rpm package
suse/glib2&distro=SUSE Linux Enterprise Server 12 SP5
pkg:rpm/suse/glib2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-34397 | Med | 5.2 | < 2.48.2-12.37.1 | 2.48.2-12.37.1 | May 7, 2024 | An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals tha | |
| CVE-2021-3800 | — | < 2.48.2-12.25.1 | 2.48.2-12.25.1 | Aug 23, 2022 | A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privileged users to unprivileged ones under the right condition. | ||
| CVE-2021-28153 | — | < 2.48.2-12.28.1 | 2.48.2-12.28.1 | Mar 11, 2021 | An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security re | ||
| CVE-2021-27219 | — | < 2.48.2-12.22.1 | 2.48.2-12.22.1 | Feb 15, 2021 | An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption. | ||
| CVE-2021-27218 | — | < 2.48.2-12.22.1 | 2.48.2-12.22.1 | Feb 15, 2021 | An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation. |
- affected < 2.48.2-12.37.1fixed 2.48.2-12.37.1
An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals tha
- CVE-2021-3800Aug 23, 2022affected < 2.48.2-12.25.1fixed 2.48.2-12.25.1
A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privileged users to unprivileged ones under the right condition.
- CVE-2021-28153Mar 11, 2021affected < 2.48.2-12.28.1fixed 2.48.2-12.28.1
An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security re
- CVE-2021-27219Feb 15, 2021affected < 2.48.2-12.22.1fixed 2.48.2-12.22.1
An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption.
- CVE-2021-27218Feb 15, 2021affected < 2.48.2-12.22.1fixed 2.48.2-12.22.1
An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation.