[Bug 1953337] [NEW] Backport needed for 18.04 and 20.04 LTS (CVE-2021-42378)
Jason-Morries Adam
1953337 at bugs.launchpad.net
Mon Dec 6 11:26:52 UTC 2021
*** This bug is a security vulnerability ***
Public security bug reported:
Dear community,
Qualys reports a finding on our Ubuntu 18.04 and Ubuntu 20.04 instances because of CVE-2021-42378.
I can see that there is already a fix for Ubuntu 22.04. When will the fix be released for the LTS versions 18.04 and 20.04?
I can see the finding is monitored at
https://ubuntu.com/security/CVE-2021-42378, but the CVSS3 scoring is
7.2, so I think the rating "high" would be better. Or is there any
reason why "low" is ok?
Thanks in advance.
Best regards.
** Affects: busybox (Ubuntu)
Importance: Undecided
Status: New
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-42378
** Information type changed from Private Security to Public Security
** Information type changed from Public Security to Private Security
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to busybox in Ubuntu.
https://bugs.launchpad.net/bugs/1953337
Title:
Backport needed for 18.04 and 20.04 LTS (CVE-2021-42378)
Status in busybox package in Ubuntu:
New
Bug description:
Dear community,
Qualys reports a finding on our Ubuntu 18.04 and Ubuntu 20.04 instances because of CVE-2021-42378.
I can see that there is already a fix for Ubuntu 22.04. When will the fix be released for the LTS versions 18.04 and 20.04?
I can see the finding is monitored at
https://ubuntu.com/security/CVE-2021-42378, but the CVSS3 scoring is
7.2, so I think the rating "high" would be better. Or is there any
reason why "low" is ok?
Thanks in advance.
Best regards.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/busybox/+bug/1953337/+subscriptions
More information about the foundations-bugs
mailing list