Security update for libeconf SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2024:2426-1 Final 1 1 2024-07-12T13:00:51Z current 2024-07-12T13:00:51Z 2024-07-12T13:00:51Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libeconf This update for libeconf fixes the following issues: Update to version 0.5.2. - CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078). - CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2024-2426,SUSE-SLE-Micro-5.5-2024-2426 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2024/suse-su-20242426-1/ Link for SUSE-SU-2024:2426-1 https://lists.suse.com/pipermail/sle-updates/2024-August/036542.html E-Mail link for SUSE-SU-2024:2426-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1211078 SUSE Bug 1211078 https://www.suse.com/security/cve/CVE-2023-22652/ SUSE CVE CVE-2023-22652 page https://www.suse.com/security/cve/CVE-2023-30078/ SUSE CVE CVE-2023-30078 page https://www.suse.com/security/cve/CVE-2023-30079/ SUSE CVE CVE-2023-30079 page https://www.suse.com/security/cve/CVE-2023-32181/ SUSE CVE CVE-2023-32181 page SUSE Linux Enterprise Micro 5.5 libeconf0-0.5.2-150400.3.6.1 libeconf0-0.5.2-150400.3.6.1 as a component of SUSE Linux Enterprise Micro 5.5 A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in openSUSE libeconf leads to DoS via malformed config files. This issue affects libeconf: before 0.5.2. CVE-2023-22652 SUSE Linux Enterprise Micro 5.5:libeconf0-0.5.2-150400.3.6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20242426-1/ https://www.suse.com/security/cve/CVE-2023-22652.html CVE-2023-22652 https://bugzilla.suse.com/1211078 SUSE Bug 1211078 ** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-32181. Reason: This record is a duplicate of CVE-2023-32181. Notes: All CVE users should reference CVE-2023-32181 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage. CVE-2023-30078 SUSE Linux Enterprise Micro 5.5:libeconf0-0.5.2-150400.3.6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20242426-1/ https://www.suse.com/security/cve/CVE-2023-30078.html CVE-2023-30078 https://bugzilla.suse.com/1211078 SUSE Bug 1211078 https://bugzilla.suse.com/1214597 SUSE Bug 1214597 ** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-22652. Reason: This record is a duplicate of CVE-2023-22652. Notes: All CVE users should reference CVE-2023-22652 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage. CVE-2023-30079 SUSE Linux Enterprise Micro 5.5:libeconf0-0.5.2-150400.3.6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20242426-1/ https://www.suse.com/security/cve/CVE-2023-30079.html CVE-2023-30079 https://bugzilla.suse.com/1211078 SUSE Bug 1211078 https://bugzilla.suse.com/1214598 SUSE Bug 1214598 A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in openSUSE libeconf allows for DoS via malformed configuration files This issue affects libeconf: before 0.5.2. CVE-2023-32181 SUSE Linux Enterprise Micro 5.5:libeconf0-0.5.2-150400.3.6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20242426-1/ https://www.suse.com/security/cve/CVE-2023-32181.html CVE-2023-32181 https://bugzilla.suse.com/1211078 SUSE Bug 1211078