rpm package
suse/glib2&distro=SUSE Linux Enterprise Module for Package Hub 15
pkg:rpm/suse/glib2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-13012 | — | < 2.54.3-4.18.1 | 2.54.3-4.18.1 | Jun 28, 2019 | The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parents (kfsb->dir, NULL, NULL) and files using g_file_replace_contents (kfsb->file, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, | ||
| CVE-2019-12450 | — | < 2.54.3-4.15.1 | 2.54.3-4.15.1 | May 29, 2019 | file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used. | ||
| CVE-2018-16429 | — | < 2.54.3-4.7.1 | 2.54.3-4.7.1 | Sep 4, 2018 | GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c, related to utf8_str(). | ||
| CVE-2018-16428 | — | < 2.54.3-4.7.1 | 2.54.3-4.7.1 | Sep 4, 2018 | In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmarkup.c has a NULL pointer dereference. |
- CVE-2019-13012Jun 28, 2019affected < 2.54.3-4.18.1fixed 2.54.3-4.18.1
The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parents (kfsb->dir, NULL, NULL) and files using g_file_replace_contents (kfsb->file, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL,
- CVE-2019-12450May 29, 2019affected < 2.54.3-4.15.1fixed 2.54.3-4.15.1
file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used.
- CVE-2018-16429Sep 4, 2018affected < 2.54.3-4.7.1fixed 2.54.3-4.7.1
GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c, related to utf8_str().
- CVE-2018-16428Sep 4, 2018affected < 2.54.3-4.7.1fixed 2.54.3-4.7.1
In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmarkup.c has a NULL pointer dereference.