An update for libconfuse is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2022-1928 Final 1.0 1.0 2022-09-23 Initial 2022-09-23 2022-09-23 openEuler SA Tool V1.0 2022-09-23 libconfuse security update An update for libconfuse is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS. libConfuse is a configuration file parser library, licensed under the terms of the ISC license, and written in C. It supports sections and (lists of) values (strings, integers, floats, booleans or other sections), as well as some other features (such as single/double-quoted strings, environment variable expansion, functions and nested include statements). It makes it very easy to add configuration file capability to a program using a simple API. The goal of libConfuse is not to be the configuration file parser library with a gazillion of features. Instead, it aims to be easy to use and quick to integrate with your code. Security Fix(es): cfg_tilde_expand in confuse.c in libConfuse 3.3 has a heap-based buffer over-read.(CVE-2022-40320) An update for libconfuse is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High libconfuse https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1928 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-40320 https://nvd.nist.gov/vuln/detail/CVE-2022-40320 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS libconfuse-debugsource-3.3-2.oe1.aarch64.rpm libconfuse-devel-3.3-2.oe1.aarch64.rpm libconfuse-debuginfo-3.3-2.oe1.aarch64.rpm libconfuse-3.3-2.oe1.aarch64.rpm libconfuse-debugsource-3.3-2.oe1.aarch64.rpm libconfuse-debuginfo-3.3-2.oe1.aarch64.rpm libconfuse-devel-3.3-2.oe1.aarch64.rpm libconfuse-3.3-2.oe1.aarch64.rpm libconfuse-devel-3.3-2.oe2203.aarch64.rpm libconfuse-debuginfo-3.3-2.oe2203.aarch64.rpm libconfuse-debugsource-3.3-2.oe2203.aarch64.rpm libconfuse-3.3-2.oe2203.aarch64.rpm libconfuse-3.3-2.oe1.src.rpm libconfuse-3.3-2.oe1.src.rpm libconfuse-3.3-2.oe2203.src.rpm libconfuse-devel-3.3-2.oe1.x86_64.rpm libconfuse-debuginfo-3.3-2.oe1.x86_64.rpm libconfuse-debugsource-3.3-2.oe1.x86_64.rpm libconfuse-3.3-2.oe1.x86_64.rpm libconfuse-debugsource-3.3-2.oe1.x86_64.rpm libconfuse-3.3-2.oe1.x86_64.rpm libconfuse-debuginfo-3.3-2.oe1.x86_64.rpm libconfuse-devel-3.3-2.oe1.x86_64.rpm libconfuse-devel-3.3-2.oe2203.x86_64.rpm libconfuse-debugsource-3.3-2.oe2203.x86_64.rpm libconfuse-3.3-2.oe2203.x86_64.rpm libconfuse-debuginfo-3.3-2.oe2203.x86_64.rpm cfg_tilde_expand in confuse.c in libConfuse 3.3 has a heap-based buffer over-read. 2022-09-23 CVE-2022-40320 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H libconfuse security update 2022-09-23 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1928