Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Ubuntu 24.04 LTS USN-6768-1 Critical GLib Spoofing Risk

ubuntu
Calendar Grey May 9, 2024
Dist Ubuntu Esm H88
Ubuntu's latest GLib security advisory addresses vulnerabilities tied to forged D-Bus signals, affecting multiple Linux distributions. Users should update quickly to reduce risks
GLib could be made to accept spoofed D-Bus signals.

Summary

GLib could be made to accept spoofed D-Bus signals.

Software Description:

- glib2.0: GLib library of C routines

Details:

Alicia Boya García discovered that GLib incorrectly handled signal

subscriptions. A local attacker could use this issue to spoof D-Bus signals

resulting in a variety of impacts including possible privilege escalation.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
   libglib2.0-0t64                 2.80.0-6ubuntu3.1
   libglib2.0-bin                  2.80.0-6ubuntu3.1

Ubuntu 23.10
   libglib2.0-0                    2.78.0-2ubuntu0.1
   libglib2.0-bin                  2.78.0-2ubuntu0.1

Ubuntu 22.04 LTS
   libglib2.0-0                    2.72.4-0ubuntu2.3
   libglib2.0-bin                  2.72.4-0ubuntu2.3

Ubuntu 20.04 LTS
   libglib2.0-0                    2.64.6-1~ubuntu20.04.7
   libglib2.0-bin                  2.64.6-1~ubuntu20.04.7

After a standard system update you need to reboot your computer to make all
the necessary changes.

References

https://ubuntu.com/security/notices/USN-6768-1

CVE-2024-34397

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6768-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here