[SECURITY] Fedora Core 4 Update: busybox-1.00-5.fc4

Ivana Varekova varekova at redhat.com
Thu May 4 18:12:18 UTC 2006


---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2006-511
2006-05-04
---------------------------------------------------------------------

Product     : Fedora Core 4
Name        : busybox
Version     : 1.00                      
Release     : 5.fc4                  
Summary     : Statically linked binary providing simplified versions of system commands
Description :
Busybox is a single binary which includes versions of a large number
of system commands, including a shell.  This package can be very
useful for recovering from certain types of system failures,
particularly those involving broken shared libraries.

---------------------------------------------------------------------
Update Information:

The BusyBox passwd command does not use a proper salt when
generating passwords. This would create an instance where a
brute force attack could take very little time.
This problem is fixed in busybox-1.00-5.fc4.
---------------------------------------------------------------------
* Thu May  4 2006 Ivana Varekova <varekova at redhat.com> - 1.00-5.fc4
-  fix CVE-2006-1058 - BusyBox passwd command
  fails to generate password with salt (#187386)
* Wed May 11 2005 Ivana Varekova <varekova at redhat.com> - 1.00-5
- add debug files to debug_package

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

ee47688b9585066db30b812f687c13104a37287f  SRPMS/busybox-1.00-5.fc4.src.rpm
405afe850ed3b1c5725632781b921d759035228a  ppc/busybox-1.00-5.fc4.ppc.rpm
5142636e20492d2b122d15f64fea845daf9d801c  ppc/busybox-anaconda-1.00-5.fc4.ppc.rpm
2021899a3a4c991e6cf73d8ab7ad25fa518df155  ppc/debug/busybox-debuginfo-1.00-5.fc4.ppc.rpm
1ad9c5d5a48f8544a42bed7298a242df565d6de5  x86_64/busybox-1.00-5.fc4.x86_64.rpm
5400cd9dce94e42f78845c95bf57e08312c6f61d  x86_64/busybox-anaconda-1.00-5.fc4.x86_64.rpm
0755c1e0670e6ebad62999c25727eadda6322e44  x86_64/debug/busybox-debuginfo-1.00-5.fc4.x86_64.rpm
dad52b5f072ca10de348508350145cffc66b7e7b  i386/busybox-1.00-5.fc4.i386.rpm
4c73624a3d5426261cb626734071575258765e3a  i386/busybox-anaconda-1.00-5.fc4.i386.rpm
bdbe33bacd443aed302b5242dbb72103c7e1ad6f  i386/debug/busybox-debuginfo-1.00-5.fc4.i386.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.
---------------------------------------------------------------------




More information about the Fedora-package-announce mailing list