Headline
RHSA-2023:5458: Red Hat Security Advisory: libeconf security update
An update for libeconf is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-30079: A flaw was found in the libeconf library. This issue occurs when parsing a specially crafted configuration file, causing a stack-based buffer overflow that results in a denial of service.
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- OpenShift Dev Spaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Quarkus
Integration and Automation
All Products
Issued:
2023-10-05
Updated:
2023-10-05
RHSA-2023:5458 - Security Advisory
- Overview
- Updated Packages
Synopsis
Important: libeconf security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for libeconf is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Libeconf is a highly flexible and configurable library to parse and manage key=value configuration files. It reads configuration file snippets from different directories and builds the final configuration file from it.
Security Fix(es):
- libeconf: Stack overflow in function read_file at libeconf/lib/getfilecontents.c (CVE-2023-30079)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0 x86_64
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0 s390x
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0 ppc64le
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0 aarch64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64
- Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0 aarch64
- Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0 s390x
Fixes
- BZ - 2234595 - CVE-2023-30079 libeconf: Stack overflow in function read_file at libeconf/lib/getfilecontents.c
Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0
SRPM
libeconf-0.4.1-3.el9_0.src.rpm
SHA-256: f059701bc1a6beea1bc7dea28674a2b0d6c8e8834691738348aac07a5378f9fd
x86_64
libeconf-0.4.1-3.el9_0.i686.rpm
SHA-256: 1ff27be2b3f3c73a0a5e84963dbfee4654f15a260faa7be4b53b9b73385218cb
libeconf-0.4.1-3.el9_0.x86_64.rpm
SHA-256: a21dda5b8eb3576ba3f1d9634019501f6f3c2c499880eb8038f98dd93a119ad7
libeconf-debuginfo-0.4.1-3.el9_0.i686.rpm
SHA-256: 6582d2fb2fc7fa455012a8e7410423822e4dea519f526515adaad1aa3c87c695
libeconf-debuginfo-0.4.1-3.el9_0.x86_64.rpm
SHA-256: 5f75ae05b58974f987dba5721e334b96e8531b0e9b4188407b0f318e52332adf
libeconf-debugsource-0.4.1-3.el9_0.i686.rpm
SHA-256: a6d636d41e7db7bf6bd0ac81856ae51d4d6f6e4a497620170eb727d910ccf567
libeconf-debugsource-0.4.1-3.el9_0.x86_64.rpm
SHA-256: ad9330f5dbcd5a0e35fd926d6b4404981e27f1bf212a1b872d783e6cebe9cbf3
libeconf-utils-debuginfo-0.4.1-3.el9_0.i686.rpm
SHA-256: 9fe39437b0a018400944a2f0eb8e589c5519f20b941dd4a606f309a62d5702bb
libeconf-utils-debuginfo-0.4.1-3.el9_0.x86_64.rpm
SHA-256: 740db18ea13cd682b1a761fca97675eb98534a2cf5841d77a73fade61b973301
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0
SRPM
libeconf-0.4.1-3.el9_0.src.rpm
SHA-256: f059701bc1a6beea1bc7dea28674a2b0d6c8e8834691738348aac07a5378f9fd
s390x
libeconf-0.4.1-3.el9_0.s390x.rpm
SHA-256: 0baaf71c730573e92edcbdf63fe20247d0688d2b0169af38ac575cef420d19ed
libeconf-debuginfo-0.4.1-3.el9_0.s390x.rpm
SHA-256: bbc580baa4cf9ec5ec843cbd9839455e7fc4ace3447c5ee630749c77ce0226de
libeconf-debugsource-0.4.1-3.el9_0.s390x.rpm
SHA-256: 7b30477c9354be1719b075cf25dd128762ad2058814ffd0afa1bc8e3aefe4f07
libeconf-utils-debuginfo-0.4.1-3.el9_0.s390x.rpm
SHA-256: edc15e235d269531eb1c4952147f4a4773f508eee195046a7393160506067da9
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0
SRPM
libeconf-0.4.1-3.el9_0.src.rpm
SHA-256: f059701bc1a6beea1bc7dea28674a2b0d6c8e8834691738348aac07a5378f9fd
ppc64le
libeconf-0.4.1-3.el9_0.ppc64le.rpm
SHA-256: d3f8bfb9135277e2113034779efabd5ca6824bf4ebd2fafbbe69918f4e2c9d11
libeconf-debuginfo-0.4.1-3.el9_0.ppc64le.rpm
SHA-256: 33ebcc05f44c7bb96c47e35e0719ba8eaa16cf9d279eb9e900747b2becb09f9e
libeconf-debugsource-0.4.1-3.el9_0.ppc64le.rpm
SHA-256: bd9b9558fae7ba9115a6dab881a3de7158414dff887dadc847090de87a584832
libeconf-utils-debuginfo-0.4.1-3.el9_0.ppc64le.rpm
SHA-256: 8049cfd8211f4b1924999d974dd195df5f60c15ab4022a85f0053451edc61d76
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0
SRPM
