libeconf-0.4.1-3.el9

エラータID: AXSA:2023-6286:01

Release date: 
Thursday, August 3, 2023 - 05:54
Subject: 
libeconf-0.4.1-3.el9
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

Libeconf is a highly flexible and configurable library to parse and manage key=value configuration files. It reads configuration file snippets from different directories and builds the final configuration file from it.

Security Fix(es):

* libeconf: stack-based buffer overflow in read_file() in lib/getfilecontents.c (CVE-2023-22652)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2023-22652
A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in openSUSE libeconf leads to DoS via malformed config files. This issue affects libeconf: before 0.5.2.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. libeconf-0.4.1-3.el9.src.rpm
    MD5: 1689ec4b1ecc40c08e689d3a37ae2c2c
    SHA-256: 83a3f10975589db0f02371db1ce43dd4f710e619250a411ecf4475aa0c84f74d
    Size: 192.99 kB

Asianux Server 9 for x86_64
  1. libeconf-0.4.1-3.el9.i686.rpm
    MD5: 4bb3e665090aefef7e3160c50ab84d01
    SHA-256: 2625b80163148e1576ed88967845752ed406265f21da185960147943149eea49
    Size: 27.73 kB
  2. libeconf-0.4.1-3.el9.x86_64.rpm
    MD5: c516d55aa92fb220bbe7d3f6c15dbc32
    SHA-256: 6911a486c2702efc96ff66503d7ad668efcb14be9752b0b6d2821a168adf2bc3
    Size: 26.07 kB