An update for libconfuse is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS
Security Advisory
openeuler-security@openeuler.org
openEuler security committee
openEuler-SA-2022-1928
Final
1.0
1.0
2022-09-23
Initial
2022-09-23
2022-09-23
openEuler SA Tool V1.0
2022-09-23
libconfuse security update
An update for libconfuse is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS.
libConfuse is a configuration file parser library, licensed under the terms of the ISC license, and written in C. It supports sections and (lists of) values (strings, integers, floats, booleans or other sections), as well as some other features (such as single/double-quoted strings, environment variable expansion, functions and nested include statements). It makes it very easy to add configuration file capability to a program using a simple API. The goal of libConfuse is not to be the configuration file parser library with a gazillion of features. Instead, it aims to be easy to use and quick to integrate with your code.
Security Fix(es):
cfg_tilde_expand in confuse.c in libConfuse 3.3 has a heap-based buffer over-read.(CVE-2022-40320)
An update for libconfuse is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS.
openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
High
libconfuse
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1928
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-40320
https://nvd.nist.gov/vuln/detail/CVE-2022-40320
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP3
openEuler-22.03-LTS
libconfuse-debugsource-3.3-2.oe1.aarch64.rpm
libconfuse-devel-3.3-2.oe1.aarch64.rpm
libconfuse-debuginfo-3.3-2.oe1.aarch64.rpm
libconfuse-3.3-2.oe1.aarch64.rpm
libconfuse-debugsource-3.3-2.oe1.aarch64.rpm
libconfuse-debuginfo-3.3-2.oe1.aarch64.rpm
libconfuse-devel-3.3-2.oe1.aarch64.rpm
libconfuse-3.3-2.oe1.aarch64.rpm
libconfuse-devel-3.3-2.oe2203.aarch64.rpm
libconfuse-debuginfo-3.3-2.oe2203.aarch64.rpm
libconfuse-debugsource-3.3-2.oe2203.aarch64.rpm
libconfuse-3.3-2.oe2203.aarch64.rpm
libconfuse-3.3-2.oe1.src.rpm
libconfuse-3.3-2.oe1.src.rpm
libconfuse-3.3-2.oe2203.src.rpm
libconfuse-devel-3.3-2.oe1.x86_64.rpm
libconfuse-debuginfo-3.3-2.oe1.x86_64.rpm
libconfuse-debugsource-3.3-2.oe1.x86_64.rpm
libconfuse-3.3-2.oe1.x86_64.rpm
libconfuse-debugsource-3.3-2.oe1.x86_64.rpm
libconfuse-3.3-2.oe1.x86_64.rpm
libconfuse-debuginfo-3.3-2.oe1.x86_64.rpm
libconfuse-devel-3.3-2.oe1.x86_64.rpm
libconfuse-devel-3.3-2.oe2203.x86_64.rpm
libconfuse-debugsource-3.3-2.oe2203.x86_64.rpm
libconfuse-3.3-2.oe2203.x86_64.rpm
libconfuse-debuginfo-3.3-2.oe2203.x86_64.rpm
cfg_tilde_expand in confuse.c in libConfuse 3.3 has a heap-based buffer over-read.
2022-09-23
CVE-2022-40320
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP3
openEuler-22.03-LTS
High
8.8
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
libconfuse security update
2022-09-23
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1928