Security update for busybox, busybox-links SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:03271-1 Final 1 1 2025-09-18T13:33:50Z current 2025-09-18T13:33:50Z 2025-09-18T13:33:50Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for busybox, busybox-links This update for busybox, busybox-links fixes the following issues: Updated to version 1.37.0 (jsc#PED-13039): - CVE-2023-42363: Fixed use-after-free vulnerability in xasprintf function in xfuncs_printf.c (bsc#1217580) - CVE-2023-42364: Fixed use-after-free in the awk.c evaluate function (bsc#1217584) - CVE-2023-42365: Fixed use-after-free in the awk.c copyvar function (bsc#1217585) Other fixes: - fix generation of file lists via Dockerfile - add copy of busybox.links from the container to catch changes to busybox config - Blacklist creating links for halt, reboot, shutdown commands to avoid accidental use in a fully booted system (bsc#1243201) - Add getfattr applet to attr filelist - busybox-udhcpc conflicts with udhcp. - Add new sub-package for udhcpc - zgrep: don't set the label option as only the real grep supports it (bsc#1215943) - Add conflict for coreutils-systemd, package got splitted - Check in filelists instead of buildrequiring all non-busybox utils - Replace transitional %usrmerged macro with regular version check (bsc#1206798) - Create sub-package 'hexedit' [bsc#1203399] - Create sub-package 'sha3sum' [bsc#1203397] - Drop update-alternatives support - Add provides smtp_daemon to busybox-sendmail - Add conflicts: mawk to busybox-gawk - fix mkdir path to point to /usr/bin instead of /bin - add placeholder variable and ignore applet logic to busybox.install - enable halt, poweroff, reboot commands (bsc#1243201) - Fully enable udhcpc and document that this tool needs special configuration and does not work out of the box [bsc#1217883] - Replace transitional %usrmerged macro with regular version check (bsc#1206798) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2025-3271,SUSE-SLE-Module-Basesystem-15-SP6-2025-3271,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-3271,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-3271,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-3271,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-3271,openSUSE-SLE-15.6-2025-3271 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-202503271-1/ Link for SUSE-SU-2025:03271-1 https://lists.suse.com/pipermail/sle-updates/2025-September/041774.html E-Mail link for SUSE-SU-2025:03271-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1203397 SUSE Bug 1203397 https://bugzilla.suse.com/1203399 SUSE Bug 1203399 https://bugzilla.suse.com/1206798 SUSE Bug 1206798 https://bugzilla.suse.com/1215943 SUSE Bug 1215943 https://bugzilla.suse.com/1217580 SUSE Bug 1217580 https://bugzilla.suse.com/1217584 SUSE Bug 1217584 https://bugzilla.suse.com/1217585 SUSE Bug 1217585 https://bugzilla.suse.com/1217883 SUSE Bug 1217883 https://bugzilla.suse.com/1239176 SUSE Bug 1239176 https://bugzilla.suse.com/1243201 SUSE Bug 1243201 https://www.suse.com/security/cve/CVE-2023-42363/ SUSE CVE CVE-2023-42363 page https://www.suse.com/security/cve/CVE-2023-42364/ SUSE CVE CVE-2023-42364 page https://www.suse.com/security/cve/CVE-2023-42365/ SUSE CVE CVE-2023-42365 page SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS SUSE Linux Enterprise Module for Basesystem 15 SP6 SUSE Linux Enterprise Server 15 SP5-LTSS SUSE Linux Enterprise Server for SAP Applications 15 SP5 openSUSE Leap 15.6 busybox-1.37.0-150500.10.11.1 busybox-adduser-1.37.0-150500.7.7.2 busybox-attr-1.37.0-150500.7.7.2 busybox-bc-1.37.0-150500.7.7.2 busybox-bind-utils-1.37.0-150500.7.7.2 busybox-bzip2-1.37.0-150500.7.7.2 busybox-coreutils-1.37.0-150500.7.7.2 busybox-cpio-1.37.0-150500.7.7.2 busybox-diffutils-1.37.0-150500.7.7.2 busybox-dos2unix-1.37.0-150500.7.7.2 busybox-ed-1.37.0-150500.7.7.2 busybox-findutils-1.37.0-150500.7.7.2 busybox-gawk-1.37.0-150500.7.7.2 busybox-grep-1.37.0-150500.7.7.2 busybox-gzip-1.37.0-150500.7.7.2 busybox-hexedit-1.37.0-150500.7.7.2 busybox-hostname-1.37.0-150500.7.7.2 busybox-iproute2-1.37.0-150500.7.7.2 busybox-iputils-1.37.0-150500.7.7.2 busybox-kbd-1.37.0-150500.7.7.2 busybox-kmod-1.37.0-150500.7.7.2 busybox-less-1.37.0-150500.7.7.2 busybox-links-1.37.0-150500.7.7.2 busybox-man-1.37.0-150500.7.7.2 busybox-misc-1.37.0-150500.7.7.2 busybox-ncurses-utils-1.37.0-150500.7.7.2 busybox-net-tools-1.37.0-150500.7.7.2 busybox-netcat-1.37.0-150500.7.7.2 busybox-patch-1.37.0-150500.7.7.2 busybox-policycoreutils-1.37.0-150500.7.7.2 busybox-procps-1.37.0-150500.7.7.2 busybox-psmisc-1.37.0-150500.7.7.2 busybox-sed-1.37.0-150500.7.7.2 busybox-selinux-tools-1.37.0-150500.7.7.2 busybox-sendmail-1.37.0-150500.7.7.2 busybox-sh-1.37.0-150500.7.7.2 busybox-sha3sum-1.37.0-150500.7.7.2 busybox-sharutils-1.37.0-150500.7.7.2 busybox-static-1.37.0-150500.10.11.1 busybox-syslogd-1.37.0-150500.7.7.2 busybox-sysvinit-tools-1.37.0-150500.7.7.2 busybox-tar-1.37.0-150500.7.7.2 busybox-telnet-1.37.0-150500.7.7.2 busybox-testsuite-1.37.0-150500.10.11.1 busybox-tftp-1.37.0-150500.7.7.2 busybox-time-1.37.0-150500.7.7.2 busybox-traceroute-1.37.0-150500.7.7.2 busybox-tunctl-1.37.0-150500.7.7.2 busybox-udhcpc-1.37.0-150500.7.7.2 busybox-unzip-1.37.0-150500.7.7.2 busybox-util-linux-1.37.0-150500.7.7.2 busybox-vi-1.37.0-150500.7.7.2 busybox-vlan-1.37.0-150500.7.7.2 busybox-warewulf3-1.37.0-150500.10.11.1 busybox-wget-1.37.0-150500.7.7.2 busybox-which-1.37.0-150500.7.7.2 busybox-whois-1.37.0-150500.7.7.2 busybox-xz-1.37.0-150500.7.7.2 busybox-1.37.0-150500.10.11.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS busybox-static-1.37.0-150500.10.11.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS busybox-1.37.0-150500.10.11.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS busybox-static-1.37.0-150500.10.11.