Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:5458: Red Hat Security Advisory: libeconf security update

An update for libeconf is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2023-30079: A flaw was found in the libeconf library. This issue occurs when parsing a specially crafted configuration file, causing a stack-based buffer overflow that results in a denial of service.
Red Hat Security Data
Open in Source
#vulnerability#web#linux#red_hat#dos#nodejs#js#kubernetes#aws#buffer_overflow#ibm#sap

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

All Products

Issued:

2023-10-05

Updated:

2023-10-05

RHSA-2023:5458 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: libeconf security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for libeconf is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Libeconf is a highly flexible and configurable library to parse and manage key=value configuration files. It reads configuration file snippets from different directories and builds the final configuration file from it.

Security Fix(es):

  • libeconf: Stack overflow in function read_file at libeconf/lib/getfilecontents.c (CVE-2023-30079)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0 ppc64le
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64
  • Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0 aarch64
  • Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0 s390x

Fixes

  • BZ - 2234595 - CVE-2023-30079 libeconf: Stack overflow in function read_file at libeconf/lib/getfilecontents.c

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0

SRPM

libeconf-0.4.1-3.el9_0.src.rpm

SHA-256: f059701bc1a6beea1bc7dea28674a2b0d6c8e8834691738348aac07a5378f9fd

x86_64

libeconf-0.4.1-3.el9_0.i686.rpm

SHA-256: 1ff27be2b3f3c73a0a5e84963dbfee4654f15a260faa7be4b53b9b73385218cb

libeconf-0.4.1-3.el9_0.x86_64.rpm

SHA-256: a21dda5b8eb3576ba3f1d9634019501f6f3c2c499880eb8038f98dd93a119ad7

libeconf-debuginfo-0.4.1-3.el9_0.i686.rpm

SHA-256: 6582d2fb2fc7fa455012a8e7410423822e4dea519f526515adaad1aa3c87c695

libeconf-debuginfo-0.4.1-3.el9_0.x86_64.rpm

SHA-256: 5f75ae05b58974f987dba5721e334b96e8531b0e9b4188407b0f318e52332adf

libeconf-debugsource-0.4.1-3.el9_0.i686.rpm

SHA-256: a6d636d41e7db7bf6bd0ac81856ae51d4d6f6e4a497620170eb727d910ccf567

libeconf-debugsource-0.4.1-3.el9_0.x86_64.rpm

SHA-256: ad9330f5dbcd5a0e35fd926d6b4404981e27f1bf212a1b872d783e6cebe9cbf3

libeconf-utils-debuginfo-0.4.1-3.el9_0.i686.rpm

SHA-256: 9fe39437b0a018400944a2f0eb8e589c5519f20b941dd4a606f309a62d5702bb

libeconf-utils-debuginfo-0.4.1-3.el9_0.x86_64.rpm

SHA-256: 740db18ea13cd682b1a761fca97675eb98534a2cf5841d77a73fade61b973301

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0

SRPM

libeconf-0.4.1-3.el9_0.src.rpm

SHA-256: f059701bc1a6beea1bc7dea28674a2b0d6c8e8834691738348aac07a5378f9fd

s390x

libeconf-0.4.1-3.el9_0.s390x.rpm

SHA-256: 0baaf71c730573e92edcbdf63fe20247d0688d2b0169af38ac575cef420d19ed

libeconf-debuginfo-0.4.1-3.el9_0.s390x.rpm

SHA-256: bbc580baa4cf9ec5ec843cbd9839455e7fc4ace3447c5ee630749c77ce0226de

libeconf-debugsource-0.4.1-3.el9_0.s390x.rpm

SHA-256: 7b30477c9354be1719b075cf25dd128762ad2058814ffd0afa1bc8e3aefe4f07

libeconf-utils-debuginfo-0.4.1-3.el9_0.s390x.rpm

SHA-256: edc15e235d269531eb1c4952147f4a4773f508eee195046a7393160506067da9

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0

SRPM

libeconf-0.4.1-3.el9_0.src.rpm

SHA-256: f059701bc1a6beea1bc7dea28674a2b0d6c8e8834691738348aac07a5378f9fd

ppc64le

libeconf-0.4.1-3.el9_0.ppc64le.rpm

SHA-256: d3f8bfb9135277e2113034779efabd5ca6824bf4ebd2fafbbe69918f4e2c9d11

libeconf-debuginfo-0.4.1-3.el9_0.ppc64le.rpm

SHA-256: 33ebcc05f44c7bb96c47e35e0719ba8eaa16cf9d279eb9e900747b2becb09f9e

libeconf-debugsource-0.4.1-3.el9_0.ppc64le.rpm

SHA-256: bd9b9558fae7ba9115a6dab881a3de7158414dff887dadc847090de87a584832

libeconf-utils-debuginfo-0.4.1-3.el9_0.ppc64le.rpm

SHA-256: 8049cfd8211f4b1924999d974dd195df5f60c15ab4022a85f0053451edc61d76

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0

SRPM

libeconf-0.4.1-3.el9_0.src.rpm

SHA-256: f059701bc1a6beea1bc7dea28674a2b0d6c8e8834691738348aac07a5378f9fd

aarch64

libeconf-0.4.1-3.el9_0.aarch64.rpm

