Mageia 9 - MGASA-2024-0311 moderate: glib2.0 D-Bus signal issue
mageia
September 25, 2024
An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1
Summary
An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and
2.80.x before 2.80.1. When a GDBus-based client subscribes to signals
from a trusted system service such as NetworkManager on a shared
computer, other users of the same computer can send spoofed D-Bus
signals that the GDBus-based client will wrongly interpret as having
been sent by the trusted system service. This could lead to the
GDBus-based client behaving incorrectly, with an application-dependent
impact. (CVE-2024-34397)
References
- https://bugs.mageia.org/show_bug.cgi?id=33198
- https://www.openwall.com/lists/oss-security/2024/05/07/5
- https://ubuntu.com/security/notices/USN-6768-1
-
- https://www.cve.org/CVERecord?id=CVE-2024-34397
Topics Covered
Resolution
SRPMS
- 9/core/glib2.0-2.76.3-1.2.mga9
PREVIOUS
NEXT
Publication date: 25 Sep 2024
URL: https://advisories.mageia.org/MGASA-2024-0311.html
Type: security
CVE: CVE-2024-34397
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!