Описание
Security update for glib2
This update for glib2 fixes the following issues:
Security issue fixed:
- CVE-2019-12450: Fixed an improper file permission when copy operation takes place (bsc#1137001).
Other issue addressed:
- glib2 was handling an UNKNOWN connectivity state from NetworkManager as if there was a connection thus giving false positives to PackageKit (bsc#1103678)
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.0
gio-branding-upstream-2.54.3-lp150.3.10.1
glib2-devel-2.54.3-lp150.3.10.1
glib2-devel-32bit-2.54.3-lp150.3.10.1
glib2-devel-static-2.54.3-lp150.3.10.1
glib2-lang-2.54.3-lp150.3.10.1
glib2-tools-2.54.3-lp150.3.10.1
glib2-tools-32bit-2.54.3-lp150.3.10.1
libgio-2_0-0-2.54.3-lp150.3.10.1
libgio-2_0-0-32bit-2.54.3-lp150.3.10.1
libgio-fam-2.54.3-lp150.3.10.1
libgio-fam-32bit-2.54.3-lp150.3.10.1
libglib-2_0-0-2.54.3-lp150.3.10.1
libglib-2_0-0-32bit-2.54.3-lp150.3.10.1
libgmodule-2_0-0-2.54.3-lp150.3.10.1
libgmodule-2_0-0-32bit-2.54.3-lp150.3.10.1
libgobject-2_0-0-2.54.3-lp150.3.10.1
libgobject-2_0-0-32bit-2.54.3-lp150.3.10.1
libgthread-2_0-0-2.54.3-lp150.3.10.1
libgthread-2_0-0-32bit-2.54.3-lp150.3.10.1
Ссылки
- E-Mail link for openSUSE-SU-2019:1650-1
- SUSE Security Ratings
- SUSE Bug 1103678
- SUSE Bug 1137001
- SUSE CVE CVE-2019-12450 page
Описание
file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used.
Затронутые продукты
openSUSE Leap 15.0:gio-branding-upstream-2.54.3-lp150.3.10.1
openSUSE Leap 15.0:glib2-devel-2.54.3-lp150.3.10.1
openSUSE Leap 15.0:glib2-devel-32bit-2.54.3-lp150.3.10.1
openSUSE Leap 15.0:glib2-devel-static-2.54.3-lp150.3.10.1
Ссылки
- CVE-2019-12450
- SUSE Bug 1137001
- SUSE Bug 1139959
- SUSE Bug 1142126