Описание
Security update for editorconfig-core-c
This update for editorconfig-core-c fixes the following issues:
Update to version 0.12.6:
- CVE-2023-0341: Fixed a buffer overflow in ec_blob (boo#1211032)
- Update property key, value length limits per spec change
Список пакетов
SUSE Package Hub 15 SP4
editorconfig-0.12.6-bp154.2.3.1
libeditorconfig-devel-0.12.6-bp154.2.3.1
libeditorconfig-devel-32bit-0.12.6-bp154.2.3.1
libeditorconfig-devel-64bit-0.12.6-bp154.2.3.1
libeditorconfig0-0.12.6-bp154.2.3.1
libeditorconfig0-32bit-0.12.6-bp154.2.3.1
libeditorconfig0-64bit-0.12.6-bp154.2.3.1
openSUSE Leap 15.4
editorconfig-0.12.6-bp154.2.3.1
libeditorconfig-devel-0.12.6-bp154.2.3.1
libeditorconfig-devel-32bit-0.12.6-bp154.2.3.1
libeditorconfig-devel-64bit-0.12.6-bp154.2.3.1
libeditorconfig0-0.12.6-bp154.2.3.1
libeditorconfig0-32bit-0.12.6-bp154.2.3.1
libeditorconfig0-64bit-0.12.6-bp154.2.3.1
Ссылки
- E-Mail link for openSUSE-SU-2023:0102-1
- SUSE Security Ratings
- SUSE Bug 1211032
- SUSE CVE CVE-2023-0341 page
Описание
A stack buffer overflow exists in the ec_glob function of editorconfig-core-c before v0.12.6 which allowed an attacker to arbitrarily write to the stack and possibly allows remote code execution. editorconfig-core-c v0.12.6 resolved this vulnerability by bound checking all write operations over the p_pcre buffer.
Затронутые продукты
SUSE Package Hub 15 SP4:editorconfig-0.12.6-bp154.2.3.1
SUSE Package Hub 15 SP4:libeditorconfig-devel-0.12.6-bp154.2.3.1
SUSE Package Hub 15 SP4:libeditorconfig-devel-32bit-0.12.6-bp154.2.3.1
SUSE Package Hub 15 SP4:libeditorconfig-devel-64bit-0.12.6-bp154.2.3.1
Ссылки
- CVE-2023-0341
- SUSE Bug 1211032