Synopsis:          Low: busybox security and bug fix update
Advisory ID:       SLSA-2013:1732-2
Issue Date:        2013-11-21
CVE Numbers:       CVE-2013-1813
--

It was found that the mdev BusyBox utility could create certain
directories within /dev with world-writable permissions. A local
unprivileged user could use this flaw to manipulate portions of the /dev
directory tree. (CVE-2013-1813)

This update also fixes the following bugs:

* Previously, due to a too eager string size optimization on the IBM
System z architecture, the "wc" BusyBox command failed after processing
standard input with the following error:

wc: : No such file or directory

This bug was fixed by disabling the string size optimization and the "wc"
command works properly on IBM System z architectures.

* Prior to this update, the "mknod" command was unable to create device
nodes with a major or minor number larger than 255. Consequently, the
kdump utility failed to handle such a device. The underlying source code
has been modified, and it is now possible to use the "mknod" command to
create device nodes with a major or minor number larger than 255.

* If a network installation from an NFS server was selected, the "mount"
command used the UDP protocol by default. If only TCP mounts were
supported by the server, this led to a failure of the mount command. As a
result, Anaconda could not continue with the installation. This bug is now
fixed and NFS mount operations default to the TCP protocol.
--

SL6
  x86_64
    busybox-1.15.1-20.el6.x86_64.rpm
    busybox-petitboot-1.15.1-20.el6.x86_64.rpm
  i386
    busybox-1.15.1-20.el6.i686.rpm
    busybox-petitboot-1.15.1-20.el6.i686.rpm

- Scientific Linux Development Team