Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 541
Alerts This Week
Warning Icon 1 541

SUSE: 2021:0785-3 Critical: glibc Buffer Overflow Patch

suse
Calendar Grey March 12, 2021
Dist Suse Esm H88
Stay informed about the most recent security patch for glib2 that addresses two critical vulnerabilities impacting SUSE systems.
An update that fixes two vulnerabilities is now available

Summary

This update for glib2 fixes the following issues: - CVE-2021-27218: g_byte_array_new_take takes a gsize as length but stores in a guint, this patch will refuse if the length is larger than guint. (bsc#1182328) - CVE-2021-27219: g_memdup takes a guint as parameter and sometimes leads into an integer overflow, so add a g_memdup2 function which uses gsize to replace it. (bsc#1182362) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-778=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-778=1

References

#1182328 #1182362

Cross- CVE-2021-27218 CVE-2021-27219

CVSS scores:

CVE-2021-27218 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2021-27218 (SUSE): 5 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N

CVE-2021-27219 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2021-27219 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H

Affected Products:

SUSE MicroOS 5.0

SUSE Linux Enterprise Module for Basesystem 15-SP3

SUSE Linux Enterprise Module for Basesystem 15-SP2

https://www.suse.com/security/cve/CVE-2021-27218.html

https://www.suse.com/security/cve/CVE-2021-27219.html

https://bugzilla.suse.com/1182328

https://bugzilla.suse.com/1182362

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2021:0778-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.