Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 538
Alerts This Week
Warning Icon 1 538

SUSE: 2018:3913-1 Moderate: glib2 DoS and Out-of-Bounds Fix

suse
Calendar Grey November 26, 2018
Dist Suse Esm H88
SUSE Security Update for glib2 fixes moderate vulnerabilities with details on installation and patch instructions.
An update that solves two vulnerabilities and has one errata is now available

Summary

This update for glib2 fixes the following issues: Security issues fixed: - CVE-2018-16428: Do not do a NULL pointer dereference (crash). Avoid that, at the cost of introducing a new translatable error message (bsc#1107121). - CVE-2018-16429: Fixed out-of-bounds read vulnerability ing_markup_parse_context_parse() (bsc#1107116). Non-security issue fixed: - various GVariant parsing issues have been resolved (bsc#1111499) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-2018-2780=1

References

#1107116 #1107121 #1111499

Cross- CVE-2018-16428 CVE-2018-16429

Affected Products:

SUSE Linux Enterprise Module for Packagehub Subpackages 15

SUSE Linux Enterprise Module for Open Buildservice Development Tools 15

SUSE Linux Enterprise Module for Basesystem 15

https://www.suse.com/security/cve/CVE-2018-16428.html

https://www.suse.com/security/cve/CVE-2018-16429.html

https://bugzilla.suse.com/1107116

https://bugzilla.suse.com/1107121

https://bugzilla.suse.com/1111499

Announcement ID: SUSE-SU-2018:3913-1
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.