busybox-1.37.0-10.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2026:10258-1 Final 1 1 2026-02-26T00:00:00Z current 2026-02-26T00:00:00Z 2026-02-26T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z busybox-1.37.0-10.1 on GA media These are all security issues fixed in the busybox-1.37.0-10.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2026-10258 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2026-26157/ SUSE CVE CVE-2026-26157 page openSUSE Tumbleweed busybox-1.37.0-10.1 busybox-static-1.37.0-10.1 busybox-testsuite-1.37.0-10.1 busybox-warewulf3-1.37.0-10.1 busybox-1.37.0-10.1 as a component of openSUSE Tumbleweed busybox-static-1.37.0-10.1 as a component of openSUSE Tumbleweed busybox-testsuite-1.37.0-10.1 as a component of openSUSE Tumbleweed busybox-warewulf3-1.37.0-10.1 as a component of openSUSE Tumbleweed A flaw was found in BusyBox. Incomplete path sanitization in its archive extraction utilities allows an attacker to craft malicious archives that when extracted, and under specific conditions, may write to files outside the intended directory. This can lead to arbitrary file overwrite, potentially enabling code execution through the modification of sensitive system files. CVE-2026-26157 openSUSE Tumbleweed:busybox-1.37.0-10.1 openSUSE Tumbleweed:busybox-static-1.37.0-10.1 openSUSE Tumbleweed:busybox-testsuite-1.37.0-10.1 openSUSE Tumbleweed:busybox-warewulf3-1.37.0-10.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-26157.html CVE-2026-26157 https://bugzilla.suse.com/1258163 SUSE Bug 1258163