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS busybox-1.37.0-150500.10.11.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 busybox-static-1.37.0-150500.10.11.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 busybox-1.37.0-150500.10.11.1 as a component of SUSE Linux Enterprise Server 15 SP5-LTSS busybox-static-1.37.0-150500.10.11.1 as a component of SUSE Linux Enterprise Server 15 SP5-LTSS busybox-1.37.0-150500.10.11.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP5 busybox-static-1.37.0-150500.10.11.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP5 busybox-adduser-1.37.0-150500.7.7.2 as a component of openSUSE Leap 15.6 busybox-attr-1.37.0-150500.7.7.2 as a component of openSUSE Leap 15.6 busybox-bc-1.37.0-150500.7.7.2 as a component of openSUSE Leap 15.6 busybox-bind-utils-1.37.0-150500.7.7.2 as a component of openSUSE Leap 15.6 busybox-bzip2-1.37.0-150500.7.7.2 as a component of openSUSE Leap 15.6 busybox-coreutils-1.37.0-150500.7.7.2 as a component of openSUSE Leap 15.6 busybox-cpio-1.37.0-150500.7.7.2 as a component of openSUSE Leap 15.6 busybox-diffutils-1.37.0-150500.7.7.2 as a component of openSUSE Leap 15.6 busybox-dos2unix-1.37.0-150500.7.7.2 as a component of openSUSE Leap 15.6 busybox-ed-1.37.0-150500.7.7.2 as a component of openSUSE Leap 15.6 busybox-findutils-1.37.0-150500.7.7.2 as a component of openSUSE Leap 15.6 busybox-gawk-1.37.0-150500.7.7.2 as a component of openSUSE Leap 15.6 busybox-grep-1.37.0-150500.7.7.2 as a component of openSUSE Leap 15.6 busybox-gzip-1.37.0-150500.7.7.2 as a component of openSUSE Leap 15.6 busybox-hostname-1.37.0-150500.7.7.2 as a component of openSUSE Leap 15.6 busybox-iproute2-1.37.0-150500.7.7.2 as a component of openSUSE Leap 15.6 busybox-iputils-1.37.0-150500.7.7.2 as a component of openSUSE Leap 15.6 busybox-kbd-1.37.0-150500.7.7.2 as a component of openSUSE Leap 15.6 busybox-kmod-1.37.0-150500.7.7.2 as a component of openSUSE Leap 15.6 busybox-less-1.37.0-150500.7.7.2 as a component of openSUSE Leap 15.6 busybox-links-1.37.0-150500.7.7.2 as a component of openSUSE Leap 15.6 busybox-man-1.37.0-150500.7.7.2 as a component of openSUSE Leap 15.6 busybox-misc-1.37.0-150500.7.7.2 as a component of openSUSE Leap 15.6 busybox-ncurses-utils-1.37.0-150500.7.7.2 as a component of openSUSE Leap 15.6 busybox-net-tools-1.37.0-150500.7.7.2 as a component of openSUSE Leap 15.6 busybox-netcat-1.37.0-150500.7.7.2 as a component of openSUSE Leap 15.6 busybox-patch-1.37.0-150500.7.7.2 as a component of openSUSE Leap 15.6 busybox-policycoreutils-1.37.0-150500.7.7.2 as a component of openSUSE Leap 15.6 busybox-procps-1.37.0-150500.7.7.2 as a component of openSUSE Leap 15.6 busybox-psmisc-1.37.0-150500.7.7.2 as a component of openSUSE Leap 15.6 busybox-sed-1.37.0-150500.7.7.2 as a component of openSUSE Leap 15.6 busybox-selinux-tools-1.37.0-150500.7.7.2 as a component of openSUSE Leap 15.6 busybox-sendmail-1.37.0-150500.7.7.2 as a component of openSUSE Leap 15.6 busybox-sh-1.37.0-150500.7.7.2 as a component of openSUSE Leap 15.6 busybox-sharutils-1.37.0-150500.7.7.2 as a component of openSUSE Leap 15.6 busybox-static-1.37.0-150500.10.11.1 as a component of openSUSE Leap 15.6 busybox-syslogd-1.37.0-150500.7.7.2 as a component of openSUSE Leap 15.6 busybox-sysvinit-tools-1.37.0-150500.7.7.2 as a component of openSUSE Leap 15.6 busybox-tar-1.37.0-150500.7.7.2 as a component of openSUSE Leap 15.6 busybox-telnet-1.37.0-150500.7.7.2 as a component of openSUSE Leap 15.6 busybox-testsuite-1.37.0-150500.10.11.1 as a component of openSUSE Leap 15.6 busybox-tftp-1.37.0-150500.7.7.2 as a component of openSUSE Leap 15.6 busybox-time-1.37.0-150500.7.7.2 as a component of openSUSE Leap 15.6 busybox-traceroute-1.37.0-150500.7.7.2 as a component of openSUSE Leap 15.6 busybox-tunctl-1.37.0-150500.7.7.2 as a component of openSUSE Leap 15.6 busybox-unzip-1.37.0-150500.7.7.2 as a component of openSUSE Leap 15.6 busybox-util-linux-1.37.0-150500.7.7.2 as a component of openSUSE Leap 15.6 busybox-vi-1.37.0-150500.7.7.2 as a component of openSUSE Leap 15.6 busybox-vlan-1.37.0-150500.7.7.2 as a component of openSUSE Leap 15.6 busybox-warewulf3-1.37.0-150500.10.11.1 as a component of openSUSE Leap 15.6 busybox-wget-1.37.0-150500.7.7.2 as a component of openSUSE Leap 15.6 busybox-which-1.37.0-150500.7.7.2 as a component of openSUSE Leap 15.6 busybox-whois-1.37.0-150500.7.7.2 as a component of openSUSE Leap 15.6 busybox-xz-1.37.0-150500.7.7.2 as a component of openSUSE Leap 15.6 A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1. CVE-2023-42363 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:busybox-1.37.0-150500.10.11.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:busybox-static-1.37.0-150500.10.11.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:busybox-1.37.0-150500.10.11.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:busybox-static-1.37.0-150500.10.11.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:busybox-1.37.0-150500.10.11.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:busybox-static-1.37.0-150500.10.11.1 SUSE Linux Enterprise Server 15 SP5-LTSS:busybox-1.37.0-150500.10.11.1 SUSE Linux Enterprise Server 15 SP5-LTSS:busybox-static-1.37.0-150500.10.11.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:busybox-1.37.0-150500.10.11.