This update for glib2 fixes the following issues:
- CVE-2026-1485: Fixed buffer underflow and out-of-bounds access due to integer wraparound in content type parsing (bsc#1257354).
- CVE-2026-1484: Fixed buffer underflow and out-of-bounds access due to miscalculated buffer boundaries in the Base64 encoding routine (bsc#1257355).
- CVE-2026-1489: Fixed undersized heap allocation followed by out-of-bounds access due to integer overflow in Unicode case conversion (bsc#1257353).
- CVE-2026-0988: Fixed a potential integer overflow in g_buffered_input_stream_peek (bsc#1257049).
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-235=1
- openSUSE Leap 16.0:
gio-branding-upstream-2.84.4-160000.2.1
glib2-devel-2.84.4-160000.2.1
glib2-devel-static-2.84.4-160000.2.1
glib2-doc-2.84.4-160000.2.1
glib2-lang-2.84.4-160000.2.1
glib2-tests-devel-2.84.4-160000.2.1
glib2-tools-2.84.4-160000.2.1
libgio-2_0-0-2.84.4-160000.2.1
libgirepository-2_0-0-2.84.4-160000.2.1
libglib-2_0-0-2.84.4-160000.2.1
libgmodule-2_0-0-2.84.4-160000.2.1
libgobject-2_0-0-2.84.4-160000.2.1
libgthread-2_0-0-2.84.4-160000.2.1
typelib-1_0-GIRepository-3_0-2.84.4-160000.2.1
typelib-1_0-GLib-2_0-2.84.4-160000.2.1
typelib-1_0-GLibUnix-2_0-2.84.4-160000.2.1
typelib-1_0-GModule-2_0-2.84.4-160000.2.1
typelib-1_0-GObject-2_0-2.84.4-160000.2.1
typelib-1_0-Gio-2_0-2.84.4-160000.2.1
* bsc#1257049
* bsc#1257353
* bsc#1257354
* bsc#1257355
References:
* https://www.suse.com/security/cve/CVE-2026-0988.html
* https://www.suse.com/security/cve/CVE-2026-1484.html
* https://www.suse.com/security/cve/CVE-2026-1485.html
* https://www.suse.com/security/cve/CVE-2026-1489.html
Get the latest Linux and open source security news straight to your inbox.