Headline
RHSA-2023:4347: Red Hat Security Advisory: libeconf security update
An update for libeconf is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-22652: A flaw was found in the libeconf library. This issue occurs when parsing a specially crafted configuration file, causing a stack-based buffer overflow, resulting in a denial of service.
Synopsis
Moderate: libeconf security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for libeconf is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Libeconf is a highly flexible and configurable library to parse and manage key=value configuration files. It reads configuration file snippets from different directories and builds the final configuration file from it.
Security Fix(es):
- libeconf: stack-based buffer overflow in read_file() in lib/getfilecontents.c (CVE-2023-22652)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 9 x86_64
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.2 x86_64
- Red Hat Enterprise Linux Server - AUS 9.2 x86_64
- Red Hat Enterprise Linux for IBM z Systems 9 s390x
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.2 s390x
- Red Hat Enterprise Linux for Power, little endian 9 ppc64le
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.2 ppc64le
- Red Hat Enterprise Linux for ARM 64 9 aarch64
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.2 aarch64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 x86_64
- Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.2 aarch64
- Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.2 s390x
Fixes
- BZ - 2212463 - CVE-2023-22652 libeconf: stack-based buffer overflow in read_file() in lib/getfilecontents.c
Red Hat Enterprise Linux for x86_64 9
SRPM
libeconf-0.4.1-3.el9_2.src.rpm
SHA-256: b36790c812c428210895364646966ad03b64d1837beec3385b690e9ef47fc1f1
x86_64
libeconf-0.4.1-3.el9_2.i686.rpm
SHA-256: 2ecd16448c9b0e30ab310a90a2430c8c8a9c97183f0b83bb8c768dd87b8c5517
libeconf-0.4.1-3.el9_2.x86_64.rpm
SHA-256: d2ff8b9c4b0d518331bc7a58af82a5d50cb685a49fc8b26b56d804da74d741d6
libeconf-debuginfo-0.4.1-3.el9_2.i686.rpm
SHA-256: 572b83d7fbbbead552457e27900f578668bbf447e904a198b038e28268b8128c
libeconf-debuginfo-0.4.1-3.el9_2.x86_64.rpm
SHA-256: d7e18f6b5b39aa171f9f0b630f292d97150e4ef894cd558c0ac8c3f81aab0694
libeconf-debugsource-0.4.1-3.el9_2.i686.rpm
SHA-256: dc7c1f7845268bd4461dbbd381dde8263b15e89445272eb4d5ee1eca4b14a911
libeconf-debugsource-0.4.1-3.el9_2.x86_64.rpm
SHA-256: e8e39cf58db367ce58ab65853778bd0c360a4bdc89d9063f93f728da5fe36258
libeconf-utils-debuginfo-0.4.1-3.el9_2.i686.rpm
SHA-256: e7af27914cfa153264abb90dd224bd6223f3e80ea8b74d30a2ace4a786f1c221
libeconf-utils-debuginfo-0.4.1-3.el9_2.x86_64.rpm
SHA-256: f0ab9c1e21fa6fa1489352538bb695323853a76a6cb7b46be658acdc3eac46cb
Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.2
SRPM
libeconf-0.4.1-3.el9_2.src.rpm
SHA-256: b36790c812c428210895364646966ad03b64d1837beec3385b690e9ef47fc1f1
x86_64
libeconf-0.4.1-3.el9_2.i686.rpm
SHA-256: 2ecd16448c9b0e30ab310a90a2430c8c8a9c97183f0b83bb8c768dd87b8c5517
libeconf-0.4.1-3.el9_2.x86_64.rpm
SHA-256: d2ff8b9c4b0d518331bc7a58af82a5d50cb685a49fc8b26b56d804da74d741d6
