Advisories » MGASA-2022-0387

Updated libconfuse packages fix security vulnerability

Publication date: 23 Oct 2022
Modification date: 23 Oct 2022
Type: security
Affected Mageia releases : 8
CVE: CVE-2022-40320

Description

cfg_tilde_expand in confuse.c in libConfuse 3.3 has a heap-based buffer
over-read. (CVE-2022-40320)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=30856
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/EDUT2V62V2XF2IT5TJFPB6P3EQ6X5VLL/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40320

SRPMS

8/core

• libconfuse-3.3-1.1.mga8