Описание
Security update for pkgconf
This update for pkgconf fixes the following issues:
- CVE-2023-24056: FIxed variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c (boo#1207394).
Список пакетов
SUSE Package Hub 15 SP3
libpkgconf-devel-1.5.3-bp153.2.3.1
libpkgconf3-1.5.3-bp153.2.3.1
pkgconf-1.5.3-bp153.2.3.1
openSUSE Leap 15.3
libpkgconf-devel-1.5.3-bp153.2.3.1
libpkgconf3-1.5.3-bp153.2.3.1
pkgconf-1.5.3-bp153.2.3.1
Ссылки
- E-Mail link for openSUSE-SU-2023:0043-1
- SUSE Security Ratings
- SUSE Bug 1207394
- SUSE CVE CVE-2023-24056 page
Описание
In pkgconf through 1.9.3, variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconf_tuple_parse. For example, a .pc file containing a few hundred bytes can expand to one billion bytes.
Затронутые продукты
SUSE Package Hub 15 SP3:libpkgconf-devel-1.5.3-bp153.2.3.1
SUSE Package Hub 15 SP3:libpkgconf3-1.5.3-bp153.2.3.1
SUSE Package Hub 15 SP3:pkgconf-1.5.3-bp153.2.3.1
openSUSE Leap 15.3:libpkgconf-devel-1.5.3-bp153.2.3.1
Ссылки
- CVE-2023-24056
- SUSE Bug 1207394