[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1866-1] glib2.0 security update

Package        : glib2.0
Version        : 2.42.1-1+deb8u2
CVE ID         : CVE-2018-16428 CVE-2018-16429 CVE-2019-13012
Debian Bug     : 931234

Various minor issues have been addressed in the GLib library. GLib is a
useful general-purpose C library used by projects such as GTK+, GIMP,
and GNOME.


    In GNOME GLib, g_markup_parse_context_end_parse() in gmarkup.c
    had a NULL pointer dereference.


    GNOME GLib had an out-of-bounds read vulnerability in
    g_markup_parse_context_parse() in gmarkup.c, related to utf8_str().


    The keyfile settings backend in GNOME GLib (aka glib2.0) before
    created directories using g_file_make_directory_with_parents
    (kfsb->dir, NULL, NULL) and files using g_file_replace_contents
    (kfsb->file, contents, length, NULL, FALSE,
    it did not properly restrict directory (and file) permissions.
    Instead, for directories, 0777 permissions were used; for files,
    default file permissions were used. This issue is similar to

For Debian 8 "Jessie", these problems have been fixed in version

We recommend that you upgrade your glib2.0 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


mike gabriel aka sunweaver (Debian Developer)
fon: +49 (1520) 1976 148

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: sunweaver@debian.org, http://sunweavers.net

Attachment: signature.asc
Description: PGP signature

Reply to: