Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 522
Alerts This Week
Warning Icon 1 522

SUSE: glib2 Important Integer Buffer Overflow Fix SUSE-SU-2026:20045-1

suse
Calendar Grey January 15, 2026
Dist Suse Esm H88
Critical update for SUSE fixes vulnerabilities in glib2 including buffer and integer overflows. Install recommended patches now.
An update that solves three vulnerabilities can now be installed.

Summary

## This update for glib2 fixes the following issues: * CVE-2025-13601: Fixed Integer overflow in in g_escape_uri_string() (bsc#1254297) * CVE-2025-14087: Fixed buffer underflow in GVariant parser leads to heap corruption (bsc#1254662) * CVE-2025-14512: Fixed Integer Overflow in GLib GIO Attribute Escaping Causes Heap Buffer Overflow (bsc#1254878) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-550=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * libglib-2_0-0-2.76.2-11.1 * libgmodule-2_0-0-2.76.2-11.1 * libgmodule-2_0-0-debuginfo-2.76.2-11.1

References

* bsc#1254297

* bsc#1254662

* bsc#1254878

Cross-

* CVE-2025-13601

* CVE-2025-14087

* CVE-2025-14512

CVSS scores:

* CVE-2025-13601 ( SUSE ): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

* CVE-2025-13601 ( NVD ): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

* CVE-2025-14087 ( SUSE ): 6.9

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

* CVE-2025-14087 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

* CVE-2025-14087 ( NVD ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

* CVE-2025-14512 ( SUSE ): 6.9

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

* CVE-2025-14512 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

* CVE-2025-14512 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:20045-1
Release Date: 2026-01-08T15:55:37Z
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.