-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: libeconf security update
Advisory ID:       RHSA-2023:4347-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4347
Issue date:        2023-08-01
CVE Names:         CVE-2023-22652 
=====================================================================

1. Summary:

An update for libeconf is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS (v. 9) - aarch64, ppc64le, s390x, x86_64

3. Description:

Libeconf is a highly flexible and configurable library to parse and manage
key=value configuration files. It reads configuration file snippets from
different directories and builds the final configuration file from it.

Security Fix(es):

* libeconf: stack-based buffer overflow in read_file() in
lib/getfilecontents.c (CVE-2023-22652)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2212463 - CVE-2023-22652 libeconf: stack-based buffer overflow in read_file() in lib/getfilecontents.c

6. Package List:

Red Hat Enterprise Linux BaseOS (v. 9):

Source:
libeconf-0.4.1-3.el9_2.src.rpm

aarch64:
libeconf-0.4.1-3.el9_2.aarch64.rpm
libeconf-debuginfo-0.4.1-3.el9_2.aarch64.rpm
libeconf-debugsource-0.4.1-3.el9_2.aarch64.rpm
libeconf-utils-debuginfo-0.4.1-3.el9_2.aarch64.rpm

ppc64le:
libeconf-0.4.1-3.el9_2.ppc64le.rpm
libeconf-debuginfo-0.4.1-3.el9_2.ppc64le.rpm
libeconf-debugsource-0.4.1-3.el9_2.ppc64le.rpm
libeconf-utils-debuginfo-0.4.1-3.el9_2.ppc64le.rpm

s390x:
libeconf-0.4.1-3.el9_2.s390x.rpm
libeconf-debuginfo-0.4.1-3.el9_2.s390x.rpm
libeconf-debugsource-0.4.1-3.el9_2.s390x.rpm
libeconf-utils-debuginfo-0.4.1-3.el9_2.s390x.rpm

x86_64:
libeconf-0.4.1-3.el9_2.i686.rpm
libeconf-0.4.1-3.el9_2.x86_64.rpm
libeconf-debuginfo-0.4.1-3.el9_2.i686.rpm
libeconf-debuginfo-0.4.1-3.el9_2.x86_64.rpm
libeconf-debugsource-0.4.1-3.el9_2.i686.rpm
libeconf-debugsource-0.4.1-3.el9_2.x86_64.rpm
libeconf-utils-debuginfo-0.4.1-3.el9_2.i686.rpm
libeconf-utils-debuginfo-0.4.1-3.el9_2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-22652
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJkyRS6AAoJENzjgjWX9erE8C8P/3F5DXgkuPR2wMBDPOuxDypD
wui65HuFdIIZZcS+8JVNtFyTBKd3msqsQb3z4qgCv58naYwGanPY+1NSs5nbQiCM
9W9X7Vs87j1mGS3FMo6L0P4lFT3HXFTkzyXIlelUX25oqlSVTHeyUw6GmPdg4EDT
8YAf8z6cbu6c7wYV5AyzjnN1PXJ8yGOSflqdVApc4M1XranTO6h47ZMAKFxrab/o
ketVOvndHr8/B4eHGS1FrIn2cZzudFHLrC1VXNG/7kFYlos8QbkT9mzVK2OabiiW
bgpcN1w58rx3sr7QBVFy89x1MD0QsDGIs2QIICALteB7s+IGFo7V8I0vq6oH4n8V
1h4nGTpw7BcOXnD1F5J19KLvUfE8wqY9mccc789QbHl4AdPCOeEkbGOTIZ2TwRa9
dOci4UA/J2Rc37hkju8GBCek/3ROWiXMyOhoUH/07x6yMSy3u1PCnrUwkVV+SG9G
+2PQMw9Fr359vpHFFRDfpIc0AdvJoo+ek3/c5JyrmTTcvcVu8fOY0WZID69lREXp
kGR3T3bqJjflC2nEI3OR6SEKKVuC7z71ev3feMouo+APoUF6DtrYcyqq+4tfdBVs
1qwALVuJ/6gaA6qURLkevyFwLz0hN0HYMP2ErUcsq5s8jtt5NS72TLC91XZvjLzd
WKh5voUr9mO5BLgIUA+2
=GtA+
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2023-4347:01 Moderate: libeconf security update

An update for libeconf is now available for Red Hat Enterprise Linux 9

Summary

Libeconf is a highly flexible and configurable library to parse and manage key=value configuration files. It reads configuration file snippets from different directories and builds the final configuration file from it.
Security Fix(es):
* libeconf: stack-based buffer overflow in read_file() in lib/getfilecontents.c (CVE-2023-22652)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.