libeconf-0.4.1-3.el9_0.src.rpm
SHA-256: f059701bc1a6beea1bc7dea28674a2b0d6c8e8834691738348aac07a5378f9fd
aarch64
libeconf-0.4.1-3.el9_0.aarch64.rpm
SHA-256: e5abe71c9957f2370bdfed76894915d672660e35697837fbc1d3684ad2684f82
libeconf-debuginfo-0.4.1-3.el9_0.aarch64.rpm
SHA-256: 5bd20f55b73f94cf841ddb0215be578adec88d79a5efb8d6ce5c4844181fc9c9
libeconf-debugsource-0.4.1-3.el9_0.aarch64.rpm
SHA-256: 344332ca11fc36a4d6da814df379bba4866143bbe34d2e2822f79a30a19f3cd8
libeconf-utils-debuginfo-0.4.1-3.el9_0.aarch64.rpm
SHA-256: db14fcca0449f6b728a0d9ee1f426a0eeabb7e19b47954af8d67cc020dacdac5
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0
SRPM
libeconf-0.4.1-3.el9_0.src.rpm
SHA-256: f059701bc1a6beea1bc7dea28674a2b0d6c8e8834691738348aac07a5378f9fd
ppc64le
libeconf-0.4.1-3.el9_0.ppc64le.rpm
SHA-256: d3f8bfb9135277e2113034779efabd5ca6824bf4ebd2fafbbe69918f4e2c9d11
libeconf-debuginfo-0.4.1-3.el9_0.ppc64le.rpm
SHA-256: 33ebcc05f44c7bb96c47e35e0719ba8eaa16cf9d279eb9e900747b2becb09f9e
libeconf-debugsource-0.4.1-3.el9_0.ppc64le.rpm
SHA-256: bd9b9558fae7ba9115a6dab881a3de7158414dff887dadc847090de87a584832
libeconf-utils-debuginfo-0.4.1-3.el9_0.ppc64le.rpm
SHA-256: 8049cfd8211f4b1924999d974dd195df5f60c15ab4022a85f0053451edc61d76
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0
SRPM
libeconf-0.4.1-3.el9_0.src.rpm
SHA-256: f059701bc1a6beea1bc7dea28674a2b0d6c8e8834691738348aac07a5378f9fd
x86_64
libeconf-0.4.1-3.el9_0.i686.rpm
SHA-256: 1ff27be2b3f3c73a0a5e84963dbfee4654f15a260faa7be4b53b9b73385218cb
libeconf-0.4.1-3.el9_0.x86_64.rpm
SHA-256: a21dda5b8eb3576ba3f1d9634019501f6f3c2c499880eb8038f98dd93a119ad7
libeconf-debuginfo-0.4.1-3.el9_0.i686.rpm
SHA-256: 6582d2fb2fc7fa455012a8e7410423822e4dea519f526515adaad1aa3c87c695
libeconf-debuginfo-0.4.1-3.el9_0.x86_64.rpm
SHA-256: 5f75ae05b58974f987dba5721e334b96e8531b0e9b4188407b0f318e52332adf
libeconf-debugsource-0.4.1-3.el9_0.i686.rpm
SHA-256: a6d636d41e7db7bf6bd0ac81856ae51d4d6f6e4a497620170eb727d910ccf567
libeconf-debugsource-0.4.1-3.el9_0.x86_64.rpm
SHA-256: ad9330f5dbcd5a0e35fd926d6b4404981e27f1bf212a1b872d783e6cebe9cbf3
libeconf-utils-debuginfo-0.4.1-3.el9_0.i686.rpm
SHA-256: 9fe39437b0a018400944a2f0eb8e589c5519f20b941dd4a606f309a62d5702bb
libeconf-utils-debuginfo-0.4.1-3.el9_0.x86_64.rpm
SHA-256: 740db18ea13cd682b1a761fca97675eb98534a2cf5841d77a73fade61b973301
Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0
SRPM
libeconf-0.4.1-3.el9_0.src.rpm
SHA-256: f059701bc1a6beea1bc7dea28674a2b0d6c8e8834691738348aac07a5378f9fd
aarch64
libeconf-0.4.1-3.el9_0.aarch64.rpm
SHA-256: e5abe71c9957f2370bdfed76894915d672660e35697837fbc1d3684ad2684f82
libeconf-debuginfo-0.4.1-3.el9_0.aarch64.rpm
SHA-256: 5bd20f55b73f94cf841ddb0215be578adec88d79a5efb8d6ce5c4844181fc9c9
libeconf-debugsource-0.4.1-3.el9_0.aarch64.rpm
SHA-256: 344332ca11fc36a4d6da814df379bba4866143bbe34d2e2822f79a30a19f3cd8
libeconf-utils-debuginfo-0.4.1-3.el9_0.aarch64.rpm
SHA-256: db14fcca0449f6b728a0d9ee1f426a0eeabb7e19b47954af8d67cc020dacdac5
Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0
SRPM
libeconf-0.4.1-3.el9_0.src.rpm
SHA-256: f059701bc1a6beea1bc7dea28674a2b0d6c8e8834691738348aac07a5378f9fd
s390x
libeconf-0.4.1-3.el9_0.s390x.rpm
SHA-256: 0baaf71c730573e92edcbdf63fe20247d0688d2b0169af38ac575cef420d19ed
libeconf-debuginfo-0.4.1-3.el9_0.s390x.rpm
SHA-256: bbc580baa4cf9ec5ec843cbd9839455e7fc4ace3447c5ee630749c77ce0226de
libeconf-debugsource-0.4.1-3.el9_0.s390x.rpm
SHA-256: 7b30477c9354be1719b075cf25dd128762ad2058814ffd0afa1bc8e3aefe4f07
libeconf-utils-debuginfo-0.4.1-3.el9_0.s390x.rpm
SHA-256: edc15e235d269531eb1c4952147f4a4773f508eee195046a7393160506067da9
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Red Hat Security Advisory 2023-5458-01 - Libeconf is a highly flexible and configurable library to parse and manage key=value configuration files. It reads configuration file snippets from different directories and builds the final configuration file from it.
A stack overflow vulnerability exists in function read_file in atlibeconf/lib/getfilecontents.c in libeconf 0.5.1 allows attackers to cause a Denial of service or execute arbitrary code.