Описание
ELSA-2020-3978: glib2 and ibus security and bug fix update (MODERATE)
glib2 [2.56.1-7]
- Backport patch to limit access to files when copying (CVE-2019-12450) Resolves: #1722099
[2.56.1-6]
- Backport patches for GDBus auth Resolves: #1777221
ibus [1.5.17-11]
- Resolves: #1750835 - Fix CVE-2019-14822 missing authorization allows
Обновленные пакеты
Oracle Linux 7
Oracle Linux aarch64
glib2
2.56.1-7.el7
glib2-devel
2.56.1-7.el7
glib2-doc
2.56.1-7.el7
glib2-fam
2.56.1-7.el7
glib2-static
2.56.1-7.el7
glib2-tests
2.56.1-7.el7
ibus
1.5.17-11.el7
ibus-devel
1.5.17-11.el7
ibus-devel-docs
1.5.17-11.el7
ibus-gtk2
1.5.17-11.el7
ibus-gtk3
1.5.17-11.el7
ibus-libs
1.5.17-11.el7
ibus-pygtk2
1.5.17-11.el7
ibus-setup
1.5.17-11.el7
Oracle Linux x86_64
glib2
2.56.1-7.el7
glib2-devel
2.56.1-7.el7
glib2-doc
2.56.1-7.el7
glib2-fam
2.56.1-7.el7
glib2-static
2.56.1-7.el7
glib2-tests
2.56.1-7.el7
ibus
1.5.17-11.el7
ibus-devel
1.5.17-11.el7
ibus-devel-docs
1.5.17-11.el7
ibus-gtk2
1.5.17-11.el7
ibus-gtk3
1.5.17-11.el7
ibus-libs
1.5.17-11.el7
ibus-pygtk2
1.5.17-11.el7
ibus-setup
1.5.17-11.el7
Связанные CVE
Связанные уязвимости
A flaw was discovered in ibus in versions before 1.5.22 that allows any unprivileged user to monitor and send method calls to the ibus bus of another user due to a misconfiguration in the DBus server setup. A local attacker may use this flaw to intercept all keystrokes of a victim user who is using the graphical interface, change the input method engine, or modify other input related configurations of the victim user.
A flaw was discovered in ibus in versions before 1.5.22 that allows any unprivileged user to monitor and send method calls to the ibus bus of another user due to a misconfiguration in the DBus server setup. A local attacker may use this flaw to intercept all keystrokes of a victim user who is using the graphical interface, change the input method engine, or modify other input related configurations of the victim user.
A flaw was discovered in ibus in versions before 1.5.22 that allows any unprivileged user to monitor and send method calls to the ibus bus of another user due to a misconfiguration in the DBus server setup. A local attacker may use this flaw to intercept all keystrokes of a victim user who is using the graphical interface, change the input method engine, or modify other input related configurations of the victim user.
A flaw was discovered in ibus in versions before 1.5.22 that allows an ...
file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used.