SHA-256: e5abe71c9957f2370bdfed76894915d672660e35697837fbc1d3684ad2684f82

libeconf-debuginfo-0.4.1-3.el9_0.aarch64.rpm

SHA-256: 5bd20f55b73f94cf841ddb0215be578adec88d79a5efb8d6ce5c4844181fc9c9

libeconf-debugsource-0.4.1-3.el9_0.aarch64.rpm

SHA-256: 344332ca11fc36a4d6da814df379bba4866143bbe34d2e2822f79a30a19f3cd8

libeconf-utils-debuginfo-0.4.1-3.el9_0.aarch64.rpm

SHA-256: db14fcca0449f6b728a0d9ee1f426a0eeabb7e19b47954af8d67cc020dacdac5

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0

SRPM

libeconf-0.4.1-3.el9_0.src.rpm

SHA-256: f059701bc1a6beea1bc7dea28674a2b0d6c8e8834691738348aac07a5378f9fd

ppc64le

libeconf-0.4.1-3.el9_0.ppc64le.rpm

SHA-256: d3f8bfb9135277e2113034779efabd5ca6824bf4ebd2fafbbe69918f4e2c9d11

libeconf-debuginfo-0.4.1-3.el9_0.ppc64le.rpm

SHA-256: 33ebcc05f44c7bb96c47e35e0719ba8eaa16cf9d279eb9e900747b2becb09f9e

libeconf-debugsource-0.4.1-3.el9_0.ppc64le.rpm

SHA-256: bd9b9558fae7ba9115a6dab881a3de7158414dff887dadc847090de87a584832

libeconf-utils-debuginfo-0.4.1-3.el9_0.ppc64le.rpm

SHA-256: 8049cfd8211f4b1924999d974dd195df5f60c15ab4022a85f0053451edc61d76

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0

SRPM

libeconf-0.4.1-3.el9_0.src.rpm

SHA-256: f059701bc1a6beea1bc7dea28674a2b0d6c8e8834691738348aac07a5378f9fd

x86_64

libeconf-0.4.1-3.el9_0.i686.rpm

SHA-256: 1ff27be2b3f3c73a0a5e84963dbfee4654f15a260faa7be4b53b9b73385218cb

libeconf-0.4.1-3.el9_0.x86_64.rpm

SHA-256: a21dda5b8eb3576ba3f1d9634019501f6f3c2c499880eb8038f98dd93a119ad7

libeconf-debuginfo-0.4.1-3.el9_0.i686.rpm

SHA-256: 6582d2fb2fc7fa455012a8e7410423822e4dea519f526515adaad1aa3c87c695

libeconf-debuginfo-0.4.1-3.el9_0.x86_64.rpm

SHA-256: 5f75ae05b58974f987dba5721e334b96e8531b0e9b4188407b0f318e52332adf

libeconf-debugsource-0.4.1-3.el9_0.i686.rpm

SHA-256: a6d636d41e7db7bf6bd0ac81856ae51d4d6f6e4a497620170eb727d910ccf567

libeconf-debugsource-0.4.1-3.el9_0.x86_64.rpm

SHA-256: ad9330f5dbcd5a0e35fd926d6b4404981e27f1bf212a1b872d783e6cebe9cbf3

libeconf-utils-debuginfo-0.4.1-3.el9_0.i686.rpm

SHA-256: 9fe39437b0a018400944a2f0eb8e589c5519f20b941dd4a606f309a62d5702bb

libeconf-utils-debuginfo-0.4.1-3.el9_0.x86_64.rpm

SHA-256: 740db18ea13cd682b1a761fca97675eb98534a2cf5841d77a73fade61b973301

Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0

SRPM

libeconf-0.4.1-3.el9_0.src.rpm

SHA-256: f059701bc1a6beea1bc7dea28674a2b0d6c8e8834691738348aac07a5378f9fd

aarch64

libeconf-0.4.1-3.el9_0.aarch64.rpm

SHA-256: e5abe71c9957f2370bdfed76894915d672660e35697837fbc1d3684ad2684f82

libeconf-debuginfo-0.4.1-3.el9_0.aarch64.rpm

SHA-256: 5bd20f55b73f94cf841ddb0215be578adec88d79a5efb8d6ce5c4844181fc9c9

libeconf-debugsource-0.4.1-3.el9_0.aarch64.rpm

SHA-256: 344332ca11fc36a4d6da814df379bba4866143bbe34d2e2822f79a30a19f3cd8

libeconf-utils-debuginfo-0.4.1-3.el9_0.aarch64.rpm

SHA-256: db14fcca0449f6b728a0d9ee1f426a0eeabb7e19b47954af8d67cc020dacdac5

Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0

SRPM

libeconf-0.4.1-3.el9_0.src.rpm

SHA-256: f059701bc1a6beea1bc7dea28674a2b0d6c8e8834691738348aac07a5378f9fd

s390x

libeconf-0.4.1-3.el9_0.s390x.rpm

SHA-256: 0baaf71c730573e92edcbdf63fe20247d0688d2b0169af38ac575cef420d19ed

libeconf-debuginfo-0.4.1-3.el9_0.s390x.rpm

SHA-256: bbc580baa4cf9ec5ec843cbd9839455e7fc4ace3447c5ee630749c77ce0226de

libeconf-debugsource-0.4.1-3.el9_0.s390x.rpm

SHA-256: 7b30477c9354be1719b075cf25dd128762ad2058814ffd0afa1bc8e3aefe4f07

libeconf-utils-debuginfo-0.4.1-3.el9_0.s390x.rpm

SHA-256: edc15e235d269531eb1c4952147f4a4773f508eee195046a7393160506067da9

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

Red Hat Security Advisory 2023-5458-01

Red Hat Security Advisory 2023-5458-01 - Libeconf is a highly flexible and configurable library to parse and manage key=value configuration files. It reads configuration file snippets from different directories and builds the final configuration file from it.

CVE-2023-30079

A stack overflow vulnerability exists in function read_file in atlibeconf/lib/getfilecontents.c in libeconf 0.5.1 allows attackers to cause a Denial of service or execute arbitrary code.

Red Hat Security Data: Latest News

RHSA-2023:5627: Red Hat Security Advisory: kernel security, bug fix, and enhancement update
Red Hat Security Data