Stay Vigilant with Timely Linux Security Advisories

Loading...

security advisorymoderateinteger overflow

SUSE Linux Micro 6.0: 2025:20318-1 moderate: glib2 buffer underread

* bsc#1240897 Cross-References: * CVE-2025-3360 . # Security update for glib2 Announcement ID: SUSE-SU-2025:20318-1 Release Date: 2025-05-12T09:45:36Z Rating: moderate References: * bsc#1240897 Cross-References: * CVE-2025-3360 CVSS scores: * CVE-2025-3360 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-3360 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-3360 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * SUSE Linux Micro 6.0 An update that solves one vulnerability can now be installed. ## Description: This update for glib2 fixes the following issues: * CVE-2025-3360: Fixed integer overflow and buffer underread when parsing a very long and invalid ISO 8601 timestamp with g_date_time_new_from_iso8601() (bsc#1240897). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-314=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * libglib-2_0-0-debuginfo-2.76.2-7.1 * libgmodule-2_0-0-2.76.2-7.1 * glib2-tools-debuginfo-2.76.2-7.1 * libglib-2_0-0-2.76.2-7.1 * libgio-2_0-0-2.76.2-7.1 * libgobject-2_0-0-2.76.2-7.1 * libgobject-2_0-0-debuginfo-2.76.2-7.1 * glib2-debugsource-2.76.2-7.1 * libgio-2_0-0-debuginfo-2.76.2-7.1 * glib2-tools-2.76.2-7.1 * libgmodule-2_0-0-debuginfo-2.76.2-7.1 ## References: * https://www.suse.com/security/cve/CVE-2025-3360.html * https://bugzilla.suse.com/show_bug.cgi?id=1240897 . A minor security enhancement for glib2 resolves a buffer over-read vulnerability and an integer overflow flaw in SUSE Linux.. glib2 update, SUSE Linux security, buffer underread fix, integer overflow patch. . LinuxSecurity.com Team

