SUSE-SU-2023:0611-1

Опубликовано: 03 мар. 2023

Источник: suse-cvrf

Описание

Security update for pkgconf

This update for pkgconf fixes the following issues:

CVE-2023-24056: Fixed unbounded string expansion due to incorrect checks in libpkgconf/tuple.c (bsc#1207394).

Список пакетов

openSUSE Leap 15.4

libpkgconf-devel-1.8.0-150400.3.3.1

libpkgconf3-1.8.0-150400.3.3.1

pkgconf-1.8.0-150400.3.3.1

Ссылки

https://www.suse.com/support/update/announcement/2023/suse-su-20230611-1/
Link for SUSE-SU-2023:0611-1
https://lists.suse.com/pipermail/sle-security-updates/2023-March/013968.html
E-Mail link for SUSE-SU-2023:0611-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1207394
SUSE Bug 1207394
https://www.suse.com/security/cve/CVE-2023-24056/
SUSE CVE CVE-2023-24056 page

Описание

In pkgconf through 1.9.3, variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconf_tuple_parse. For example, a .pc file containing a few hundred bytes can expand to one billion bytes.

Затронутые продукты

openSUSE Leap 15.4:libpkgconf-devel-1.8.0-150400.3.3.1

openSUSE Leap 15.4:libpkgconf3-1.8.0-150400.3.3.1

openSUSE Leap 15.4:pkgconf-1.8.0-150400.3.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-24056.html
CVE-2023-24056
https://bugzilla.suse.com/1207394
SUSE Bug 1207394

SUSE-SU-2023:0611-1

Описание

Список пакетов

openSUSE Leap 15.4

Ссылки

Уязвимость: CVE-2023-24056

Описание

Затронутые продукты

Ссылки