Описание
Moderate: glib2 security and bug fix update
GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures.
Security Fix(es):
-
glib2: Possible privilege escalation thourgh pkexec and aliases (CVE-2021-3800)
-
glib: g_file_replace() with G_FILE_CREATE_REPLACE_DESTINATION creates empty target for dangling symlink (CVE-2021-28153)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Rocky Linux 8.5 Release Notes linked from the References section.
Затронутые продукты
Rocky Linux 8
Связанные CVE
Исправления
- Red Hat - 1938284
- Red Hat - 1938291
- Red Hat - 1948988
- Red Hat - 1971533
Связанные уязвимости
ELSA-2021-4385: glib2 security and bug fix update (MODERATE)
A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privileged users to unprivileged ones under the right condition.
A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privileged users to unprivileged ones under the right condition.
A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privileged users to unprivileged ones under the right condition.
A flaw was found in glib before version 2.63.6. Due to random charset alias pkexec can leak content from files owned by privileged users to unprivileged ones under the right condition.