[Bug 1953337] Re: Backport needed for 18.04 and 20.04 LTS (CVE-2021-42378)
Marc Deslauriers
1953337 at bugs.launchpad.net
Mon Dec 6 12:22:15 UTC 2021
It's "low" because I don't believe our use of busybox runs untrusted awk
scripts.
There are test packages available in the security team PPA here:
https://launchpad.net/~ubuntu-security-
proposed/+archive/ubuntu/ppa/+packages
They will probably be released this week.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to busybox in Ubuntu.
https://bugs.launchpad.net/bugs/1953337
Title:
Backport needed for 18.04 and 20.04 LTS (CVE-2021-42378)
Status in busybox package in Ubuntu:
New
Bug description:
Dear community,
Qualys reports a finding on our Ubuntu 18.04 and Ubuntu 20.04 instances because of CVE-2021-42378.
I can see that there is already a fix for Ubuntu 22.04. When will the fix be released for the LTS versions 18.04 and 20.04?
I can see the finding is monitored at
https://ubuntu.com/security/CVE-2021-42378, but the CVSS3 scoring is
7.2, so I think the rating "high" would be better. Or is there any
reason why "low" is ok?
Thanks in advance.
Best regards.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/busybox/+bug/1953337/+subscriptions
More information about the foundations-bugs
mailing list