libeconf vulnerability
Published: Tue, 02 Jun 2026 13:09
Summary
libeconf could be made to crash if it received specially crafted input.
Details
It was discovered that libeconf did not properly check the size of input when copying data to a buffer. An attacker could possibly use this issue to cause libeconf to crash, resulting in a denial of service.
Recommended actions per Ubuntu release
StackPatch playbook auto-generated per release codename and per affected package.
Ubuntu jammy
libeconf→0.3.8-1+deb11u1build0.22.04.1apt_upgradeStandard apt upgrade. Install 0.3.8-1+deb11u1build0.22.04.1 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y libeconf
Most apt upgrades restart their service automatically. needrestart lists anything else.
libeconf-dev→0.3.8-1+deb11u1build0.22.04.1apt_upgradeStandard apt upgrade. Install 0.3.8-1+deb11u1build0.22.04.1 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y libeconf-dev
Most apt upgrades restart their service automatically. needrestart lists anything else.
libeconf0→0.3.8-1+deb11u1build0.22.04.1apt_upgradeStandard apt upgrade. Install 0.3.8-1+deb11u1build0.22.04.1 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y libeconf0
Most apt upgrades restart their service automatically. needrestart lists anything else.
Are YOU affected by USN-8368-1?
5-second check on your actual server. Reads /etc/os-release, uname -r, and dpkg-query; matches against the live USN + Debian Security Tracker feeds; tells you whether USN-8368-1 (and any other live CVE) applies. Anonymous, no signup.
curl https://mindsparkstack.com/scan.sh | bash
StackPatch runs this match against YOUR installed packages every hour
Free 1-server / $99 lifetime founder seat (50 only) / $19+/mo monthly. Indie pricing.