摘要:
libconfuse security update
安全等级: High
公告ID: KylinSec-SA-2022-2116
发布日期: 2022年9月23日
关联CVE: CVE-2022-40320
libConfuse is a configuration file parser library, licensed under the terms of the ISC license, and written in C. It supports sections and (lists of) values (strings, integers, floats, booleans or other sections), as well as some other features (such as single/double-quoted strings, environment variable expansion, functions and nested include statements). It makes it very easy to add configuration file capability to a program using a simple API. The goal of libConfuse is not to be the configuration file parser library with a gazillion of features. Instead, it aims to be easy to use and quick to integrate with your code.
Security Fix(es):
cfg_tilde_expand in confuse.c in libConfuse 3.3 has a heap-based buffer over-read.(CVE-2022-40320)
| cve名称 | 产品 | 组件 | 是否受影响 |
|---|---|---|---|
| CVE-2022-40320 | KY3.4-4A | libconfuse | Fixed |
| CVE-2022-40320 | KY3.4-5A | libconfuse | Fixed |
| CVE-2022-40320 | KY3.5.1 | libconfuse | Fixed |
| 软件名称 | 架构 | 版本号 |
|---|---|---|
| libconfuse-devel | x86_64 | 3.3-2.kb2.ky3_5 |
| libconfuse | x86_64 | 3.3-2.kb2.ky3_5 |
| libconfuse-devel | aarch64 | 3.3-2.kb2.ky3_5 |
| libconfuse | aarch64 | 3.3-2.kb2.ky3_5 |
| 软件名称 | 架构 | 版本号 |
|---|---|---|
| libconfuse-devel | x86_64 | 3.3-2.kb1.ky3_4 |
| libconfuse | x86_64 | 3.3-2.kb1.ky3_4 |
| libconfuse-devel | aarch64 | 3.3-2.kb1.ky3_4 |
| libconfuse | aarch64 | 3.3-2.kb1.ky3_4 |
| 软件名称 | 架构 | 版本号 |
|---|---|---|
| libconfuse | x86_64 | 3.3-2.kb1.ky3_4 |
| libconfuse-devel | x86_64 | 3.3-2.kb1.ky3_4 |
| libconfuse-devel | aarch64 | 3.3-2.kb1.ky3_4 |
| libconfuse | aarch64 | 3.3-2.kb1.ky3_4 |
方法一:下载安装包进行升级安装
1、通过下载链接下载需要升级的升级包保存,如 xxx.rpm
2、通过rpm命令升级,如 rpm -Uvh xxx.rpm
方法二:通过软件源进行升级安装
1、保持能够连接上互联网
2、通过yum命令升级指定的包,如 yum install 包名
