Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:4347: Red Hat Security Advisory: libeconf security update

An update for libeconf is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2023-22652: A flaw was found in the libeconf library. This issue occurs when parsing a specially crafted configuration file, causing a stack-based buffer overflow, resulting in a denial of service.
Red Hat Security Data
#vulnerability#linux#red_hat#dos#buffer_overflow#ibm#sap

Synopsis

Moderate: libeconf security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for libeconf is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Libeconf is a highly flexible and configurable library to parse and manage key=value configuration files. It reads configuration file snippets from different directories and builds the final configuration file from it.

Security Fix(es):

  • libeconf: stack-based buffer overflow in read_file() in lib/getfilecontents.c (CVE-2023-22652)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat Enterprise Linux for x86_64 9 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.2 x86_64
  • Red Hat Enterprise Linux Server - AUS 9.2 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 9 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.2 s390x
  • Red Hat Enterprise Linux for Power, little endian 9 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.2 ppc64le
  • Red Hat Enterprise Linux for ARM 64 9 aarch64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.2 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 x86_64
  • Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.2 aarch64
  • Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.2 s390x

Fixes

  • BZ - 2212463 - CVE-2023-22652 libeconf: stack-based buffer overflow in read_file() in lib/getfilecontents.c

Red Hat Enterprise Linux for x86_64 9

SRPM

libeconf-0.4.1-3.el9_2.src.rpm

SHA-256: b36790c812c428210895364646966ad03b64d1837beec3385b690e9ef47fc1f1

x86_64

libeconf-0.4.1-3.el9_2.i686.rpm

SHA-256: 2ecd16448c9b0e30ab310a90a2430c8c8a9c97183f0b83bb8c768dd87b8c5517

libeconf-0.4.1-3.el9_2.x86_64.rpm

SHA-256: d2ff8b9c4b0d518331bc7a58af82a5d50cb685a49fc8b26b56d804da74d741d6

libeconf-debuginfo-0.4.1-3.el9_2.i686.rpm

SHA-256: 572b83d7fbbbead552457e27900f578668bbf447e904a198b038e28268b8128c

libeconf-debuginfo-0.4.1-3.el9_2.x86_64.rpm

SHA-256: d7e18f6b5b39aa171f9f0b630f292d97150e4ef894cd558c0ac8c3f81aab0694

libeconf-debugsource-0.4.1-3.el9_2.i686.rpm

SHA-256: dc7c1f7845268bd4461dbbd381dde8263b15e89445272eb4d5ee1eca4b14a911

libeconf-debugsource-0.4.1-3.el9_2.x86_64.rpm

SHA-256: e8e39cf58db367ce58ab65853778bd0c360a4bdc89d9063f93f728da5fe36258

libeconf-utils-debuginfo-0.4.1-3.el9_2.i686.rpm

SHA-256: e7af27914cfa153264abb90dd224bd6223f3e80ea8b74d30a2ace4a786f1c221

libeconf-utils-debuginfo-0.4.1-3.el9_2.x86_64.rpm

SHA-256: f0ab9c1e21fa6fa1489352538bb695323853a76a6cb7b46be658acdc3eac46cb

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.2

SRPM

libeconf-0.4.1-3.el9_2.src.rpm

SHA-256: b36790c812c428210895364646966ad03b64d1837beec3385b690e9ef47fc1f1

x86_64

libeconf-0.4.1-3.el9_2.i686.rpm

SHA-256: 2ecd16448c9b0e30ab310a90a2430c8c8a9c97183f0b83bb8c768dd87b8c5517

libeconf-0.4.1-3.el9_2.x86_64.rpm

SHA-256: d2ff8b9c4b0d518331bc7a58af82a5d50cb685a49fc8b26b56d804da74d741d6

