Bug 14182

Summary:	busybox 1.36.1 CVEs found
Product:	[ROSA-based products] ROSA Fresh	Reporter:	Vladimir Potapov <v.potapov>
Component:	Preinstalled software in the ISO	Assignee:	ROSA Linux Bugs <bugs>
Status:	RESOLVED WONTFIX	QA Contact:	ROSA Linux Bugs <bugs>
Severity:	blocker
Priority:	Highest	CC:	i.gaptrakhmanov
Version:	All	Flags:	v.potapov: secteam_verified?
Target Milestone:	---
Hardware:	All
OS:	Linux
URL:	CVE-2023-42363,CVE-2023-42364,CVE-2023-42365,CVE-2023-42366
Whiteboard:
Platform:	---	ROSA Vulnerability identifier:
RPM Package:		ISO-related:
Bad POT generating:		Upstream:

Description Vladimir Potapov 2023-12-28 11:00:32 MSK

https://nvd.nist.gov/vuln/detail/CVE-2023-42363 exploit!
https://nvd.nist.gov/vuln/detail/CVE-2023-42364 exploit!
https://nvd.nist.gov/vuln/detail/CVE-2023-42365 exploit!
https://nvd.nist.gov/vuln/detail/CVE-2023-42366 exploit!

Comment 1 ilfat 2024-01-15 13:28:45 MSK

There are currently no fixes for these vulnerabilities.

https://security-tracker.debian.org/tracker/CVE-2023-42363
https://security-tracker.debian.org/tracker/CVE-2023-42364
https://security-tracker.debian.org/tracker/CVE-2023-42365
https://security-tracker.debian.org/tracker/CVE-2023-42366

Comment 2 Vladimir Potapov 2024-01-17 17:37:41 MSK

минорная ошибка https://security-tracker.debian.org/tracker/CVE-2023-42363
minor issue https://security-tracker.debian.org/tracker/CVE-2023-42364
minor issue https://security-tracker.debian.org/tracker/CVE-2023-42365
minor issue https://security-tracker.debian.org/tracker/CVE-2023-42366