(RHSA-2012:0308) Low: busybox security and bug fix update

BusyBox provides a single binary that includes versions of a large number
of system commands, including a shell. This can be very useful for
recovering from certain types of system failures, particularly those
involving broken shared libraries.

A buffer underflow flaw was found in the way the uncompress utility of
BusyBox expanded certain archive files compressed using Lempel-Ziv
compression. If a user were tricked into expanding a specially-crafted
archive file with uncompress, it could cause BusyBox to crash or,
potentially, execute arbitrary code with the privileges of the user running
BusyBox. (CVE-2006-1168)

The BusyBox DHCP client, udhcpc, did not sufficiently sanitize certain
options provided in DHCP server replies, such as the client hostname. A
malicious DHCP server could send such an option with a specially-crafted
value to a DHCP client. If this option’s value was saved on the client
system, and then later insecurely evaluated by a process that assumes the
option is trusted, it could lead to arbitrary code execution with the
privileges of that process. Note: udhcpc is not used on Red Hat Enterprise
Linux by default, and no DHCP client script is provided with the busybox
packages. (CVE-2011-2716)

This update also fixes the following bugs:

• Prior to this update, the cp command wrongly returned the exit code 0 to
  indicate success if a device ran out of space while attempting to copy
  files of more than 4 gigabytes. This update modifies BusyBox, so that in
  such situations, the exit code 1 is returned. Now, the cp command shows
  correctly whether a process failed. (BZ#689659)

• Prior to this update, the findfs command failed to check all existing
  block devices on a system with thousands of block device nodes in “/dev/”.
  This update modifies BusyBox so that findfs checks all block devices even
  in this case. (BZ#756723)

All users of busybox are advised to upgrade to these updated packages,
which correct these issues.