Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 730
Alerts This Week
Warning Icon 1 730

Fedora 38: 2023-27b41bb133 Moderate Update for ConfigObj DoS Issue

fedora
Calendar Grey October 18, 2023
Dist Fedora Esm H88
A security update has been applied to python-configobj to address CVE-2023-26112, improving the overall security posture and stability for users running Fedora 38.
Fixes an issue in configobj: CVE-2023-26112

Summary

ConfigObj is a simple but powerful configuration file reader and writer: an ini

file round tripper. Its main feature is that it is very easy to use, with a

straightforward programmers interface and a simple syntax for config files.

Update Information:

Fixes an issue in configobj: CVE-2023-26112

Change Log

* Mon Oct 9 2023 Terje Rosten - 5.0.8-6 - Add patch to fix CVE-2023-26112 * Sun Oct 1 2023 Terje Rosten - 5.0.8-5 - SPDX fix from Daniel P. Berrange * Fri Jul 21 2023 Fedora Release Engineering - 5.0.8-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Tue Jun 13 2023 Python Maint - 5.0.8-3 - Rebuilt for Python 3.12 * Tue May 23 2023 Yaakov Selkowitz - 5.0.8-2 - Avoid pytest-cov dependency

References


[ 1 ] Bug #2224088 - CVE-2023-26112 python-configobj: Regular expression denial of service exists in ./src/configobj/validate.py [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2224088

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-27b41bb133' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Name: python-configobj
Product: Fedora 38
Version: 5.0.8
Release: 6.fc38
Summary: Config file reading, writing, and validation

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.