libeconf-debuginfo-0.4.1-3.el9_2.i686.rpm
SHA-256: 572b83d7fbbbead552457e27900f578668bbf447e904a198b038e28268b8128c
libeconf-debuginfo-0.4.1-3.el9_2.x86_64.rpm
SHA-256: d7e18f6b5b39aa171f9f0b630f292d97150e4ef894cd558c0ac8c3f81aab0694
libeconf-debugsource-0.4.1-3.el9_2.i686.rpm
SHA-256: dc7c1f7845268bd4461dbbd381dde8263b15e89445272eb4d5ee1eca4b14a911
libeconf-debugsource-0.4.1-3.el9_2.x86_64.rpm
SHA-256: e8e39cf58db367ce58ab65853778bd0c360a4bdc89d9063f93f728da5fe36258
libeconf-utils-debuginfo-0.4.1-3.el9_2.i686.rpm
SHA-256: e7af27914cfa153264abb90dd224bd6223f3e80ea8b74d30a2ace4a786f1c221
libeconf-utils-debuginfo-0.4.1-3.el9_2.x86_64.rpm
SHA-256: f0ab9c1e21fa6fa1489352538bb695323853a76a6cb7b46be658acdc3eac46cb
Red Hat Enterprise Linux Server - AUS 9.2
SRPM
libeconf-0.4.1-3.el9_2.src.rpm
SHA-256: b36790c812c428210895364646966ad03b64d1837beec3385b690e9ef47fc1f1
x86_64
libeconf-0.4.1-3.el9_2.i686.rpm
SHA-256: 2ecd16448c9b0e30ab310a90a2430c8c8a9c97183f0b83bb8c768dd87b8c5517
libeconf-0.4.1-3.el9_2.x86_64.rpm
SHA-256: d2ff8b9c4b0d518331bc7a58af82a5d50cb685a49fc8b26b56d804da74d741d6
libeconf-debuginfo-0.4.1-3.el9_2.i686.rpm
SHA-256: 572b83d7fbbbead552457e27900f578668bbf447e904a198b038e28268b8128c
libeconf-debuginfo-0.4.1-3.el9_2.x86_64.rpm
SHA-256: d7e18f6b5b39aa171f9f0b630f292d97150e4ef894cd558c0ac8c3f81aab0694
libeconf-debugsource-0.4.1-3.el9_2.i686.rpm
SHA-256: dc7c1f7845268bd4461dbbd381dde8263b15e89445272eb4d5ee1eca4b14a911
libeconf-debugsource-0.4.1-3.el9_2.x86_64.rpm
SHA-256: e8e39cf58db367ce58ab65853778bd0c360a4bdc89d9063f93f728da5fe36258
libeconf-utils-debuginfo-0.4.1-3.el9_2.i686.rpm
SHA-256: e7af27914cfa153264abb90dd224bd6223f3e80ea8b74d30a2ace4a786f1c221
libeconf-utils-debuginfo-0.4.1-3.el9_2.x86_64.rpm
SHA-256: f0ab9c1e21fa6fa1489352538bb695323853a76a6cb7b46be658acdc3eac46cb
Red Hat Enterprise Linux for IBM z Systems 9
SRPM
libeconf-0.4.1-3.el9_2.src.rpm
SHA-256: b36790c812c428210895364646966ad03b64d1837beec3385b690e9ef47fc1f1
s390x
libeconf-0.4.1-3.el9_2.s390x.rpm
SHA-256: cd70287c58764e375a6d2604b80e062cf125f4facfc57db820f69badbb752761
libeconf-debuginfo-0.4.1-3.el9_2.s390x.rpm
SHA-256: 720782112df187228b5daa134181b3b7ecafb8bfbd3ff5431fa210186520d06e
libeconf-debugsource-0.4.1-3.el9_2.s390x.rpm
SHA-256: b8bbdfed0d9ab7320a20a9cc51aca8fe2f2bfccd40fdef45dc3f478f01b38960
libeconf-utils-debuginfo-0.4.1-3.el9_2.s390x.rpm
SHA-256: 16559e366cee145eee0437d13cfba1434cd0f31844893432097ae357263e40ff
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.2
SRPM
libeconf-0.4.1-3.el9_2.src.rpm
SHA-256: b36790c812c428210895364646966ad03b64d1837beec3385b690e9ef47fc1f1
s390x
libeconf-0.4.1-3.el9_2.s390x.rpm
SHA-256: cd70287c58764e375a6d2604b80e062cf125f4facfc57db820f69badbb752761
libeconf-debuginfo-0.4.1-3.el9_2.s390x.rpm
SHA-256: 720782112df187228b5daa134181b3b7ecafb8bfbd3ff5431fa210186520d06e
libeconf-debugsource-0.4.1-3.el9_2.s390x.rpm
SHA-256: b8bbdfed0d9ab7320a20a9cc51aca8fe2f2bfccd40fdef45dc3f478f01b38960
libeconf-utils-debuginfo-0.4.1-3.el9_2.s390x.rpm
SHA-256: 16559e366cee145eee0437d13cfba1434cd0f31844893432097ae357263e40ff
Red Hat Enterprise Linux for Power, little endian 9
SRPM
libeconf-0.4.1-3.el9_2.src.rpm