libeconf-debuginfo-0.4.1-3.el9_2.i686.rpm

SHA-256: 572b83d7fbbbead552457e27900f578668bbf447e904a198b038e28268b8128c

libeconf-debuginfo-0.4.1-3.el9_2.x86_64.rpm

SHA-256: d7e18f6b5b39aa171f9f0b630f292d97150e4ef894cd558c0ac8c3f81aab0694

libeconf-debugsource-0.4.1-3.el9_2.i686.rpm

SHA-256: dc7c1f7845268bd4461dbbd381dde8263b15e89445272eb4d5ee1eca4b14a911

libeconf-debugsource-0.4.1-3.el9_2.x86_64.rpm

SHA-256: e8e39cf58db367ce58ab65853778bd0c360a4bdc89d9063f93f728da5fe36258

libeconf-utils-debuginfo-0.4.1-3.el9_2.i686.rpm

SHA-256: e7af27914cfa153264abb90dd224bd6223f3e80ea8b74d30a2ace4a786f1c221

libeconf-utils-debuginfo-0.4.1-3.el9_2.x86_64.rpm

SHA-256: f0ab9c1e21fa6fa1489352538bb695323853a76a6cb7b46be658acdc3eac46cb

Red Hat Enterprise Linux Server - AUS 9.2

SRPM

libeconf-0.4.1-3.el9_2.src.rpm

SHA-256: b36790c812c428210895364646966ad03b64d1837beec3385b690e9ef47fc1f1

x86_64

libeconf-0.4.1-3.el9_2.i686.rpm

SHA-256: 2ecd16448c9b0e30ab310a90a2430c8c8a9c97183f0b83bb8c768dd87b8c5517

libeconf-0.4.1-3.el9_2.x86_64.rpm

SHA-256: d2ff8b9c4b0d518331bc7a58af82a5d50cb685a49fc8b26b56d804da74d741d6

libeconf-debuginfo-0.4.1-3.el9_2.i686.rpm

SHA-256: 572b83d7fbbbead552457e27900f578668bbf447e904a198b038e28268b8128c

libeconf-debuginfo-0.4.1-3.el9_2.x86_64.rpm

SHA-256: d7e18f6b5b39aa171f9f0b630f292d97150e4ef894cd558c0ac8c3f81aab0694

libeconf-debugsource-0.4.1-3.el9_2.i686.rpm

SHA-256: dc7c1f7845268bd4461dbbd381dde8263b15e89445272eb4d5ee1eca4b14a911

libeconf-debugsource-0.4.1-3.el9_2.x86_64.rpm

SHA-256: e8e39cf58db367ce58ab65853778bd0c360a4bdc89d9063f93f728da5fe36258

libeconf-utils-debuginfo-0.4.1-3.el9_2.i686.rpm

SHA-256: e7af27914cfa153264abb90dd224bd6223f3e80ea8b74d30a2ace4a786f1c221

libeconf-utils-debuginfo-0.4.1-3.el9_2.x86_64.rpm

SHA-256: f0ab9c1e21fa6fa1489352538bb695323853a76a6cb7b46be658acdc3eac46cb

Red Hat Enterprise Linux for IBM z Systems 9

SRPM

libeconf-0.4.1-3.el9_2.src.rpm

SHA-256: b36790c812c428210895364646966ad03b64d1837beec3385b690e9ef47fc1f1

s390x

libeconf-0.4.1-3.el9_2.s390x.rpm

SHA-256: cd70287c58764e375a6d2604b80e062cf125f4facfc57db820f69badbb752761

libeconf-debuginfo-0.4.1-3.el9_2.s390x.rpm

SHA-256: 720782112df187228b5daa134181b3b7ecafb8bfbd3ff5431fa210186520d06e

libeconf-debugsource-0.4.1-3.el9_2.s390x.rpm

SHA-256: b8bbdfed0d9ab7320a20a9cc51aca8fe2f2bfccd40fdef45dc3f478f01b38960

libeconf-utils-debuginfo-0.4.1-3.el9_2.s390x.rpm

SHA-256: 16559e366cee145eee0437d13cfba1434cd0f31844893432097ae357263e40ff

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.2

SRPM

libeconf-0.4.1-3.el9_2.src.rpm

SHA-256: b36790c812c428210895364646966ad03b64d1837beec3385b690e9ef47fc1f1

s390x

libeconf-0.4.1-3.el9_2.s390x.rpm

SHA-256: cd70287c58764e375a6d2604b80e062cf125f4facfc57db820f69badbb752761

libeconf-debuginfo-0.4.1-3.el9_2.s390x.rpm

SHA-256: 720782112df187228b5daa134181b3b7ecafb8bfbd3ff5431fa210186520d06e

libeconf-debugsource-0.4.1-3.el9_2.s390x.rpm

SHA-256: b8bbdfed0d9ab7320a20a9cc51aca8fe2f2bfccd40fdef45dc3f478f01b38960

libeconf-utils-debuginfo-0.4.1-3.el9_2.s390x.rpm

SHA-256: 16559e366cee145eee0437d13cfba1434cd0f31844893432097ae357263e40ff

Red Hat Enterprise Linux for Power, little endian 9

SRPM

libeconf-0.4.1-3.el9_2.src.rpm

SHA-256: b36790c812c428210895364646966ad03b64d1837beec3385b690e9ef47fc1f1

ppc64le