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:busybox-static-1.37.0-150500.10.11.1 openSUSE Leap 15.6:busybox-adduser-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-attr-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-bc-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-bind-utils-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-bzip2-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-coreutils-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-cpio-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-diffutils-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-dos2unix-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-ed-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-findutils-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-gawk-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-grep-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-gzip-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-hostname-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-iproute2-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-iputils-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-kbd-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-kmod-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-less-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-links-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-man-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-misc-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-ncurses-utils-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-net-tools-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-netcat-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-patch-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-policycoreutils-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-procps-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-psmisc-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-sed-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-selinux-tools-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-sendmail-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-sh-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-sharutils-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-static-1.37.0-150500.10.11.1 openSUSE Leap 15.6:busybox-syslogd-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-sysvinit-tools-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-tar-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-telnet-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-testsuite-1.37.0-150500.10.11.1 openSUSE Leap 15.6:busybox-tftp-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-time-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-traceroute-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-tunctl-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-unzip-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-util-linux-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-vi-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-vlan-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-warewulf3-1.37.0-150500.10.11.1 openSUSE Leap 15.6:busybox-wget-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-which-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-whois-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-xz-1.37.0-150500.7.7.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202503271-1/ https://www.suse.com/security/cve/CVE-2023-42363.html CVE-2023-42363 https://bugzilla.suse.com/1217580 SUSE Bug 1217580 A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function. CVE-2023-42364 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:busybox-1.37.0-150500.10.11.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:busybox-static-1.37.0-150500.10.11.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:busybox-1.37.0-150500.10.11.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:busybox-static-1.37.0-150500.10.11.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:busybox-1.37.0-150500.10.11.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:busybox-static-1.37.0-150500.10.11.1 SUSE Linux Enterprise Server 15 SP5-LTSS:busybox-1.37.0-150500.10.11.1 SUSE Linux Enterprise Server 15 SP5-LTSS:busybox-static-1.37.0-150500.10.11.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:busybox-1.37.0-150500.10.11.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:busybox-static-1.37.0-150500.10.11.1 openSUSE Leap 15.6:busybox-adduser-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-attr-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-bc-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-bind-utils-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-bzip2-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-coreutils-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-cpio-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-diffutils-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-dos2unix-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-ed-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-findutils-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-gawk-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-grep-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-gzip-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-hostname-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-iproute2-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-iputils-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-kbd-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-kmod-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-less-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-links-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-man-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-misc-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-ncurses-utils-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-net-tools-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-netcat-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-patch-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-policycoreutils-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-procps-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-psmisc-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-sed-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-selinux-tools-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-sendmail-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-sh-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-sharutils-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-static-1.37.0-150500.10.11.1 