SHA-256: b36790c812c428210895364646966ad03b64d1837beec3385b690e9ef47fc1f1
ppc64le
libeconf-0.4.1-3.el9_2.ppc64le.rpm
SHA-256: f94f5912fbad55e487281847c2e88fe1e01a4308af36553d2de64cab4bd7ba1b
libeconf-debuginfo-0.4.1-3.el9_2.ppc64le.rpm
SHA-256: 455b08919e2b0249f908b2965b2363b40e8bef9a75cf7a20a18cff2df2266584
libeconf-debugsource-0.4.1-3.el9_2.ppc64le.rpm
SHA-256: 5e09a4fdab9772985480f91038d45476c0d1c5b5fde338250b01ba64301b65c0
libeconf-utils-debuginfo-0.4.1-3.el9_2.ppc64le.rpm
SHA-256: 95960b9a661a494018aca2340381abe4588061a4a8a439fe9ee89f786a9d3dd6
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.2
SRPM
libeconf-0.4.1-3.el9_2.src.rpm
SHA-256: b36790c812c428210895364646966ad03b64d1837beec3385b690e9ef47fc1f1
ppc64le
libeconf-0.4.1-3.el9_2.ppc64le.rpm
SHA-256: f94f5912fbad55e487281847c2e88fe1e01a4308af36553d2de64cab4bd7ba1b
libeconf-debuginfo-0.4.1-3.el9_2.ppc64le.rpm
SHA-256: 455b08919e2b0249f908b2965b2363b40e8bef9a75cf7a20a18cff2df2266584
libeconf-debugsource-0.4.1-3.el9_2.ppc64le.rpm
SHA-256: 5e09a4fdab9772985480f91038d45476c0d1c5b5fde338250b01ba64301b65c0
libeconf-utils-debuginfo-0.4.1-3.el9_2.ppc64le.rpm
SHA-256: 95960b9a661a494018aca2340381abe4588061a4a8a439fe9ee89f786a9d3dd6
Red Hat Enterprise Linux for ARM 64 9
SRPM
libeconf-0.4.1-3.el9_2.src.rpm
SHA-256: b36790c812c428210895364646966ad03b64d1837beec3385b690e9ef47fc1f1
aarch64
libeconf-0.4.1-3.el9_2.aarch64.rpm
SHA-256: 2c34f23375ccf03911786627f4a76add4eba33b10d60869ab4b3ce5c818c2d8b
libeconf-debuginfo-0.4.1-3.el9_2.aarch64.rpm
SHA-256: f9b1ab614883190549beadbae772c8e6516ce195b3fe56d9d724ce5605e14c3a
libeconf-debugsource-0.4.1-3.el9_2.aarch64.rpm
SHA-256: 21a20da6e9d1170e0319f4fa26eb19836057aea33598bf1cbfc5420393df7281
libeconf-utils-debuginfo-0.4.1-3.el9_2.aarch64.rpm
SHA-256: 6ccddaa64b01bbe4d192c03c96be6efd838df65d9a3edc0ee7d8d032f731fef7
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.2
SRPM
libeconf-0.4.1-3.el9_2.src.rpm
SHA-256: b36790c812c428210895364646966ad03b64d1837beec3385b690e9ef47fc1f1
aarch64
libeconf-0.4.1-3.el9_2.aarch64.rpm
SHA-256: 2c34f23375ccf03911786627f4a76add4eba33b10d60869ab4b3ce5c818c2d8b
libeconf-debuginfo-0.4.1-3.el9_2.aarch64.rpm
SHA-256: f9b1ab614883190549beadbae772c8e6516ce195b3fe56d9d724ce5605e14c3a
libeconf-debugsource-0.4.1-3.el9_2.aarch64.rpm
SHA-256: 21a20da6e9d1170e0319f4fa26eb19836057aea33598bf1cbfc5420393df7281
libeconf-utils-debuginfo-0.4.1-3.el9_2.aarch64.rpm
SHA-256: 6ccddaa64b01bbe4d192c03c96be6efd838df65d9a3edc0ee7d8d032f731fef7
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2
SRPM
libeconf-0.4.1-3.el9_2.src.rpm
SHA-256: b36790c812c428210895364646966ad03b64d1837beec3385b690e9ef47fc1f1
ppc64le
libeconf-0.4.1-3.el9_2.ppc64le.rpm
SHA-256: f94f5912fbad55e487281847c2e88fe1e01a4308af36553d2de64cab4bd7ba1b
libeconf-debuginfo-0.4.1-3.el9_2.ppc64le.rpm
SHA-256: 455b08919e2b0249f908b2965b2363b40e8bef9a75cf7a20a18cff2df2266584
libeconf-debugsource-0.4.1-3.el9_2.ppc64le.rpm
SHA-256: 5e09a4fdab9772985480f91038d45476c0d1c5b5fde338250b01ba64301b65c0
libeconf-utils-debuginfo-0.4.1-3.el9_2.ppc64le.rpm
SHA-256: 95960b9a661a494018aca2340381abe4588061a4a8a439fe9ee89f786a9d3dd6
