SUSE: 2022:0727-2 Moderate: Security Flaw in libeconf and Util-Linux
suse
April 19, 2022
An update that solves two vulnerabilities, contains two features and has two fixes is now available
Summary
This security update for libeconf, shadow and util-linux fix the following issues: libeconf: - Add libeconf to SLE-Module-Basesystem_15-SP3 because needed by 'util-linux' and 'shadow' to fix autoyast handling of security related parameters (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402) Issues fixed in libeconf: - Reading numbers with different bases (e.g. oktal) (bsc#1193632) (#157) - Fixed different issues while writing string values to file. - Writing comments to file too. - Fixed crash while merging values. - Added econftool cat option (#146) - new API call: econf_readDirsHistory (showing ALL locations) - new API call: econf_getPath (absolute path of the configuration file) - Man pages libeconf.3 and econftool.8. - Handling multiline strings.
Topics Covered
References
#1188507 #1192954 #1193632 #1194976 SLE-23384
SLE-23402
Cross- CVE-2021-3995 CVE-2021-3996
CVSS scores:
CVE-2021-3995 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-3996 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise Micro 5.2
https://www.suse.com/security/cve/CVE-2021-3995.html
https://www.suse.com/security/cve/CVE-2021-3996.html
https://bugzilla.suse.com/1188507
https://bugzilla.suse.com/1192954
https://bugzilla.suse.com/1193632
https://bugzilla.suse.com/1194976
PREVIOUS
NEXT
Announcement ID: SUSE-SU-2022:0727-2
Rating: moderate
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!