USN-4531-1: BusyBox vulnerability

22 September 2020

Fraudulent security certificates could allow sensitive information to be exposed when accessing the Internet.

Releases

Packages

  • busybox - Tiny utilities for small and embedded systems

Details

It was discovered that the BusyBox wget applet incorrectly validated SSL
certificates. A remote attacker could possibly use this issue to intercept
secure communications.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 20.04
Ubuntu 18.04

In general, a standard system update will make all the necessary changes.

References