Описание
Security update for glib2
This update for glib2 fixes the following issues:
- CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files (bsc#1183533).
Список пакетов
SUSE Linux Enterprise Micro 5.0
glib2-tools-2.62.6-150200.3.9.1
libgio-2_0-0-2.62.6-150200.3.9.1
libglib-2_0-0-2.62.6-150200.3.9.1
libgmodule-2_0-0-2.62.6-150200.3.9.1
libgobject-2_0-0-2.62.6-150200.3.9.1
SUSE Linux Enterprise Module for Basesystem 15 SP3
glib2-devel-2.62.6-150200.3.9.1
glib2-lang-2.62.6-150200.3.9.1
glib2-tools-2.62.6-150200.3.9.1
libgio-2_0-0-2.62.6-150200.3.9.1
libgio-2_0-0-32bit-2.62.6-150200.3.9.1
libglib-2_0-0-2.62.6-150200.3.9.1
libglib-2_0-0-32bit-2.62.6-150200.3.9.1
libgmodule-2_0-0-2.62.6-150200.3.9.1
libgmodule-2_0-0-32bit-2.62.6-150200.3.9.1
libgobject-2_0-0-2.62.6-150200.3.9.1
libgobject-2_0-0-32bit-2.62.6-150200.3.9.1
libgthread-2_0-0-2.62.6-150200.3.9.1
SUSE Linux Enterprise Real Time 15 SP2
glib2-devel-2.62.6-150200.3.9.1
glib2-lang-2.62.6-150200.3.9.1
glib2-tools-2.62.6-150200.3.9.1
libgio-2_0-0-2.62.6-150200.3.9.1
libgio-2_0-0-32bit-2.62.6-150200.3.9.1
libglib-2_0-0-2.62.6-150200.3.9.1
libglib-2_0-0-32bit-2.62.6-150200.3.9.1
libgmodule-2_0-0-2.62.6-150200.3.9.1
libgmodule-2_0-0-32bit-2.62.6-150200.3.9.1
libgobject-2_0-0-2.62.6-150200.3.9.1
libgobject-2_0-0-32bit-2.62.6-150200.3.9.1
libgthread-2_0-0-2.62.6-150200.3.9.1
openSUSE Leap 15.3
gio-branding-upstream-2.62.6-150200.3.9.1
glib2-devel-2.62.6-150200.3.9.1
glib2-devel-32bit-2.62.6-150200.3.9.1
glib2-devel-static-2.62.6-150200.3.9.1
glib2-lang-2.62.6-150200.3.9.1
glib2-tests-2.62.6-150200.3.9.1
glib2-tools-2.62.6-150200.3.9.1
glib2-tools-32bit-2.62.6-150200.3.9.1
libgio-2_0-0-2.62.6-150200.3.9.1
libgio-2_0-0-32bit-2.62.6-150200.3.9.1
libgio-fam-2.62.6-150200.3.9.1
libgio-fam-32bit-2.62.6-150200.3.9.1
libglib-2_0-0-2.62.6-150200.3.9.1
libglib-2_0-0-32bit-2.62.6-150200.3.9.1
libgmodule-2_0-0-2.62.6-150200.3.9.1
libgmodule-2_0-0-32bit-2.62.6-150200.3.9.1
libgobject-2_0-0-2.62.6-150200.3.9.1
libgobject-2_0-0-32bit-2.62.6-150200.3.9.1
libgthread-2_0-0-2.62.6-150200.3.9.1
libgthread-2_0-0-32bit-2.62.6-150200.3.9.1
Ссылки
- Link for SUSE-SU-2022:1455-1
- E-Mail link for SUSE-SU-2022:1455-1
- SUSE Security Ratings
- SUSE Bug 1183533
- SUSE CVE CVE-2021-28153 page
Описание
An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is attacker-controlled. (If the path is a symlink to a file that already exists, then the contents of that file correctly remain unchanged.)
Затронутые продукты
SUSE Linux Enterprise Micro 5.0:glib2-tools-2.62.6-150200.3.9.1
SUSE Linux Enterprise Micro 5.0:libgio-2_0-0-2.62.6-150200.3.9.1
SUSE Linux Enterprise Micro 5.0:libglib-2_0-0-2.62.6-150200.3.9.1
SUSE Linux Enterprise Micro 5.0:libgmodule-2_0-0-2.62.6-150200.3.9.1
Ссылки
- CVE-2021-28153
- SUSE Bug 1183533