Debian 9: DLA-3044-1 Moderate: glib2.0 Memory Corruption Issues
debian lts
June 6, 2022
Several security vulnerabilities were found in glib2.0, a general-purpose utility library for the GNOME environment
Summary
If g_byte_array_new_take() was called with a buffer of 4GB or more on a
64-bit platform, the length would be truncated modulo 2**32, causing
unintended length truncation.
CVE-2021-27219
The function g_bytes_new has an integer overflow on 64-bit platforms due to
an implicit cast from 64 bits to 32 bits. The overflow could potentially
lead to memory corruption.
CVE-2021-28153
When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to
replace a path that is a dangling symlink, it incorrectly also creates the
target of the symlink as an empty file, which could conceivably have
security relevance if the symlink is attacker-controlled. (If the path is
a symlink to a file that already exists, then the contents of that file
correctly remain unchanged.)
For Debian 9 stretch, these problems have been fixed in version
2.50.3-2+deb9u3.
We recommend that you upgrade your glib2.0 packages.
For the detailed security status of glib2.0 please refer to
PREVIOUS
NEXT
-------------------------------------------------------------------------Package: glib2.0
Version: 2.50.3-2+deb9u3
CVE ID: CVE-2021-27218 CVE-2021-27219 CVE-2021-28153
Debian Bug: 984969 982778 982779
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!