RedHat: RHSA-2022-8418:01 Low: mingw-glib2 security and bug fix upd...
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Low: mingw-glib2 security and bug fix update
Advisory ID:       RHSA-2022:8418-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8418
Issue date:        2022-11-15
CVE Names:         CVE-2021-28153 
=====================================================================

1. Summary:

An update for mingw-glib2 is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact
of Low. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder (v. 9) - noarch

3. Description:

GLib provides the core application building blocks for libraries and
applications written in C. It provides the core object system used in
GNOME, the main loop implementation, and a large set of utility functions
for strings and common data structures.

Security Fix(es):

* glib: g_file_replace() with G_FILE_CREATE_REPLACE_DESTINATION creates
empty target for dangling symlink (CVE-2021-28153)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat
Enterprise Linux 9.1 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1938291 - CVE-2021-28153 glib: g_file_replace() with G_FILE_CREATE_REPLACE_DESTINATION creates empty target for dangling symlink
2116278 - Rebuild mingw-glib2 after update mingw-zlib

6. Package List:

Red Hat CodeReady Linux Builder (v. 9):

Source:
mingw-glib2-2.70.1-2.el9.src.rpm

noarch:
mingw32-glib2-2.70.1-2.el9.noarch.rpm
mingw32-glib2-debuginfo-2.70.1-2.el9.noarch.rpm
mingw32-glib2-static-2.70.1-2.el9.noarch.rpm
mingw64-glib2-2.70.1-2.el9.noarch.rpm
mingw64-glib2-debuginfo-2.70.1-2.el9.noarch.rpm
mingw64-glib2-static-2.70.1-2.el9.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-28153
https://access.redhat.com/security/updates/classification/#low
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.1_release_notes/index

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBY3OMUtzjgjWX9erEAQhf9A//aXNZsrjnaDHjI1ra/0KoP35kpbmR++Q6
iDGI67G2MVTMLUDUHrcOuGpPbuRT7Lle71ZUq4G64+A6rhUAA30f38hm2WDoNKBj
TqWC0xOaYg/PMjTsL7lp80c66vsALBunxVNlqWd9D94snqCLOprg1aeTVcQXRC3t
cOsU9zZBiWtdPGcQt1PltbES5rDkM2k7DXfqJh1hkAdA6Z0XBeGAhiKK/laBG963
Y1vjaXbrSF+egPlev3cYQS/JKVHQmJa+CvkklpvIvTV7FHm17PmWhK7pW5ejBVpw
qZxiNpfAhl95ZcV+yBnzmocehgQgwtDtB4ZT7TxLmlQuL96L1QtXCfO+6SL8lhJz
iAoF4YMGtc2s/a35BOgfSA4/62d2fhODOzRAhLTW1jMRsUU07T8ZIibWQr30rDGO
6rUt7SSEi4kTYRYc0C2WK5NKQZnxGEqWeurpIpvUDU3YM7CkRsOnuDEw++NxC57b
diehBM/ijyasiMYna87xgTK9fVd/boiZJl7RKN8GeuRTa1O5M0kdIa9s5yhpzJCH
lL3kpbDvivK5TWgeVQerwhaN56dU5exj96S9GpFwV1bxhM3i1PNycsj2q+nd7htm
x68tLDmY51WgbnRGdfHld7J/7WWIuRiy8P/3v/1HOzu+eMA9cCyPdQWLvy9fuJZQ
387ef6l3jWM=
=BtPq
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
[email protected]
https://listman.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2022-8418:01 Low: mingw-glib2 security and bug fix update

An update for mingw-glib2 is now available for Red Hat Enterprise Linux 9

Summary

GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures.
Security Fix(es):
* glib: g_file_replace() with G_FILE_CREATE_REPLACE_DESTINATION creates empty target for dangling symlink (CVE-2021-28153)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes linked from the References section.

Solution

For details on how to apply this update, which includes the changesdescribed in this advisory, refer to:https://access.redhat.com/articles/11258

References

https://access.redhat.com/security/cve/CVE-2021-28153 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.1_release_notes/index

Package List

Red Hat CodeReady Linux Builder (v. 9):
Source: mingw-glib2-2.70.1-2.el9.src.rpm
noarch: mingw32-glib2-2.70.1-2.el9.noarch.rpm mingw32-glib2-debuginfo-2.70.1-2.el9.noarch.rpm mingw32-glib2-static-2.70.1-2.el9.noarch.rpm mingw64-glib2-2.70.1-2.el9.noarch.rpm mingw64-glib2-debuginfo-2.70.1-2.el9.noarch.rpm mingw64-glib2-static-2.70.1-2.el9.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

Severity
Advisory ID: RHSA-2022:8418-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2022:8418
Issued Date: : 2022-11-15
CVE Names: CVE-2021-28153

Topic

An update for mingw-glib2 is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impactof Low. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Relevant Releases Architectures

Red Hat CodeReady Linux Builder (v. 9) - noarch

Bugs Fixed

1938291 - CVE-2021-28153 glib: g_file_replace() with G_FILE_CREATE_REPLACE_DESTINATION creates empty target for dangling symlink

2116278 - Rebuild mingw-glib2 after update mingw-zlib

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.