Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2012:0308 - Security Advisory
Issued:
2012-02-21
Updated:
2012-02-21

RHSA-2012:0308 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Low: busybox security and bug fix update

Type/Severity

Security Advisory: Low

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated busybox packages that fix two security issues and two bugs are now
available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having low
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

Description

BusyBox provides a single binary that includes versions of a large number
of system commands, including a shell. This can be very useful for
recovering from certain types of system failures, particularly those
involving broken shared libraries.

A buffer underflow flaw was found in the way the uncompress utility of
BusyBox expanded certain archive files compressed using Lempel-Ziv
compression. If a user were tricked into expanding a specially-crafted
archive file with uncompress, it could cause BusyBox to crash or,
potentially, execute arbitrary code with the privileges of the user running
BusyBox. (CVE-2006-1168)

The BusyBox DHCP client, udhcpc, did not sufficiently sanitize certain
options provided in DHCP server replies, such as the client hostname. A
malicious DHCP server could send such an option with a specially-crafted
value to a DHCP client. If this option's value was saved on the client
system, and then later insecurely evaluated by a process that assumes the
option is trusted, it could lead to arbitrary code execution with the
privileges of that process. Note: udhcpc is not used on Red Hat Enterprise
Linux by default, and no DHCP client script is provided with the busybox
packages. (CVE-2011-2716)

This update also fixes the following bugs:

  • Prior to this update, the cp command wrongly returned the exit code 0 to

indicate success if a device ran out of space while attempting to copy
files of more than 4 gigabytes. This update modifies BusyBox, so that in
such situations, the exit code 1 is returned. Now, the cp command shows
correctly whether a process failed. (BZ#689659)

  • Prior to this update, the findfs command failed to check all existing

block devices on a system with thousands of block device nodes in "/dev/".
This update modifies BusyBox so that findfs checks all block devices even
in this case. (BZ#756723)

All users of busybox are advised to upgrade to these updated packages,
which correct these issues.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Affected Products

  • Red Hat Enterprise Linux Server 5 x86_64
  • Red Hat Enterprise Linux Server 5 ia64
  • Red Hat Enterprise Linux Server 5 i386
  • Red Hat Enterprise Linux Workstation 5 x86_64
  • Red Hat Enterprise Linux Workstation 5 i386
  • Red Hat Enterprise Linux Desktop 5 x86_64
  • Red Hat Enterprise Linux Desktop 5 i386
  • Red Hat Enterprise Linux for IBM z Systems 5 s390x
  • Red Hat Enterprise Linux for Power, big endian 5 ppc
  • Red Hat Enterprise Linux Server from RHUI 5 x86_64
  • Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

  • BZ - 201919 - CVE-2006-1168 ncompress: .bss buffer underflow in decompression
  • BZ - 689659 - "busybox cp" does not return a correct exit code when "No space left on device"
  • BZ - 725364 - CVE-2011-2716 busybox: udhcpc insufficient checking of DHCP options

CVEs

  • CVE-2006-1168
  • CVE-2011-2716

References

  • https://access.redhat.com/security/updates/classification/#low
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 5

SRPM
busybox-1.2.0-13.el5.src.rpm SHA-256: 8ee9908e230d174f6ef3ac6d5f62ef770524d4d1b1cfe576373ffdaa199c6cd7
x86_64
busybox-1.2.0-13.el5.x86_64.rpm SHA-256: 8abbbde458515dfdde502f57bb6fe2a7f1db7548d6453e7d383eaf0fadb3e177
busybox-anaconda-1.2.0-13.el5.x86_64.rpm SHA-256: bebec61ba88cce8643d919742e50e73a0e8a5d31df6c7d1c9068e75ff53579d4
ia64
busybox-1.2.0-13.el5.ia64.rpm SHA-256: 8c6267898ca584dee6a52ccf1737fa284daeae15448ec2f4049f56a89144ab07
busybox-anaconda-1.2.0-13.el5.ia64.rpm SHA-256: 1cacf4304ed2742d4bf6d8a9c7582784526df2210017ae95ea940e416a894e5e
i386
busybox-1.2.0-13.el5.i386.rpm SHA-256: e1aaa1726ad230c8a35d93e723be165c266eb2194511e552ce0fe345430c624d
busybox-anaconda-1.2.0-13.el5.i386.rpm SHA-256: 332bbecb9a82f3303c16ab00982d246b79f5e57ac6b9b018f8c924fcbae6534b

Red Hat Enterprise Linux Workstation 5

SRPM
busybox-1.2.0-13.el5.src.rpm SHA-256: 8ee9908e230d174f6ef3ac6d5f62ef770524d4d1b1cfe576373ffdaa199c6cd7
x86_64
busybox-1.2.0-13.el5.x86_64.rpm SHA-256: 8abbbde458515dfdde502f57bb6fe2a7f1db7548d6453e7d383eaf0fadb3e177
busybox-anaconda-1.2.0-13.el5.x86_64.rpm SHA-256: bebec61ba88cce8643d919742e50e73a0e8a5d31df6c7d1c9068e75ff53579d4
i386
busybox-1.2.0-13.el5.i386.rpm SHA-256: e1aaa1726ad230c8a35d93e723be165c266eb2194511e552ce0fe345430c624d
busybox-anaconda-1.2.0-13.el5.i386.rpm SHA-256: 332bbecb9a82f3303c16ab00982d246b79f5e57ac6b9b018f8c924fcbae6534b

Red Hat Enterprise Linux Desktop 5

SRPM
busybox-1.2.0-13.el5.src.rpm SHA-256: 8ee9908e230d174f6ef3ac6d5f62ef770524d4d1b1cfe576373ffdaa199c6cd7
x86_64
busybox-1.2.0-13.el5.x86_64.rpm SHA-256: 8abbbde458515dfdde502f57bb6fe2a7f1db7548d6453e7d383eaf0fadb3e177
busybox-anaconda-1.2.0-13.el5.x86_64.rpm SHA-256: bebec61ba88cce8643d919742e50e73a0e8a5d31df6c7d1c9068e75ff53579d4
i386
busybox-1.2.0-13.el5.i386.rpm SHA-256: e1aaa1726ad230c8a35d93e723be165c266eb2194511e552ce0fe345430c624d
busybox-anaconda-1.2.0-13.el5.i386.rpm SHA-256: 332bbecb9a82f3303c16ab00982d246b79f5e57ac6b9b018f8c924fcbae6534b

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
busybox-1.2.0-13.el5.src.rpm SHA-256: 8ee9908e230d174f6ef3ac6d5f62ef770524d4d1b1cfe576373ffdaa199c6cd7
s390x
busybox-1.2.0-13.el5.s390x.rpm SHA-256: c523c41f09473e6e87b0de4abb255f46a6d18871763104e18bab8c353ba594ab
busybox-anaconda-1.2.0-13.el5.s390x.rpm SHA-256: 346ca103045c2881ff2f672ec9a4046d011ebfc97b39ad28c09bc4573c3b3247

Red Hat Enterprise Linux for Power, big endian 5

SRPM
busybox-1.2.0-13.el5.src.rpm SHA-256: 8ee9908e230d174f6ef3ac6d5f62ef770524d4d1b1cfe576373ffdaa199c6cd7
ppc
busybox-1.2.0-13.el5.ppc.rpm SHA-256: 94669ac7d72765a8e11d0f18cbb99d5b080137fb7082507679c96b97021d2860
busybox-anaconda-1.2.0-13.el5.ppc.rpm SHA-256: ef2e6efe39dd1d3eb0bfb71fa7d74e8748419cbca5670144c35d23d3cdf4a470

Red Hat Enterprise Linux Server from RHUI 5

SRPM
busybox-1.2.0-13.el5.src.rpm SHA-256: 8ee9908e230d174f6ef3ac6d5f62ef770524d4d1b1cfe576373ffdaa199c6cd7
x86_64
busybox-1.2.0-13.el5.x86_64.rpm SHA-256: 8abbbde458515dfdde502f57bb6fe2a7f1db7548d6453e7d383eaf0fadb3e177
busybox-anaconda-1.2.0-13.el5.x86_64.rpm SHA-256: bebec61ba88cce8643d919742e50e73a0e8a5d31df6c7d1c9068e75ff53579d4
i386
busybox-1.2.0-13.el5.i386.rpm SHA-256: e1aaa1726ad230c8a35d93e723be165c266eb2194511e552ce0fe345430c624d
busybox-anaconda-1.2.0-13.el5.i386.rpm SHA-256: 332bbecb9a82f3303c16ab00982d246b79f5e57ac6b9b018f8c924fcbae6534b

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat, Inc.

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility