RHSA-2007:0244 - Security Advisory
Low: busybox security update
Security Advisory: Low
Updated busybox packages that fix a security issue are now available.
This update has been rated as having low security impact by the Red Hat
Security Response Team.
Busybox is a single binary which includes versions of a large number of
system commands, including a shell. This package can be useful for
recovering from certain types of system failures.
BusyBox did not use a salt when generating passwords. This made it
easier for local users to guess passwords from a stolen password file.
All users of busybox are advised to upgrade to these updated packages,
which contain a patch to resolve this issue.
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:
For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:
- Red Hat Enterprise Linux Server 4 x86_64
- Red Hat Enterprise Linux Server 4 ia64
- Red Hat Enterprise Linux Server 4 i386
- Red Hat Enterprise Linux Workstation 4 x86_64
- Red Hat Enterprise Linux Workstation 4 ia64
- Red Hat Enterprise Linux Workstation 4 i386
- Red Hat Enterprise Linux Desktop 4 x86_64
- Red Hat Enterprise Linux Desktop 4 i386
- Red Hat Enterprise Linux for IBM z Systems 4 s390x
- Red Hat Enterprise Linux for IBM z Systems 4 s390
- Red Hat Enterprise Linux for Power, big endian 4 ppc
- BZ - 187385 - CVE-2006-1058 BusyBox passwd command fails to generate password with salt
Red Hat Enterprise Linux for Power, big endian 4