Summary


Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258

References

https://access.redhat.com/security/cve/CVE-2023-22652 https://access.redhat.com/security/updates/classification/#moderate

Package List

Red Hat Enterprise Linux BaseOS (v. 9):
Source: libeconf-0.4.1-3.el9_2.src.rpm
aarch64: libeconf-0.4.1-3.el9_2.aarch64.rpm libeconf-debuginfo-0.4.1-3.el9_2.aarch64.rpm libeconf-debugsource-0.4.1-3.el9_2.aarch64.rpm libeconf-utils-debuginfo-0.4.1-3.el9_2.aarch64.rpm
ppc64le: libeconf-0.4.1-3.el9_2.ppc64le.rpm libeconf-debuginfo-0.4.1-3.el9_2.ppc64le.rpm libeconf-debugsource-0.4.1-3.el9_2.ppc64le.rpm libeconf-utils-debuginfo-0.4.1-3.el9_2.ppc64le.rpm
s390x: libeconf-0.4.1-3.el9_2.s390x.rpm libeconf-debuginfo-0.4.1-3.el9_2.s390x.rpm libeconf-debugsource-0.4.1-3.el9_2.s390x.rpm libeconf-utils-debuginfo-0.4.1-3.el9_2.s390x.rpm
x86_64: libeconf-0.4.1-3.el9_2.i686.rpm libeconf-0.4.1-3.el9_2.x86_64.rpm libeconf-debuginfo-0.4.1-3.el9_2.i686.rpm libeconf-debuginfo-0.4.1-3.el9_2.x86_64.rpm libeconf-debugsource-0.4.1-3.el9_2.i686.rpm libeconf-debugsource-0.4.1-3.el9_2.x86_64.rpm libeconf-utils-debuginfo-0.4.1-3.el9_2.i686.rpm libeconf-utils-debuginfo-0.4.1-3.el9_2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/


Severity
Advisory ID: RHSA-2023:4347-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2023:4347
Issued Date: : 2023-08-01
CVE Names: CVE-2023-22652

Topic

An update for libeconf is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.


Topic


 

Relevant Releases Architectures

Red Hat Enterprise Linux BaseOS (v. 9) - aarch64, ppc64le, s390x, x86_64


Bugs Fixed

2212463 - CVE-2023-22652 libeconf: stack-based buffer overflow in read_file() in lib/getfilecontents.c


Related News

30.Lock Globe Motherboard Esm H320
1 - 2 min read
As cybersecurity practitioners, we are no strangers to the constant threat of malicious actors and the importance of remaining vigilant to protect
22.Lock ScreenEffect Esm H320
1 - 2 min read
EndeavorOS Gemini is a captivating and charming desktop operating system based on Arch Linux. The new release includes a kernel upgrade, 3D graphics
25.@Sign Hook Keyboard Esm H320
1 min read
Cyber risk is increasing for individuals and organizations, making flexible and robust solutions for identifying spam and malware increasingly
19.Laptop Bed Esm H320
2 - 3 min read
The recently released Linux Kernel 6.9 brings forth a blend of crucial upgrades and enhancements, catering to the ever-evolving needs of the Linux
4.Lock AbstractDigital Esm H320
1 - 2 min read
Nmap 7.95 introduces myriad enhancements, primarily focusing on OS and service detection signatures. This reflects the dedication of the Nmap
5.ShakingHands Esm H320
3 - 5 min read
There has been a promising shift in the tech industry, with major companies pledging to release products with built-in security features. This
18.WifiCutout Landscape Esm H320
2 - 3 min read
A novel attack called TunnelVision has been discovered. It compromises the security of virtually all VPN apps, rendering their purpose useless. The
21.Globe RadiatingCode Esm H320
2 - 3 min read
The recent discovery of a backdoor in XZ Utils , a widely used Linux tool, raises concerns about the security of the open-source ecosystem. While

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved