Описание
Security update for glib2
This update for glib2 fixes the following issues:
- CVE-2025-14512: integer overflow in the GIO
escape_byte_string()function when processing malicious files or remote filesystem attribute values can lead to denial-of-service (bsc#1254878). - CVE-2025-14087: buffer underflow in the GVariant parser
bytestring_parse()andstring_parse()functions when processing attacker-influenced data may lead to crash or code execution (bsc#1254662). - CVE-2025-13601: heap-based buffer overflow in the
g_escape_uri_string()function when processing strings with a large number of unacceptable characters may lead to crash or code execution (bsc#1254297).
Список пакетов
Container suse/manager/4.3/proxy-httpd:latest
glib2-tools-2.70.5-150400.3.29.1
libgio-2_0-0-2.70.5-150400.3.29.1
libglib-2_0-0-2.70.5-150400.3.29.1
libgmodule-2_0-0-2.70.5-150400.3.29.1
libgobject-2_0-0-2.70.5-150400.3.29.1
Container suse/manager/4.3/proxy-salt-broker:latest
libglib-2_0-0-2.70.5-150400.3.29.1
Container suse/sle-micro/base-5.5:latest
glib2-tools-2.70.5-150400.3.29.1
libgio-2_0-0-2.70.5-150400.3.29.1
libglib-2_0-0-2.70.5-150400.3.29.1
libgmodule-2_0-0-2.70.5-150400.3.29.1
libgobject-2_0-0-2.70.5-150400.3.29.1
Container suse/sle-micro/kvm-5.5:latest
glib2-tools-2.70.5-150400.3.29.1
libgio-2_0-0-2.70.5-150400.3.29.1
libglib-2_0-0-2.70.5-150400.3.29.1
libgmodule-2_0-0-2.70.5-150400.3.29.1
libgobject-2_0-0-2.70.5-150400.3.29.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
glib2-devel-2.70.5-150400.3.29.1
glib2-lang-2.70.5-150400.3.29.1
glib2-tools-2.70.5-150400.3.29.1
libgio-2_0-0-2.70.5-150400.3.29.1
libgio-2_0-0-32bit-2.70.5-150400.3.29.1
libglib-2_0-0-2.70.5-150400.3.29.1
libglib-2_0-0-32bit-2.70.5-150400.3.29.1
libgmodule-2_0-0-2.70.5-150400.3.29.1
libgmodule-2_0-0-32bit-2.70.5-150400.3.29.1
libgobject-2_0-0-2.70.5-150400.3.29.1
libgobject-2_0-0-32bit-2.70.5-150400.3.29.1
libgthread-2_0-0-2.70.5-150400.3.29.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
glib2-devel-2.70.5-150400.3.29.1
glib2-lang-2.70.5-150400.3.29.1
glib2-tools-2.70.5-150400.3.29.1
libgio-2_0-0-2.70.5-150400.3.29.1
libgio-2_0-0-32bit-2.70.5-150400.3.29.1
libglib-2_0-0-2.70.5-150400.3.29.1
libglib-2_0-0-32bit-2.70.5-150400.3.29.1
libgmodule-2_0-0-2.70.5-150400.3.29.1
libgmodule-2_0-0-32bit-2.70.5-150400.3.29.1
libgobject-2_0-0-2.70.5-150400.3.29.1
libgobject-2_0-0-32bit-2.70.5-150400.3.29.1
libgthread-2_0-0-2.70.5-150400.3.29.1
SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS
glib2-devel-2.70.5-150400.3.29.1
glib2-lang-2.70.5-150400.3.29.1
glib2-tools-2.70.5-150400.3.29.1
libgio-2_0-0-2.70.5-150400.3.29.1
libgio-2_0-0-32bit-2.70.5-150400.3.29.1
libglib-2_0-0-2.70.5-150400.3.29.1
libglib-2_0-0-32bit-2.70.5-150400.3.29.1
libgmodule-2_0-0-2.70.5-150400.3.29.1
libgmodule-2_0-0-32bit-2.70.5-150400.3.29.1
libgobject-2_0-0-2.70.5-150400.3.29.1
