USN-4531-1: BusyBox vulnerability
22 September 2020
Fraudulent security certificates could allow sensitive information to be exposed when accessing the Internet.
Releases
Packages
- busybox - Tiny utilities for small and embedded systems
Details
It was discovered that the BusyBox wget applet incorrectly validated SSL
certificates. A remote attacker could possibly use this issue to intercept
secure communications.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.04
-
busybox
-
1:1.30.1-4ubuntu6.2
-
busybox-initramfs
-
1:1.30.1-4ubuntu6.2
-
busybox-static
-
1:1.30.1-4ubuntu6.2
Ubuntu 18.04
-
busybox
-
1:1.27.2-2ubuntu3.3
-
busybox-initramfs
-
1:1.27.2-2ubuntu3.3
-
busybox-static
-
1:1.27.2-2ubuntu3.3
In general, a standard system update will make all the necessary changes.