Ubuntu alert USN-8368-1 (libeconf) [LWN.net]


From:
               noreply+usn-bot--- via ubuntu-security-announce <ubuntu-security-announce@lists.ubuntu.com>
To:
               ubuntu-security-announce@lists.ubuntu.com
Subject:
               [USN-8368-1] libeconf vulnerability
Date:
               Tue, 02 Jun 2026 16:07:27 +0000
Message-ID:
               <E1wUReJ-0004HV-Os@lists.ubuntu.com>
Cc:
               noreply+usn-bot@canonical.com
==========================================================================
Ubuntu Security Notice USN-8368-1
June 02, 2026

libeconf vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS

Summary:

libeconf could be made to crash if it received specially crafted
input.

Software Description:
- libeconf: highly flexible and configurable library to parse and manage key=value configuration
files

Details:

It was discovered that libeconf did not properly check the size of
input when copying data to a buffer. An attacker could possibly use
this issue to cause libeconf to crash, resulting in a denial of
service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
  libeconf0                       0.3.8-1+deb11u1build0.22.04.1

In general, a standard system update will make all the necessary
changes.

References:
  https://ubuntu.com/security/notices/USN-8368-1
  CVE-2023-22652

Package Information:
  https://launchpad.net/ubuntu/+source/libeconf/0.3.8-1+deb...


Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmoe/uMACgkQcpJm3tlz
hgGkUw/+MegwUfXKQk6lw8LnprxKOf8cl4QPLwFkqxTuEd+WFXYGStcSOQhqQ28d
Q7PNvQB8+6rQdEdijmrHBFMD1ZsEu1XsmKYrzTN1cxAaPsriUEuwP/nZ1XlQAmU6
Bw1cqRIU9es6fMdCcD4D9LcrbNvcaN0ULs2qBf2FpDuh9a//zjlEzFsH263jiMCz
vohh4EAsjRBCRV1E22lX/2fnGYlrfiBzUyCIhkamENC+v1AJjjiHE5sdr05RQfcB
uHPSzmwqg8k0Jkf6WThxbUDPO4417FOFztW7Uq/41td+1FakwHgS4A4TlfhdniXs
RaJnD8zh9moVQLvGhGw8e5V39NylBg4uDiM5IFlTRysUA+n5CUi/kD4nkFUTzUK7
cpLZgDT1X1PN+3TMkSEMB5K0x181JNaMFMLma77l0dgDaR1MO3ewyGMrhUnGfAx6
hrpnRkx+lJqbOxTVi3Sw11LWUZkJXSWmeFF0cVPlNd7AJ6WI6ktLtv6S/RLSktmK
eAI98i/qRgZP4yTwXzWR1Rh3gmgz4n6C+m87q3DpPgEmH3oBFSyEFa1UNhUWUfah
A0jfC0ke6/uu96HtEQWE39efqt9f2oZIZV+lznpa1zyDyXj0zV+0JI0dR7gf1zO5
hnKQ2PFl8JorbE5ICbG55WduM++qQj2Mg0o3z4sfXnHU/yMSRoE=
=03OE
-----END PGP SIGNATURE-----

From:		noreply+usn-bot--- via ubuntu-security-announce <ubuntu-security-announce@lists.ubuntu.com>
To:		ubuntu-security-announce@lists.ubuntu.com
Subject:		[USN-8368-1] libeconf vulnerability
Date:		Tue, 02 Jun 2026 16:07:27 +0000
Message-ID:		<E1wUReJ-0004HV-Os@lists.ubuntu.com>
Cc:		noreply+usn-bot@canonical.com