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2
SRPM
libeconf-0.4.1-3.el9_2.src.rpm
SHA-256: b36790c812c428210895364646966ad03b64d1837beec3385b690e9ef47fc1f1
x86_64
libeconf-0.4.1-3.el9_2.i686.rpm
SHA-256: 2ecd16448c9b0e30ab310a90a2430c8c8a9c97183f0b83bb8c768dd87b8c5517
libeconf-0.4.1-3.el9_2.x86_64.rpm
SHA-256: d2ff8b9c4b0d518331bc7a58af82a5d50cb685a49fc8b26b56d804da74d741d6
libeconf-debuginfo-0.4.1-3.el9_2.i686.rpm
SHA-256: 572b83d7fbbbead552457e27900f578668bbf447e904a198b038e28268b8128c
libeconf-debuginfo-0.4.1-3.el9_2.x86_64.rpm
SHA-256: d7e18f6b5b39aa171f9f0b630f292d97150e4ef894cd558c0ac8c3f81aab0694
libeconf-debugsource-0.4.1-3.el9_2.i686.rpm
SHA-256: dc7c1f7845268bd4461dbbd381dde8263b15e89445272eb4d5ee1eca4b14a911
libeconf-debugsource-0.4.1-3.el9_2.x86_64.rpm
SHA-256: e8e39cf58db367ce58ab65853778bd0c360a4bdc89d9063f93f728da5fe36258
libeconf-utils-debuginfo-0.4.1-3.el9_2.i686.rpm
SHA-256: e7af27914cfa153264abb90dd224bd6223f3e80ea8b74d30a2ace4a786f1c221
libeconf-utils-debuginfo-0.4.1-3.el9_2.x86_64.rpm
SHA-256: f0ab9c1e21fa6fa1489352538bb695323853a76a6cb7b46be658acdc3eac46cb
Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.2
SRPM
libeconf-0.4.1-3.el9_2.src.rpm
SHA-256: b36790c812c428210895364646966ad03b64d1837beec3385b690e9ef47fc1f1
aarch64
libeconf-0.4.1-3.el9_2.aarch64.rpm
SHA-256: 2c34f23375ccf03911786627f4a76add4eba33b10d60869ab4b3ce5c818c2d8b
libeconf-debuginfo-0.4.1-3.el9_2.aarch64.rpm
SHA-256: f9b1ab614883190549beadbae772c8e6516ce195b3fe56d9d724ce5605e14c3a
libeconf-debugsource-0.4.1-3.el9_2.aarch64.rpm
SHA-256: 21a20da6e9d1170e0319f4fa26eb19836057aea33598bf1cbfc5420393df7281
libeconf-utils-debuginfo-0.4.1-3.el9_2.aarch64.rpm
SHA-256: 6ccddaa64b01bbe4d192c03c96be6efd838df65d9a3edc0ee7d8d032f731fef7
Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.2
SRPM
libeconf-0.4.1-3.el9_2.src.rpm
SHA-256: b36790c812c428210895364646966ad03b64d1837beec3385b690e9ef47fc1f1
s390x
libeconf-0.4.1-3.el9_2.s390x.rpm
SHA-256: cd70287c58764e375a6d2604b80e062cf125f4facfc57db820f69badbb752761
libeconf-debuginfo-0.4.1-3.el9_2.s390x.rpm
SHA-256: 720782112df187228b5daa134181b3b7ecafb8bfbd3ff5431fa210186520d06e
libeconf-debugsource-0.4.1-3.el9_2.s390x.rpm
SHA-256: b8bbdfed0d9ab7320a20a9cc51aca8fe2f2bfccd40fdef45dc3f478f01b38960
libeconf-utils-debuginfo-0.4.1-3.el9_2.s390x.rpm
SHA-256: 16559e366cee145eee0437d13cfba1434cd0f31844893432097ae357263e40ff
Related news
Red Hat Security Advisory 2023-4664-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.13.3 images. Issues addressed include a denial of service vulnerability.
Red Hat OpenShift Virtualization release 4.13.3 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests. * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Con...
Red Hat Security Advisory 2023-4456-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.8. Issues addressed include an add administrator vulnerability.
Red Hat OpenShift Container Platform release 4.13.8 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number...
A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in openSUSE libeconf leads to DoS via malformed config files. This issue affects libeconf: before 0.5.2.