.2","busybox-coreutils":"1.37.0-150500.7.7.2","busybox-cpio":"1.37.0-150500.7.7.2","busybox-diffutils":"1.37.0-150500.7.7.2","busybox-dos2unix":"1.37.0-150500.7.7.2","busybox-ed":"1.37.0-150500.7.7.2","busybox-findutils":"1.37.0-150500.7.7.2","busybox-gawk":"1.37.0-150500.7.7.2","busybox-grep":"1.37.0-150500.7.7.2","busybox-gzip":"1.37.0-150500.7.7.2","busybox-hexedit":"1.37.0-150500.7.7.2","busybox-hostname":"1.37.0-150500.7.7.2","busybox-iproute2":"1.37.0-150500.7.7.2","busybox-iputils":"1.37.0-150500.7.7.2","busybox-kbd":"1.37.0-150500.7.7.2","busybox-kmod":"1.37.0-150500.7.7.2","busybox-less":"1.37.0-150500.7.7.2","busybox-links":"1.37.0-150500.7.7.2","busybox-man":"1.37.0-150500.7.7.2","busybox-misc":"1.37.0-150500.7.7.2","busybox-ncurses-utils":"1.37.0-150500.7.7.2","busybox-net-tools":"1.37.0-150500.7.7.2","busybox-netcat":"1.37.0-150500.7.7.2","busybox-patch":"1.37.0-150500.7.7.2","busybox-policycoreutils":"1.37.0-150500.7.7.2","busybox-procps":"1.37.0-150500.7.7.2","busybox-psmisc":"1.37.0-150500.7.7.2","busybox-sed":"1.37.0-150500.7.7.2","busybox-selinux-tools":"1.37.0-150500.7.7.2","busybox-sendmail":"1.37.0-150500.7.7.2","busybox-sh":"1.37.0-150500.7.7.2","busybox-sha3sum":"1.37.0-150500.7.7.2","busybox-sharutils":"1.37.0-150500.7.7.2","busybox-static":"1.37.0-150500.10.11.1","busybox-syslogd":"1.37.0-150500.7.7.2","busybox-sysvinit-tools":"1.37.0-150500.7.7.2","busybox-tar":"1.37.0-150500.7.7.2","busybox-telnet":"1.37.0-150500.7.7.2","busybox-testsuite":"1.37.0-150500.10.11.1","busybox-tftp":"1.37.0-150500.7.7.2","busybox-time":"1.37.0-150500.7.7.2","busybox-traceroute":"1.37.0-150500.7.7.2","busybox-tunctl":"1.37.0-150500.7.7.2","busybox-udhcpc":"1.37.0-150500.7.7.2","busybox-unzip":"1.37.0-150500.7.7.2","busybox-util-linux":"1.37.0-150500.7.7.2","busybox-vi":"1.37.0-150500.7.7.2","busybox-vlan":"1.37.0-150500.7.7.2","busybox-warewulf3":"1.37.0-150500.10.11.1","busybox-wget":"1.37.0-150500.7.7.2","busybox-which":"1.37.0-150500.7.7.2","busybox-whois":"1.37.0-150500.7.7.2","busybox-xz":"1.37.0-150500.7.7.2"}]},"package":{"ecosystem":"openSUSE:Leap 15.6","name":"busybox-links","purl":"pkg:rpm/opensuse/busybox-links&distro=openSUSE%20Leap%2015.6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.37.0-150500.7.7.2"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for busybox, busybox-links fixes the following issues:\n\nUpdated to version 1.37.0 (jsc#PED-13039):\n\n  - CVE-2023-42363: Fixed use-after-free vulnerability in xasprintf function in xfuncs_printf.c (bsc#1217580)\n  - CVE-2023-42364: Fixed use-after-free in the awk.c evaluate function (bsc#1217584)\n  - CVE-2023-42365: Fixed use-after-free in the awk.c copyvar function (bsc#1217585)\n\nOther fixes:\n\n  - fix generation of file lists via Dockerfile \n  - add copy of busybox.links from the container to catch changes\n    to busybox config\n  - Blacklist creating links for halt, reboot, shutdown commands to avoid accidental\n    use in a fully booted system (bsc#1243201) \n  - Add getfattr applet to attr filelist\n  - busybox-udhcpc conflicts with udhcp.\n  - Add new sub-package for udhcpc\n  - zgrep: don't set the label option as only the real grep\n    supports it (bsc#1215943)\n  - Add conflict for coreutils-systemd, package got splitted\n  - Check in filelists instead of buildrequiring all non-busybox utils\n  - Replace transitional %usrmerged macro with regular version check (bsc#1206798)\n  - Create sub-package 'hexedit' [bsc#1203399]\n  - Create sub-package 'sha3sum' [bsc#1203397]\n  - Drop update-alternatives support\n  - Add provides smtp_daemon to busybox-sendmail\n  - Add conflicts: mawk to busybox-gawk\n  - fix mkdir path to point to /usr/bin instead of /bin\n  - add placeholder variable and ignore applet logic to busybox.install \n  - enable halt, poweroff, reboot commands (bsc#1243201) \n  - Fully enable udhcpc and document that this tool needs special\n    configuration and does not work out of the box [bsc#1217883]\n  - Replace transitional %usrmerged macro with regular version check (bsc#1206798)\n","id":"SUSE-SU-2025:03271-2","modified":"2025-09-23T14:03:30Z","published":"2025-09-23T14:03:30Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2025/suse-su-202503271-2/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1203397"},{"type":"REPORT","url":"https://bugzilla.suse.com/1203399"},{"type":"REPORT","url":"https://bugzilla.suse.com/1206798"},{"type":"REPORT","url":"https://bugzilla.suse.com/1215943"},{"type":"REPORT","url":"https://bugzilla.suse.com/1217580"},{"type":"REPORT","url":"https://bugzilla.suse.com/1217584"},{"type":"REPORT","url":"https://bugzilla.suse.com/1217585"},{"type":"REPORT","url":"https://bugzilla.suse.com/1217883"},{"type":"REPORT","url":"https://bugzilla.suse.com/1239176"},{"type":"REPORT","url":"https://bugzilla.suse.com/1243201"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-42363"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-42364"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-42365"}],"related":["CVE-2023-42363","CVE-2023-42364","CVE-2023-42365"],"summary":"Security update for busybox, busybox-links","upstream":["CVE-2023-42363","CVE-2023-42364","CVE-2023-42365"]}