[SECURITY] Fedora Core 5 Update: busybox-1.01-3.fc5

Ivana Varekova varekova at redhat.com
Thu May 4 18:12:16 UTC 2006 

---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2006-510
2006-05-04
---------------------------------------------------------------------

Product     : Fedora Core 5
Name        : busybox
Version     : 1.01                      
Release     : 3.fc5                  
Summary     : Statically linked binary providing simplified versions of system commands
Description :
Busybox is a single binary which includes versions of a large number
of system commands, including a shell.  This package can be very
useful for recovering from certain types of system failures,
particularly those involving broken shared libraries.

---------------------------------------------------------------------
Update Information:

The BusyBox passwd command does not use a proper salt when
generating passwords. This would create an instance where a
brute force attack could take very little time.
This problem is fixed in busybox-1.01-3.fc5.
---------------------------------------------------------------------
* Thu May  4 2006 Ivana Varekova <varekova at redhat.com> 1:1.01-3.fc5
- fix CVE-2006-1058 - BusyBox passwd command
  fails to generate password with salt (#187386)

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

df1508572569c949e3a0838a5620f11d7ba3bda6  SRPMS/busybox-1.01-3.fc5.src.rpm
504d98292ac4b2f28c1a9cbbf646e707581262bc  ppc/busybox-1.01-3.fc5.ppc.rpm
e741d38e0992c7307505de8fd439a5162d5b546a  ppc/busybox-anaconda-1.01-3.fc5.ppc.rpm
856f2032ef5d247edb715fed46e28ea0d3ea190c  ppc/debug/busybox-debuginfo-1.01-3.fc5.ppc.rpm
975026e30e21c93f81c09c51764f39522225798c  x86_64/busybox-1.01-3.fc5.x86_64.rpm
7d2631972295094a6b2bc5357b4a92b32aeb3d09  x86_64/busybox-anaconda-1.01-3.fc5.x86_64.rpm
562bb6ed70583946f9df2f45cbbdca08f839047b  x86_64/debug/busybox-debuginfo-1.01-3.fc5.x86_64.rpm
a8a6faafc76fc98d4bb2fcc758851e260a984613  i386/busybox-1.01-3.fc5.i386.rpm
62545a756fb36dbd77126cdd55f1d47ae0c07fdf  i386/busybox-anaconda-1.01-3.fc5.i386.rpm
d46de403268d8e5ddb8af85c41902bf6fa58de0a  i386/debug/busybox-debuginfo-1.01-3.fc5.i386.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.
---------------------------------------------------------------------

More information about the package-announce mailing list