libeconf-0.4.1-3.el9_2.ppc64le.rpm

SHA-256: f94f5912fbad55e487281847c2e88fe1e01a4308af36553d2de64cab4bd7ba1b

libeconf-debuginfo-0.4.1-3.el9_2.ppc64le.rpm

SHA-256: 455b08919e2b0249f908b2965b2363b40e8bef9a75cf7a20a18cff2df2266584

libeconf-debugsource-0.4.1-3.el9_2.ppc64le.rpm

SHA-256: 5e09a4fdab9772985480f91038d45476c0d1c5b5fde338250b01ba64301b65c0

libeconf-utils-debuginfo-0.4.1-3.el9_2.ppc64le.rpm

SHA-256: 95960b9a661a494018aca2340381abe4588061a4a8a439fe9ee89f786a9d3dd6

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.2

SRPM

libeconf-0.4.1-3.el9_2.src.rpm

SHA-256: b36790c812c428210895364646966ad03b64d1837beec3385b690e9ef47fc1f1

ppc64le

libeconf-0.4.1-3.el9_2.ppc64le.rpm

SHA-256: f94f5912fbad55e487281847c2e88fe1e01a4308af36553d2de64cab4bd7ba1b

libeconf-debuginfo-0.4.1-3.el9_2.ppc64le.rpm

SHA-256: 455b08919e2b0249f908b2965b2363b40e8bef9a75cf7a20a18cff2df2266584

libeconf-debugsource-0.4.1-3.el9_2.ppc64le.rpm

SHA-256: 5e09a4fdab9772985480f91038d45476c0d1c5b5fde338250b01ba64301b65c0

libeconf-utils-debuginfo-0.4.1-3.el9_2.ppc64le.rpm

SHA-256: 95960b9a661a494018aca2340381abe4588061a4a8a439fe9ee89f786a9d3dd6

Red Hat Enterprise Linux for ARM 64 9

SRPM

libeconf-0.4.1-3.el9_2.src.rpm

SHA-256: b36790c812c428210895364646966ad03b64d1837beec3385b690e9ef47fc1f1

aarch64

libeconf-0.4.1-3.el9_2.aarch64.rpm

SHA-256: 2c34f23375ccf03911786627f4a76add4eba33b10d60869ab4b3ce5c818c2d8b

libeconf-debuginfo-0.4.1-3.el9_2.aarch64.rpm

SHA-256: f9b1ab614883190549beadbae772c8e6516ce195b3fe56d9d724ce5605e14c3a

libeconf-debugsource-0.4.1-3.el9_2.aarch64.rpm

SHA-256: 21a20da6e9d1170e0319f4fa26eb19836057aea33598bf1cbfc5420393df7281

libeconf-utils-debuginfo-0.4.1-3.el9_2.aarch64.rpm

SHA-256: 6ccddaa64b01bbe4d192c03c96be6efd838df65d9a3edc0ee7d8d032f731fef7

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.2

SRPM

libeconf-0.4.1-3.el9_2.src.rpm

SHA-256: b36790c812c428210895364646966ad03b64d1837beec3385b690e9ef47fc1f1

aarch64

libeconf-0.4.1-3.el9_2.aarch64.rpm

SHA-256: 2c34f23375ccf03911786627f4a76add4eba33b10d60869ab4b3ce5c818c2d8b

libeconf-debuginfo-0.4.1-3.el9_2.aarch64.rpm

SHA-256: f9b1ab614883190549beadbae772c8e6516ce195b3fe56d9d724ce5605e14c3a

libeconf-debugsource-0.4.1-3.el9_2.aarch64.rpm

SHA-256: 21a20da6e9d1170e0319f4fa26eb19836057aea33598bf1cbfc5420393df7281

libeconf-utils-debuginfo-0.4.1-3.el9_2.aarch64.rpm

SHA-256: 6ccddaa64b01bbe4d192c03c96be6efd838df65d9a3edc0ee7d8d032f731fef7

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2

SRPM

libeconf-0.4.1-3.el9_2.src.rpm

SHA-256: b36790c812c428210895364646966ad03b64d1837beec3385b690e9ef47fc1f1

ppc64le

libeconf-0.4.1-3.el9_2.ppc64le.rpm

SHA-256: f94f5912fbad55e487281847c2e88fe1e01a4308af36553d2de64cab4bd7ba1b

libeconf-debuginfo-0.4.1-3.el9_2.ppc64le.rpm

SHA-256: 455b08919e2b0249f908b2965b2363b40e8bef9a75cf7a20a18cff2df2266584

libeconf-debugsource-0.4.1-3.el9_2.ppc64le.rpm

SHA-256: 5e09a4fdab9772985480f91038d45476c0d1c5b5fde338250b01ba64301b65c0

libeconf-utils-debuginfo-0.4.1-3.el9_2.ppc64le.rpm

SHA-256: 95960b9a661a494018aca2340381abe4588061a4a8a439fe9ee89f786a9d3dd6

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2

SRPM

libeconf-0.4.1-3.el9_2.src.rpm

SHA-256: b36790c812c428210895364646966ad03b64d1837beec3385b690e9ef47fc1f1

x86_64

libeconf-0.4.1-3.el9_2.i686.rpm

