Synopsis: Low: busybox security and bug fix update Advisory ID: SLSA-2013:1732-2 Issue Date: 2013-11-21 CVE Numbers: CVE-2013-1813 -- It was found that the mdev BusyBox utility could create certain directories within /dev with world-writable permissions. A local unprivileged user could use this flaw to manipulate portions of the /dev directory tree. (CVE-2013-1813) This update also fixes the following bugs: * Previously, due to a too eager string size optimization on the IBM System z architecture, the "wc" BusyBox command failed after processing standard input with the following error: wc: : No such file or directory This bug was fixed by disabling the string size optimization and the "wc" command works properly on IBM System z architectures. * Prior to this update, the "mknod" command was unable to create device nodes with a major or minor number larger than 255. Consequently, the kdump utility failed to handle such a device. The underlying source code has been modified, and it is now possible to use the "mknod" command to create device nodes with a major or minor number larger than 255. * If a network installation from an NFS server was selected, the "mount" command used the UDP protocol by default. If only TCP mounts were supported by the server, this led to a failure of the mount command. As a result, Anaconda could not continue with the installation. This bug is now fixed and NFS mount operations default to the TCP protocol. -- SL6 x86_64 busybox-1.15.1-20.el6.x86_64.rpm busybox-petitboot-1.15.1-20.el6.x86_64.rpm i386 busybox-1.15.1-20.el6.i686.rpm busybox-petitboot-1.15.1-20.el6.i686.rpm - Scientific Linux Development Team