Описание
Security update for glib2
This update for glib2 fixes the following issues:
Security issue fixed:
- CVE-2019-13012: Fixed improper restriction of file permissions when creating directories (bsc#1139959).
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.0
gio-branding-upstream-2.54.3-lp150.3.13.1
glib2-devel-2.54.3-lp150.3.13.1
glib2-devel-32bit-2.54.3-lp150.3.13.1
glib2-devel-static-2.54.3-lp150.3.13.1
glib2-lang-2.54.3-lp150.3.13.1
glib2-tools-2.54.3-lp150.3.13.1
glib2-tools-32bit-2.54.3-lp150.3.13.1
libgio-2_0-0-2.54.3-lp150.3.13.1
libgio-2_0-0-32bit-2.54.3-lp150.3.13.1
libgio-fam-2.54.3-lp150.3.13.1
libgio-fam-32bit-2.54.3-lp150.3.13.1
libglib-2_0-0-2.54.3-lp150.3.13.1
libglib-2_0-0-32bit-2.54.3-lp150.3.13.1
libgmodule-2_0-0-2.54.3-lp150.3.13.1
libgmodule-2_0-0-32bit-2.54.3-lp150.3.13.1
libgobject-2_0-0-2.54.3-lp150.3.13.1
libgobject-2_0-0-32bit-2.54.3-lp150.3.13.1
libgthread-2_0-0-2.54.3-lp150.3.13.1
libgthread-2_0-0-32bit-2.54.3-lp150.3.13.1
Ссылки
- E-Mail link for openSUSE-SU-2019:1749-1
- SUSE Security Ratings
- SUSE Bug 1139959
- SUSE CVE CVE-2019-13012 page
Описание
The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parents (kfsb->dir, NULL, NULL) and files using g_file_replace_contents (kfsb->file, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, NULL, NULL). Consequently, it does not properly restrict directory (and file) permissions. Instead, for directories, 0777 permissions are used; for files, default file permissions are used. This is similar to CVE-2019-12450.
Затронутые продукты
openSUSE Leap 15.0:gio-branding-upstream-2.54.3-lp150.3.13.1
openSUSE Leap 15.0:glib2-devel-2.54.3-lp150.3.13.1
openSUSE Leap 15.0:glib2-devel-32bit-2.54.3-lp150.3.13.1
openSUSE Leap 15.0:glib2-devel-static-2.54.3-lp150.3.13.1
Ссылки
- CVE-2019-13012
- SUSE Bug 1139959
- SUSE Bug 1142126