openSUSE Leap 15.6:busybox-syslogd-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-sysvinit-tools-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-tar-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-telnet-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-testsuite-1.37.0-150500.10.11.1 openSUSE Leap 15.6:busybox-tftp-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-time-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-traceroute-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-tunctl-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-unzip-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-util-linux-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-vi-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-vlan-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-warewulf3-1.37.0-150500.10.11.1 openSUSE Leap 15.6:busybox-wget-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-which-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-whois-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-xz-1.37.0-150500.7.7.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202503271-1/ https://www.suse.com/security/cve/CVE-2023-42364.html CVE-2023-42364 https://bugzilla.suse.com/1217584 SUSE Bug 1217584 A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function. CVE-2023-42365 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:busybox-1.37.0-150500.10.11.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:busybox-static-1.37.0-150500.10.11.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:busybox-1.37.0-150500.10.11.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:busybox-static-1.37.0-150500.10.11.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:busybox-1.37.0-150500.10.11.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:busybox-static-1.37.0-150500.10.11.1 SUSE Linux Enterprise Server 15 SP5-LTSS:busybox-1.37.0-150500.10.11.1 SUSE Linux Enterprise Server 15 SP5-LTSS:busybox-static-1.37.0-150500.10.11.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:busybox-1.37.0-150500.10.11.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:busybox-static-1.37.0-150500.10.11.1 openSUSE Leap 15.6:busybox-adduser-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-attr-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-bc-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-bind-utils-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-bzip2-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-coreutils-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-cpio-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-diffutils-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-dos2unix-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-ed-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-findutils-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-gawk-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-grep-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-gzip-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-hostname-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-iproute2-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-iputils-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-kbd-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-kmod-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-less-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-links-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-man-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-misc-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-ncurses-utils-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-net-tools-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-netcat-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-patch-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-policycoreutils-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-procps-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-psmisc-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-sed-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-selinux-tools-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-sendmail-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-sh-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-sharutils-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-static-1.37.0-150500.10.11.1 openSUSE Leap 15.6:busybox-syslogd-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-sysvinit-tools-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-tar-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-telnet-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-testsuite-1.37.0-150500.10.11.1 openSUSE Leap 15.6:busybox-tftp-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-time-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-traceroute-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-tunctl-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-unzip-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-util-linux-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-vi-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-vlan-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-warewulf3-1.37.0-150500.10.11.1 openSUSE Leap 15.6:busybox-wget-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-which-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-whois-1.37.0-150500.7.7.2 openSUSE Leap 15.6:busybox-xz-1.37.0-150500.7.7.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202503271-1/ https://www.suse.com/security/cve/CVE-2023-42365.html CVE-2023-42365 https://bugzilla.suse.com/1217585 SUSE Bug 1217585