SUSE-SU-2025:4308-1

Опубликовано: 28 нояб. 2025

Источник: suse-cvrf

Описание

Security update for glib2

This update for glib2 fixes the following issues:

CVE-2025-7039: Fixed buffer under-read on glib through glib/gfileutils.c via get_tmp_file() (bsc#1249055)

Список пакетов

Container containers/ollama:0

libglib-2_0-0-2.78.6-150600.4.22.1

Container containers/open-webui:0

glib2-tools-2.78.6-150600.4.22.1

libgio-2_0-0-2.78.6-150600.4.22.1

libglib-2_0-0-2.78.6-150600.4.22.1

libgmodule-2_0-0-2.78.6-150600.4.22.1

libgobject-2_0-0-2.78.6-150600.4.22.1

Container containers/pytorch:2-nvidia

glib2-tools-2.78.6-150600.4.22.1

libgio-2_0-0-2.78.6-150600.4.22.1

libglib-2_0-0-2.78.6-150600.4.22.1

libgmodule-2_0-0-2.78.6-150600.4.22.1

libgobject-2_0-0-2.78.6-150600.4.22.1

Container suse/kiosk/firefox-esr:latest

glib2-tools-2.78.6-150600.4.22.1

libgio-2_0-0-2.78.6-150600.4.22.1

libglib-2_0-0-2.78.6-150600.4.22.1

libgmodule-2_0-0-2.78.6-150600.4.22.1

libgobject-2_0-0-2.78.6-150600.4.22.1

libgthread-2_0-0-2.78.6-150600.4.22.1

Container suse/kiosk/pulseaudio:latest

glib2-tools-2.78.6-150600.4.22.1

libgio-2_0-0-2.78.6-150600.4.22.1

libglib-2_0-0-2.78.6-150600.4.22.1

libgmodule-2_0-0-2.78.6-150600.4.22.1

libgobject-2_0-0-2.78.6-150600.4.22.1

Container suse/kiosk/xorg:latest

glib2-tools-2.78.6-150600.4.22.1

libgio-2_0-0-2.78.6-150600.4.22.1

libglib-2_0-0-2.78.6-150600.4.22.1

libgmodule-2_0-0-2.78.6-150600.4.22.1

libgobject-2_0-0-2.78.6-150600.4.22.1

SUSE Linux Enterprise Module for Basesystem 15 SP6

glib2-devel-2.78.6-150600.4.22.1

glib2-lang-2.78.6-150600.4.22.1

glib2-tools-2.78.6-150600.4.22.1

libgio-2_0-0-2.78.6-150600.4.22.1

libgio-2_0-0-32bit-2.78.6-150600.4.22.1

libglib-2_0-0-2.78.6-150600.4.22.1

libglib-2_0-0-32bit-2.78.6-150600.4.22.1

libgmodule-2_0-0-2.78.6-150600.4.22.1

libgmodule-2_0-0-32bit-2.78.6-150600.4.22.1

libgobject-2_0-0-2.78.6-150600.4.22.1

libgobject-2_0-0-32bit-2.78.6-150600.4.22.1

libgthread-2_0-0-2.78.6-150600.4.22.1

SUSE Linux Enterprise Module for Basesystem 15 SP7

glib2-devel-2.78.6-150600.4.22.1

glib2-lang-2.78.6-150600.4.22.1

glib2-tools-2.78.6-150600.4.22.1

libgio-2_0-0-2.78.6-150600.4.22.1

libgio-2_0-0-32bit-2.78.6-150600.4.22.1

libglib-2_0-0-2.78.6-150600.4.22.1

libglib-2_0-0-32bit-2.78.6-150600.4.22.1

libgmodule-2_0-0-2.78.6-150600.4.22.1

libgmodule-2_0-0-32bit-2.78.6-150600.4.22.1

libgobject-2_0-0-2.78.6-150600.4.22.1

libgobject-2_0-0-32bit-2.78.6-150600.4.22.1

libgthread-2_0-0-2.78.6-150600.4.22.1

openSUSE Leap 15.6

gio-branding-upstream-2.78.6-150600.4.22.1

glib2-devel-2.78.6-150600.4.22.1

glib2-devel-32bit-2.78.6-150600.4.22.1

glib2-devel-static-2.78.6-150600.4.22.1

glib2-doc-2.78.6-150600.4.22.1

glib2-lang-2.78.6-150600.4.22.1

glib2-tests-devel-2.78.6-150600.4.22.1

glib2-tools-2.78.6-150600.4.22.1

glib2-tools-32bit-2.78.6-150600.4.22.1

libgio-2_0-0-2.78.6-150600.4.22.1

libgio-2_0-0-32bit-2.78.6-150600.4.22.1

libglib-2_0-0-2.78.6-150600.4.22.1

libglib-2_0-0-32bit-2.78.6-150600.4.22.1

libgmodule-2_0-0-2.78.6-150600.4.22.1

libgmodule-2_0-0-32bit-2.78.6-150600.4.22.1

libgobject-2_0-0-2.78.6-150600.4.22.1

libgobject-2_0-0-32bit-2.78.6-150600.4.22.1

libgthread-2_0-0-2.78.6-150600.4.22.1

libgthread-2_0-0-32bit-2.78.6-150600.4.22.1

Ссылки

https://www.suse.com/support/update/announcement/2025/suse-su-20254308-1/
Link for SUSE-SU-2025:4308-1
https://lists.suse.com/pipermail/sle-security-updates/2025-November/023438.html
E-Mail link for SUSE-SU-2025:4308-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1249055
SUSE Bug 1249055
https://www.suse.com/security/cve/CVE-2025-7039/
SUSE CVE CVE-2025-7039 page

Описание

A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.

Затронутые продукты

Container containers/ollama:0:libglib-2_0-0-2.78.6-150600.4.22.1

Container containers/open-webui:0:glib2-tools-2.78.6-150600.4.22.1

Container containers/open-webui:0:libgio-2_0-0-2.78.6-150600.4.22.1

Container containers/open-webui:0:libglib-2_0-0-2.78.6-150600.4.22.1

Ссылки

https://www.suse.com/security/cve/CVE-2025-7039.html
CVE-2025-7039
https://bugzilla.suse.com/1249055
SUSE Bug 1249055

SUSE-SU-2025:4308-1

Описание

Список пакетов

Container containers/ollama:0

Container containers/open-webui:0

Container containers/pytorch:2-nvidia

Container suse/kiosk/firefox-esr:latest

Container suse/kiosk/pulseaudio:latest

Container suse/kiosk/xorg:latest

SUSE Linux Enterprise Module for Basesystem 15 SP6

SUSE Linux Enterprise Module for Basesystem 15 SP7

openSUSE Leap 15.6

Ссылки

Уязвимость: CVE-2025-7039

Описание

Затронутые продукты

Ссылки