[Bug 1953337] Re: Backport needed for 18.04 and 20.04 LTS (CVE-2021-42378)

Marc Deslauriers 1953337 at bugs.launchpad.net
Mon Dec 6 12:22:15 UTC 2021


It's "low" because I don't believe our use of busybox runs untrusted awk
scripts.

There are test packages available in the security team PPA here:

https://launchpad.net/~ubuntu-security-
proposed/+archive/ubuntu/ppa/+packages

They will probably be released this week.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to busybox in Ubuntu.
https://bugs.launchpad.net/bugs/1953337

Title:
  Backport needed for 18.04 and 20.04 LTS (CVE-2021-42378)

Status in busybox package in Ubuntu:
  New

Bug description:
  Dear community,

  Qualys reports a finding on our Ubuntu 18.04 and Ubuntu 20.04 instances because of CVE-2021-42378.
  I can see that there is already a fix for Ubuntu 22.04. When will the fix be released for the LTS versions 18.04 and 20.04?

  I can see the finding is monitored at
  https://ubuntu.com/security/CVE-2021-42378, but the CVSS3 scoring is
  7.2, so I think the rating "high" would be better. Or is there any
  reason why "low" is ok?

  Thanks in advance.

  Best regards.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/busybox/+bug/1953337/+subscriptions




More information about the foundations-bugs mailing list