SHA-256: 2ecd16448c9b0e30ab310a90a2430c8c8a9c97183f0b83bb8c768dd87b8c5517

libeconf-0.4.1-3.el9_2.x86_64.rpm

SHA-256: d2ff8b9c4b0d518331bc7a58af82a5d50cb685a49fc8b26b56d804da74d741d6

libeconf-debuginfo-0.4.1-3.el9_2.i686.rpm

SHA-256: 572b83d7fbbbead552457e27900f578668bbf447e904a198b038e28268b8128c

libeconf-debuginfo-0.4.1-3.el9_2.x86_64.rpm

SHA-256: d7e18f6b5b39aa171f9f0b630f292d97150e4ef894cd558c0ac8c3f81aab0694

libeconf-debugsource-0.4.1-3.el9_2.i686.rpm

SHA-256: dc7c1f7845268bd4461dbbd381dde8263b15e89445272eb4d5ee1eca4b14a911

libeconf-debugsource-0.4.1-3.el9_2.x86_64.rpm

SHA-256: e8e39cf58db367ce58ab65853778bd0c360a4bdc89d9063f93f728da5fe36258

libeconf-utils-debuginfo-0.4.1-3.el9_2.i686.rpm

SHA-256: e7af27914cfa153264abb90dd224bd6223f3e80ea8b74d30a2ace4a786f1c221

libeconf-utils-debuginfo-0.4.1-3.el9_2.x86_64.rpm

SHA-256: f0ab9c1e21fa6fa1489352538bb695323853a76a6cb7b46be658acdc3eac46cb

Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.2

SRPM

libeconf-0.4.1-3.el9_2.src.rpm

SHA-256: b36790c812c428210895364646966ad03b64d1837beec3385b690e9ef47fc1f1

aarch64

libeconf-0.4.1-3.el9_2.aarch64.rpm

SHA-256: 2c34f23375ccf03911786627f4a76add4eba33b10d60869ab4b3ce5c818c2d8b

libeconf-debuginfo-0.4.1-3.el9_2.aarch64.rpm

SHA-256: f9b1ab614883190549beadbae772c8e6516ce195b3fe56d9d724ce5605e14c3a

libeconf-debugsource-0.4.1-3.el9_2.aarch64.rpm

SHA-256: 21a20da6e9d1170e0319f4fa26eb19836057aea33598bf1cbfc5420393df7281

libeconf-utils-debuginfo-0.4.1-3.el9_2.aarch64.rpm

SHA-256: 6ccddaa64b01bbe4d192c03c96be6efd838df65d9a3edc0ee7d8d032f731fef7

Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.2

SRPM

libeconf-0.4.1-3.el9_2.src.rpm

SHA-256: b36790c812c428210895364646966ad03b64d1837beec3385b690e9ef47fc1f1

s390x

libeconf-0.4.1-3.el9_2.s390x.rpm

SHA-256: cd70287c58764e375a6d2604b80e062cf125f4facfc57db820f69badbb752761

libeconf-debuginfo-0.4.1-3.el9_2.s390x.rpm

SHA-256: 720782112df187228b5daa134181b3b7ecafb8bfbd3ff5431fa210186520d06e

libeconf-debugsource-0.4.1-3.el9_2.s390x.rpm

SHA-256: b8bbdfed0d9ab7320a20a9cc51aca8fe2f2bfccd40fdef45dc3f478f01b38960

libeconf-utils-debuginfo-0.4.1-3.el9_2.s390x.rpm

SHA-256: 16559e366cee145eee0437d13cfba1434cd0f31844893432097ae357263e40ff

Related news

Red Hat Security Advisory 2023-4664-01

Red Hat Security Advisory 2023-4664-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.13.3 images. Issues addressed include a denial of service vulnerability.

RHSA-2023:4664: Red Hat Security Advisory: OpenShift Virtualization 4.13.3 Images security and bug fix update

Red Hat OpenShift Virtualization release 4.13.3 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests. * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Con...

Red Hat Security Advisory 2023-4456-01

Red Hat Security Advisory 2023-4456-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.8. Issues addressed include an add administrator vulnerability.

RHSA-2023:4456: Red Hat Security Advisory: OpenShift Container Platform 4.13.8 bug fix and security update

Red Hat OpenShift Container Platform release 4.13.8 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number...

CVE-2023-22652: Invalid Bug ID

A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in openSUSE libeconf leads to DoS via malformed config files. This issue affects libeconf: before 0.5.2.