Описание
Security update for glib2
This update for glib2 fixes the following issues:
- CVE-2021-27218: g_byte_array_new_take takes a gsize as length but stores in a guint, this patch will refuse if the length is larger than guint. (bsc#1182328)
- CVE-2021-27219: g_memdup takes a guint as parameter and sometimes leads into an integer overflow, so add a g_memdup2 function which uses gsize to replace it. (bsc#1182362)
This update was imported from the SUSE:SLE-15-SP2:Update update project.
Список пакетов
openSUSE Leap 15.2
gio-branding-upstream-2.62.6-lp152.2.6.1
glib2-devel-2.62.6-lp152.2.6.1
glib2-devel-32bit-2.62.6-lp152.2.6.1
glib2-devel-static-2.62.6-lp152.2.6.1
glib2-lang-2.62.6-lp152.2.6.1
glib2-tests-2.62.6-lp152.2.6.1
glib2-tools-2.62.6-lp152.2.6.1
glib2-tools-32bit-2.62.6-lp152.2.6.1
libgio-2_0-0-2.62.6-lp152.2.6.1
libgio-2_0-0-32bit-2.62.6-lp152.2.6.1
libgio-fam-2.62.6-lp152.2.6.1
libgio-fam-32bit-2.62.6-lp152.2.6.1
libglib-2_0-0-2.62.6-lp152.2.6.1
libglib-2_0-0-32bit-2.62.6-lp152.2.6.1
libgmodule-2_0-0-2.62.6-lp152.2.6.1
libgmodule-2_0-0-32bit-2.62.6-lp152.2.6.1
libgobject-2_0-0-2.62.6-lp152.2.6.1
libgobject-2_0-0-32bit-2.62.6-lp152.2.6.1
libgthread-2_0-0-2.62.6-lp152.2.6.1
libgthread-2_0-0-32bit-2.62.6-lp152.2.6.1
Ссылки
- E-Mail link for openSUSE-SU-2021:0406-1
- SUSE Security Ratings
- SUSE Bug 1182328
- SUSE Bug 1182362
- SUSE CVE CVE-2021-27218 page
- SUSE CVE CVE-2021-27219 page
Описание
An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation.
Затронутые продукты
openSUSE Leap 15.2:gio-branding-upstream-2.62.6-lp152.2.6.1
openSUSE Leap 15.2:glib2-devel-2.62.6-lp152.2.6.1
openSUSE Leap 15.2:glib2-devel-32bit-2.62.6-lp152.2.6.1
openSUSE Leap 15.2:glib2-devel-static-2.62.6-lp152.2.6.1
Ссылки
- CVE-2021-27218
- SUSE Bug 1182328
- SUSE Bug 1182362
Описание
An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption.
Затронутые продукты
openSUSE Leap 15.2:gio-branding-upstream-2.62.6-lp152.2.6.1
openSUSE Leap 15.2:glib2-devel-2.62.6-lp152.2.6.1
openSUSE Leap 15.2:glib2-devel-32bit-2.62.6-lp152.2.6.1
openSUSE Leap 15.2:glib2-devel-static-2.62.6-lp152.2.6.1
Ссылки
- CVE-2021-27219
- SUSE Bug 1182362
- SUSE Bug 1194015