Release date:
2025-11-04 15:11:26 UTC
Description:
* SECURITY UPDATE: missing SSL certificate validation vulnerability in wget
- debian/patches/CVE-2018-1000500-1.patch: implement TLS verification with
CENABLE_FEATURE_WGET_OPENSSL
- debian/patches/CVE 2018-1000500-2.patch: fix openssl options for cert verification
- CVE-2018-1000500
* SECURITY UPDATE: escape sequence injection attack
- debian/patches/CVE-2022-28391-1.patch: sockaddr2str: ensure only printable
characters are returned for the hostname part
- debian/patches/CVE-2022-28391-2.patch: nslookup: sanitize all printed strings
- CVE-2022-28391
* SECURITY UPDATE: directory traversal vulnerability in CPIO command
- debian/patches/CVE-2023-39810.patch: archival: disallow path traversals
- debian/config/pkg/*: regenerate to add the new FEATURE_PATH_TRAVERSAL_PROTECTION
option
- CVE-2023-39810
Updated packages:
-
busybox_1.30.1-4+tuxcare.els3_amd64.deb
sha:21a2ce52c43b99e8c54e0664eb281f404b686d96
-
busybox-static_1.30.1-4+tuxcare.els3_amd64.deb
sha:78dd776d8c94616d646705a43d2bd66a54fdb77b
-
busybox-syslogd_1.30.1-4+tuxcare.els3_all.deb
sha:b285d1fcf1db417003615ff4b836ff3175a3202a
-
udhcpc_1.30.1-4+tuxcare.els3_amd64.deb
sha:5fb6ffe2b094e54743bbcec262c10cbd0b469dc5
-
udhcpd_1.30.1-4+tuxcare.els3_amd64.deb
sha:ebc00a2736308db32cd17044925db8a5a6a0158d
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