libgobject-2_0-0-32bit-2.70.5-150400.3.29.1
libgthread-2_0-0-2.70.5-150400.3.29.1
SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS
glib2-devel-2.70.5-150400.3.29.1
glib2-lang-2.70.5-150400.3.29.1
glib2-tools-2.70.5-150400.3.29.1
libgio-2_0-0-2.70.5-150400.3.29.1
libgio-2_0-0-32bit-2.70.5-150400.3.29.1
libglib-2_0-0-2.70.5-150400.3.29.1
libglib-2_0-0-32bit-2.70.5-150400.3.29.1
libgmodule-2_0-0-2.70.5-150400.3.29.1
libgmodule-2_0-0-32bit-2.70.5-150400.3.29.1
libgobject-2_0-0-2.70.5-150400.3.29.1
libgobject-2_0-0-32bit-2.70.5-150400.3.29.1
libgthread-2_0-0-2.70.5-150400.3.29.1
SUSE Linux Enterprise Micro 5.3
glib2-tools-2.70.5-150400.3.29.1
libgio-2_0-0-2.70.5-150400.3.29.1
libglib-2_0-0-2.70.5-150400.3.29.1
libgmodule-2_0-0-2.70.5-150400.3.29.1
libgobject-2_0-0-2.70.5-150400.3.29.1
SUSE Linux Enterprise Micro 5.4
glib2-tools-2.70.5-150400.3.29.1
libgio-2_0-0-2.70.5-150400.3.29.1
libglib-2_0-0-2.70.5-150400.3.29.1
libgmodule-2_0-0-2.70.5-150400.3.29.1
libgobject-2_0-0-2.70.5-150400.3.29.1
SUSE Linux Enterprise Micro 5.5
glib2-tools-2.70.5-150400.3.29.1
libgio-2_0-0-2.70.5-150400.3.29.1
libglib-2_0-0-2.70.5-150400.3.29.1
libgmodule-2_0-0-2.70.5-150400.3.29.1
libgobject-2_0-0-2.70.5-150400.3.29.1
SUSE Linux Enterprise Server 15 SP4-LTSS
glib2-devel-2.70.5-150400.3.29.1
glib2-lang-2.70.5-150400.3.29.1
glib2-tools-2.70.5-150400.3.29.1
libgio-2_0-0-2.70.5-150400.3.29.1
libgio-2_0-0-32bit-2.70.5-150400.3.29.1
libglib-2_0-0-2.70.5-150400.3.29.1
libglib-2_0-0-32bit-2.70.5-150400.3.29.1
libgmodule-2_0-0-2.70.5-150400.3.29.1
libgmodule-2_0-0-32bit-2.70.5-150400.3.29.1
libgobject-2_0-0-2.70.5-150400.3.29.1
libgobject-2_0-0-32bit-2.70.5-150400.3.29.1
libgthread-2_0-0-2.70.5-150400.3.29.1
SUSE Linux Enterprise Server 15 SP5-LTSS
glib2-devel-2.70.5-150400.3.29.1
glib2-lang-2.70.5-150400.3.29.1
glib2-tools-2.70.5-150400.3.29.1
libgio-2_0-0-2.70.5-150400.3.29.1
libgio-2_0-0-32bit-2.70.5-150400.3.29.1
libglib-2_0-0-2.70.5-150400.3.29.1
libglib-2_0-0-32bit-2.70.5-150400.3.29.1
libgmodule-2_0-0-2.70.5-150400.3.29.1
libgmodule-2_0-0-32bit-2.70.5-150400.3.29.1
libgobject-2_0-0-2.70.5-150400.3.29.1
libgobject-2_0-0-32bit-2.70.5-150400.3.29.1
libgthread-2_0-0-2.70.5-150400.3.29.1
SUSE Linux Enterprise Server for SAP Applications 15 SP4
glib2-devel-2.70.5-150400.3.29.1
glib2-lang-2.70.5-150400.3.29.1
glib2-tools-2.70.5-150400.3.29.1
libgio-2_0-0-2.70.5-150400.3.29.1
libgio-2_0-0-32bit-2.70.5-150400.3.29.1
libglib-2_0-0-2.70.5-150400.3.29.1
libglib-2_0-0-32bit-2.70.5-150400.3.29.1
libgmodule-2_0-0-2.70.5-150400.3.29.1
libgmodule-2_0-0-32bit-2.70.5-150400.3.29.1
libgobject-2_0-0-2.70.5-150400.3.29.1
libgobject-2_0-0-32bit-2.70.5-150400.3.29.1
libgthread-2_0-0-2.70.5-150400.3.29.1
SUSE Linux Enterprise Server for SAP Applications 15 SP5
glib2-devel-2.70.5-150400.3.29.1
glib2-lang-2.70.5-150400.3.29.1
glib2-tools-2.70.5-150400.3.29.1
libgio-2_0-0-2.70.5-150400.3.29.1
libgio-2_0-0-32bit-2.70.5-150400.3.29.1
libglib-2_0-0-2.70.5-150400.3.29.1
libglib-2_0-0-32bit-2.70.5-150400.3.29.1
libgmodule-2_0-0-2.70.5-150400.3.29.1
libgmodule-2_0-0-32bit-2.70.5-150400.3.29.1
libgobject-2_0-0-2.70.5-150400.3.29.1
libgobject-2_0-0-32bit-2.70.5-150400.3.29.1
libgthread-2_0-0-2.70.5-150400.3.29.1
SUSE Manager Proxy LTS 4.3
glib2-devel-2.70.5-150400.3.29.1
glib2-lang-2.70.5-150400.3.29.1
glib2-tools-2.70.5-150400.3.29.1
libgio-2_0-0-2.70.5-150400.3.29.1
libgio-2_0-0-32bit-2.70.5-150400.3.29.1
libglib-2_0-0-2.70.5-150400.3.29.1
libglib-2_0-0-32bit-2.70.5-150400.3.29.1
libgmodule-2_0-0-2.70.5-150400.3.29.1
libgmodule-2_0-0-32bit-2.70.5-150400.3.29.1
libgobject-2_0-0-2.70.5-150400.3.29.1
libgobject-2_0-0-32bit-2.70.5-150400.3.29.1
libgthread-2_0-0-2.70.5-150400.3.29.1
SUSE Manager Server LTS 4.3
glib2-devel-2.70.5-150400.3.29.1
glib2-lang-2.70.5-150400.3.29.1
glib2-tools-2.70.5-150400.3.29.1
libgio-2_0-0-2.70.5-150400.3.29.1
libgio-2_0-0-32bit-2.70.5-150400.3.29.1
libglib-2_0-0-2.70.5-150400.3.29.1
libglib-2_0-0-32bit-2.70.5-150400.3.29.1
libgmodule-2_0-0-2.70.5-150400.3.29.1
libgmodule-2_0-0-32bit-2.70.5-150400.3.29.1
libgobject-2_0-0-2.70.5-150400.3.29.1
libgobject-2_0-0-32bit-2.70.5-150400.3.29.1
libgthread-2_0-0-2.70.5-150400.3.29.1
Ссылки
- Link for SUSE-SU-2025:4504-1
- E-Mail link for SUSE-SU-2025:4504-1
- SUSE Security Ratings
- SUSE Bug 1254297
- SUSE Bug 1254662
- SUSE Bug 1254878
- SUSE CVE CVE-2025-13601 page
- SUSE CVE CVE-2025-14087 page
- SUSE CVE CVE-2025-14512 page
Описание
A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.
Затронутые продукты
Container suse/manager/4.3/proxy-httpd:latest:glib2-tools-2.70.5-150400.3.29.1
Container suse/manager/4.3/proxy-httpd:latest:libgio-2_0-0-2.70.5-150400.3.29.1
Container suse/manager/4.3/proxy-httpd:latest:libglib-2_0-0-2.70.5-150400.3.29.1
Container suse/manager/4.3/proxy-httpd:latest:libgmodule-2_0-0-2.70.5-150400.3.29.1
Ссылки
- CVE-2025-13601
- SUSE Bug 1254297
Описание
A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.
Затронутые продукты
Container suse/manager/4.3/proxy-httpd:latest:glib2-tools-2.70.5-150400.3.29.1
Container suse/manager/4.3/proxy-httpd:latest:libgio-2_0-0-2.70.5-150400.3.29.1
Container suse/manager/4.3/proxy-httpd:latest:libglib-2_0-0-2.70.5-150400.3.29.1
Container suse/manager/4.3/proxy-httpd:latest:libgmodule-2_0-0-2.70.5-150400.3.29.1
Ссылки
- CVE-2025-14087
- SUSE Bug 1254662
Описание
A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.
Затронутые продукты
Container suse/manager/4.3/proxy-httpd:latest:glib2-tools-2.70.5-150400.3.29.1
Container suse/manager/4.3/proxy-httpd:latest:libgio-2_0-0-2.70.5-150400.3.29.1
Container suse/manager/4.3/proxy-httpd:latest:libglib-2_0-0-2.70.5-150400.3.29.1
Container suse/manager/4.3/proxy-httpd:latest:libgmodule-2_0-0-2.70.5-150400.3.29.1
Ссылки
- CVE-2025-14512
- SUSE Bug 1254878