Fedora 30: Security Advisory for Glib2 File Permissions and Network Fixes

GLib is the low-level core library that forms the basis for projects

such as GTK+ and GNOME. It provides data structure handling for C,

portability wrappers, and interfaces for such runtime functionality

as an event loop, threads, dynamic loading, and an object system.

glib 2.60.4 release: * Fixes to improved network status detection with

NetworkManager * Leak fixes to some `glib-genmarshal` generated code * Further

fixes to the Happy Eyeballs (RFC 8305) implementation * File system permissions

fix to clamp down permissions in a small time window when copying files

(CVE-2019-12450)

* Tue Jun 11 2019 Kalev Lember - 2.60.4-1

- Update to 2.60.4

* Tue May 21 2019 Kalev Lember - 2.60.3-1

- Update to 2.60.3

* Fri May 3 2019 Kalev Lember - 2.60.2-1

- Update to 2.60.2

[ 1 ] Bug #1719141 - CVE-2019-12450 glib2: file_copy_fallback in gio/gfile.c in GNOME GLib does not properly restrict file permissions while a copy operation is in progress

https://bugzilla.redhat.com/show_bug.cgi?id=1719141

su -c 'dnf upgrade --advisory FEDORA-2019-c18d2bd1bd' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/