Jun 04, 2025 SuSE

security advisorymoderatesoftware update

SUSE Linux Enterprise Micro moderate: glib2 patch for CVE-2025-3360

* bsc#1240897 Cross-References: * CVE-2025-3360 . # Security update for glib2 Announcement ID: SUSE-SU-2025:01599-1 Release Date: 2025-05-20T10:52:53Z Rating: moderate References: * bsc#1240897 Cross-References: * CVE-2025-3360 CVSS scores: * CVE-2025-3360 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-3360 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-3360 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that solves one vulnerability can now be installed. ## Description: This update for glib2 fixes the following issues: * CVE-2025-3360: Fixed integer overflow and buffer underread when parsing a very long and invalid ISO 8601 timestamp with g_date_time_new_from_iso8601() (bsc#1240897) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2025-1599=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2025-1599=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2025-1599=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2025-1599=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2025-1599=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2025-1599=1 ## Package List: * openSUSE Leap 15.4 (noarch) * glib2-lang-2.70.5-150400.3.20.1 * gio-branding-upstream-2.70.5-150400.3.20.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64i586) * glib2-debugsource-2.70.5-150400.3.20.1 * glib2-devel-debuginfo-2.70.5-150400.3.20.1 * libglib-2_0-0-debuginfo-2.70.5-150400.3.20.1 * libgobject-2_0-0-debuginfo-2.70.5-150400.3.20.1 * glib2-tools-2.70.5-150400.3.20.1 * glib2-tools-debuginfo-2.70.5-150400.3.20.1 * libgthread-2_0-0-2.70.5-150400.3.20.1 * libgobject-2_0-0-2.70.5-150400.3.20.1 * glib2-devel-2.70.5-150400.3.20.1 * glib2-doc-2.70.5-150400.3.20.1 * libgio-2_0-0-2.70.5-150400.3.20.1 * libglib-2_0-0-2.70.5-150400.3.20.1 * libgmodule-2_0-0-2.70.5-150400.3.20.1 * libgmodule-2_0-0-debuginfo-2.70.5-150400.3.20.1 * glib2-tests-devel-2.70.5-150400.3.20.1 * glib2-devel-static-2.70.5-150400.3.20.1 * glib2-tests-devel-debuginfo-2.70.5-150400.3.20.1 * libgthread-2_0-0-debuginfo-2.70.5-150400.3.20.1 * libgio-2_0-0-debuginfo-2.70.5-150400.3.20.1 * openSUSE Leap 15.4 (x86_64) * libgio-2_0-0-32bit-debuginfo-2.70.5-150400.3.20.1 * libgio-2_0-0-32bit-2.70.5-150400.3.20.1 * libglib-2_0-0-32bit-debuginfo-2.70.5-150400.3.20.1 * libgthread-2_0-0-32bit-2.70.5-150400.3.20.1 * glib2-tools-32bit-2.70.5-150400.3.20.1 * libgobject-2_0-0-32bit-2.70.5-150400.3.20.1 * libglib-2_0-0-32bit-2.70.5-150400.3.20.1 * glib2-devel-32bit-debuginfo-2.70.5-150400.3.20.1 * glib2-tools-32bit-debuginfo-2.70.5-150400.3.20.1 * libgobject-2_0-0-32bit-debuginfo-2.70.5-150400.3.20.1 * glib2-devel-32bit-2.70.5-150400.3.20.1 * libgmodule-2_0-0-32bit-debuginfo-2.70.5-150400.3.20.1 * libgthread-2_0-0-32bit-debuginfo-2.70.5-150400.3.20.1 * libgmodule-2_0-0-32bit-2.70.5-150400.3.20.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libgmodule-2_0-0-64bit-debuginfo-2.70.5-150400.3.20.1 * libgio-2_0-0-64bit-2.70.5-150400.3.20.1 * libgio-2_0-0-64bit-debuginfo-2.70.5-150400.3.20.1 * libglib-2_0-0-64bit-2.70.5-150400.3.20.1 * libgthread-2_0-0-64bit-debuginfo-2.70.5-150400.3.20.1 * libgmodule-2_0-0-64bit-2.70.5-150400.3.20.1 *libgobject-2_0-0-64bit-2.70.5-150400.3.20.1 * glib2-devel-64bit-2.70.5-150400.3.20.1 * glib2-tools-64bit-debuginfo-2.70.5-150400.3.20.1 * libgobject-2_0-0-64bit-debuginfo-2.70.5-150400.3.20.1 * glib2-devel-64bit-debuginfo-2.70.5-150400.3.20.1 * glib2-tools-64bit-2.70.5-150400.3.20.1 * libglib-2_0-0-64bit-debuginfo-2.70.5-150400.3.20.1 * libgthread-2_0-0-64bit-2.70.5-150400.3.20.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * glib2-debugsource-2.70.5-150400.3.20.1 * libglib-2_0-0-debuginfo-2.70.5-150400.3.20.1 * libgobject-2_0-0-debuginfo-2.70.5-150400.3.20.1 * glib2-tools-2.70.5-150400.3.20.1 * glib2-tools-debuginfo-2.70.5-150400.3.20.1 * libgobject-2_0-0-2.70.5-150400.3.20.1 * libgio-2_0-0-2.70.5-150400.3.20.1 * libglib-2_0-0-2.70.5-150400.3.20.1 * libgmodule-2_0-0-2.70.5-150400.3.20.1 * libgmodule-2_0-0-debuginfo-2.70.5-150400.3.20.1 * libgio-2_0-0-debuginfo-2.70.5-150400.3.20.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * glib2-debugsource-2.70.5-150400.3.20.1 * libglib-2_0-0-debuginfo-2.70.5-150400.3.20.1 * libgobject-2_0-0-debuginfo-2.70.5-150400.3.20.1 * glib2-tools-2.70.5-150400.3.20.1 * glib2-tools-debuginfo-2.70.5-150400.3.20.1 * libgobject-2_0-0-2.70.5-150400.3.20.1 * libgio-2_0-0-2.70.5-150400.3.20.1 * libglib-2_0-0-2.70.5-150400.3.20.1 * libgmodule-2_0-0-2.70.5-150400.3.20.1 * libgmodule-2_0-0-debuginfo-2.70.5-150400.3.20.1 * libgio-2_0-0-debuginfo-2.70.5-150400.3.20.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * glib2-debugsource-2.70.5-150400.3.20.1 * libglib-2_0-0-debuginfo-2.70.5-150400.3.20.1 * libgobject-2_0-0-debuginfo-2.70.5-150400.3.20.1 * glib2-tools-2.70.5-150400.3.20.1 * glib2-tools-debuginfo-2.70.5-150400.3.20.1 * libgobject-2_0-0-2.70.5-150400.3.20.1 * libgio-2_0-0-2.70.5-150400.3.20.1 * libglib-2_0-0-2.70.5-150400.3.20.1 * libgmodule-2_0-0-2.70.5-150400.3.20.1 *libgmodule-2_0-0-debuginfo-2.70.5-150400.3.20.1 * libgio-2_0-0-debuginfo-2.70.5-150400.3.20.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * glib2-debugsource-2.70.5-150400.3.20.1 * libglib-2_0-0-debuginfo-2.70.5-150400.3.20.1 * libgobject-2_0-0-debuginfo-2.70.5-150400.3.20.1 * glib2-tools-2.70.5-150400.3.20.1 * glib2-tools-debuginfo-2.70.5-150400.3.20.1 * libgobject-2_0-0-2.70.5-150400.3.20.1 * libgio-2_0-0-2.70.5-150400.3.20.1 * libglib-2_0-0-2.70.5-150400.3.20.1 * libgmodule-2_0-0-2.70.5-150400.3.20.1 * libgmodule-2_0-0-debuginfo-2.70.5-150400.3.20.1 * libgio-2_0-0-debuginfo-2.70.5-150400.3.20.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * glib2-debugsource-2.70.5-150400.3.20.1 * libglib-2_0-0-debuginfo-2.70.5-150400.3.20.1 * libgobject-2_0-0-debuginfo-2.70.5-150400.3.20.1 * glib2-tools-2.70.5-150400.3.20.1 * glib2-tools-debuginfo-2.70.5-150400.3.20.1 * libgobject-2_0-0-2.70.5-150400.3.20.1 * libgio-2_0-0-2.70.5-150400.3.20.1 * libglib-2_0-0-2.70.5-150400.3.20.1 * libgmodule-2_0-0-2.70.5-150400.3.20.1 * libgmodule-2_0-0-debuginfo-2.70.5-150400.3.20.1 * libgio-2_0-0-debuginfo-2.70.5-150400.3.20.1 ## References: * https://www.suse.com/security/cve/CVE-2025-3360.html * https://bugzilla.suse.com/show_bug.cgi?id=1240897 . Security update issued for glib2 resolving a moderate vulnerability. Fix is accessible for SUSE Linux users. Examine CVE-2025-3360.. security advisory, software update, glib2 patch, SUSE security, buffer overflow risk. . LinuxSecurity.com Team

May 20, 2025 SuSE

security advisorymoderateinteger overflow

openSUSE Leap 15.4: SUSE-SU-2025:01599-1 moderate: glib2 buffer underread

An update that solves one vulnerability can now be installed.. # Security update for glib2 Announcement ID: SUSE-SU-2025:01599-1 Release Date: 2025-05-20T10:52:53Z Rating: moderate References: * bsc#1240897 Cross-References: * CVE-2025-3360 CVSS scores: * CVE-2025-3360 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-3360 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-3360 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that solves one vulnerability can now be installed. ## Description: This update for glib2 fixes the following issues: * CVE-2025-3360: Fixed integer overflow and buffer underread when parsing a very long and invalid ISO 8601 timestamp with g_date_time_new_from_iso8601() (bsc#1240897) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2025-1599=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2025-1599=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2025-1599=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2025-1599=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2025-1599=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2025-1599=1 ## Package List: * openSUSE Leap 15.4 (noarch) * glib2-lang-2.70.5-150400.3.20.1 * gio-branding-upstream-2.70.5-150400.3.20.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390xx86_64 i586) * glib2-debugsource-2.70.5-150400.3.20.1 * glib2-devel-debuginfo-2.70.5-150400.3.20.1 * libglib-2_0-0-debuginfo-2.70.5-150400.3.20.1 * libgobject-2_0-0-debuginfo-2.70.5-150400.3.20.1 * glib2-tools-2.70.5-150400.3.20.1 * glib2-tools-debuginfo-2.70.5-150400.3.20.1 * libgthread-2_0-0-2.70.5-150400.3.20.1 * libgobject-2_0-0-2.70.5-150400.3.20.1 * glib2-devel-2.70.5-150400.3.20.1 * glib2-doc-2.70.5-150400.3.20.1 * libgio-2_0-0-2.70.5-150400.3.20.1 * libglib-2_0-0-2.70.5-150400.3.20.1 * libgmodule-2_0-0-2.70.5-150400.3.20.1 * libgmodule-2_0-0-debuginfo-2.70.5-150400.3.20.1 * glib2-tests-devel-2.70.5-150400.3.20.1 * glib2-devel-static-2.70.5-150400.3.20.1 * glib2-tests-devel-debuginfo-2.70.5-150400.3.20.1 * libgthread-2_0-0-debuginfo-2.70.5-150400.3.20.1 * libgio-2_0-0-debuginfo-2.70.5-150400.3.20.1 * openSUSE Leap 15.4 (x86_64) * libgio-2_0-0-32bit-debuginfo-2.70.5-150400.3.20.1 * libgio-2_0-0-32bit-2.70.5-150400.3.20.1 * libglib-2_0-0-32bit-debuginfo-2.70.5-150400.3.20.1 * libgthread-2_0-0-32bit-2.70.5-150400.3.20.1 * glib2-tools-32bit-2.70.5-150400.3.20.1 * libgobject-2_0-0-32bit-2.70.5-150400.3.20.1 * libglib-2_0-0-32bit-2.70.5-150400.3.20.1 * glib2-devel-32bit-debuginfo-2.70.5-150400.3.20.1 * glib2-tools-32bit-debuginfo-2.70.5-150400.3.20.1 * libgobject-2_0-0-32bit-debuginfo-2.70.5-150400.3.20.1 * glib2-devel-32bit-2.70.5-150400.3.20.1 * libgmodule-2_0-0-32bit-debuginfo-2.70.5-150400.3.20.1 * libgthread-2_0-0-32bit-debuginfo-2.70.5-150400.3.20.1 * libgmodule-2_0-0-32bit-2.70.5-150400.3.20.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libgmodule-2_0-0-64bit-debuginfo-2.70.5-150400.3.20.1 * libgio-2_0-0-64bit-2.70.5-150400.3.20.1 * libgio-2_0-0-64bit-debuginfo-2.70.5-150400.3.20.1 * libglib-2_0-0-64bit-2.70.5-150400.3.20.1 * libgthread-2_0-0-64bit-debuginfo-2.70.5-150400.3.20.1 * libgmodule-2_0-0-64bit-2.70.5-150400.3.20.1 *libgobject-2_0-0-64bit-2.70.5-150400.3.20.1 * glib2-devel-64bit-2.70.5-150400.3.20.1 * glib2-tools-64bit-debuginfo-2.70.5-150400.3.20.1 * libgobject-2_0-0-64bit-debuginfo-2.70.5-150400.3.20.1 * glib2-devel-64bit-debuginfo-2.70.5-150400.3.20.1 * glib2-tools-64bit-2.70.5-150400.3.20.1 * libglib-2_0-0-64bit-debuginfo-2.70.5-150400.3.20.1 * libgthread-2_0-0-64bit-2.70.5-150400.3.20.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * glib2-debugsource-2.70.5-150400.3.20.1 * libglib-2_0-0-debuginfo-2.70.5-150400.3.20.1 * libgobject-2_0-0-debuginfo-2.70.5-150400.3.20.1 * glib2-tools-2.70.5-150400.3.20.1 * glib2-tools-debuginfo-2.70.5-150400.3.20.1 * libgobject-2_0-0-2.70.5-150400.3.20.1 * libgio-2_0-0-2.70.5-150400.3.20.1 * libglib-2_0-0-2.70.5-150400.3.20.1 * libgmodule-2_0-0-2.70.5-150400.3.20.1 * libgmodule-2_0-0-debuginfo-2.70.5-150400.3.20.1 * libgio-2_0-0-debuginfo-2.70.5-150400.3.20.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * glib2-debugsource-2.70.5-150400.3.20.1 * libglib-2_0-0-debuginfo-2.70.5-150400.3.20.1 * libgobject-2_0-0-debuginfo-2.70.5-150400.3.20.1 * glib2-tools-2.70.5-150400.3.20.1 * glib2-tools-debuginfo-2.70.5-150400.3.20.1 * libgobject-2_0-0-2.70.5-150400.3.20.1 * libgio-2_0-0-2.70.5-150400.3.20.1 * libglib-2_0-0-2.70.5-150400.3.20.1 * libgmodule-2_0-0-2.70.5-150400.3.20.1 * libgmodule-2_0-0-debuginfo-2.70.5-150400.3.20.1 * libgio-2_0-0-debuginfo-2.70.5-150400.3.20.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * glib2-debugsource-2.70.5-150400.3.20.1 * libglib-2_0-0-debuginfo-2.70.5-150400.3.20.1 * libgobject-2_0-0-debuginfo-2.70.5-150400.3.20.1 * glib2-tools-2.70.5-150400.3.20.1 * glib2-tools-debuginfo-2.70.5-150400.3.20.1 * libgobject-2_0-0-2.70.5-150400.3.20.1 * libgio-2_0-0-2.70.5-150400.3.20.1 * libglib-2_0-0-2.70.5-150400.3.20.1 * libgmodule-2_0-0-2.70.5-150400.3.20.1 *libgmodule-2_0-0-debuginfo-2.70.5-150400.3.20.1 * libgio-2_0-0-debuginfo-2.70.5-150400.3.20.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * glib2-debugsource-2.70.5-150400.3.20.1 * libglib-2_0-0-debuginfo-2.70.5-150400.3.20.1 * libgobject-2_0-0-debuginfo-2.70.5-150400.3.20.1 * glib2-tools-2.70.5-150400.3.20.1 * glib2-tools-debuginfo-2.70.5-150400.3.20.1 * libgobject-2_0-0-2.70.5-150400.3.20.1 * libgio-2_0-0-2.70.5-150400.3.20.1 * libglib-2_0-0-2.70.5-150400.3.20.1 * libgmodule-2_0-0-2.70.5-150400.3.20.1 * libgmodule-2_0-0-debuginfo-2.70.5-150400.3.20.1 * libgio-2_0-0-debuginfo-2.70.5-150400.3.20.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * glib2-debugsource-2.70.5-150400.3.20.1 * libglib-2_0-0-debuginfo-2.70.5-150400.3.20.1 * libgobject-2_0-0-debuginfo-2.70.5-150400.3.20.1 * glib2-tools-2.70.5-150400.3.20.1 * glib2-tools-debuginfo-2.70.5-150400.3.20.1 * libgobject-2_0-0-2.70.5-150400.3.20.1 * libgio-2_0-0-2.70.5-150400.3.20.1 * libglib-2_0-0-2.70.5-150400.3.20.1 * libgmodule-2_0-0-2.70.5-150400.3.20.1 * libgmodule-2_0-0-debuginfo-2.70.5-150400.3.20.1 * libgio-2_0-0-debuginfo-2.70.5-150400.3.20.1 ## References: * https://www.suse.com/security/cve/CVE-2025-3360.html * https://bugzilla.suse.com/show_bug.cgi?id=1240897 . To enhance system security on openSUSE, ensure to apply the most recent update for glib2, which resolves significant vulnerabilities including an integer overflow flaw.. openSUSE glib2 update security moderate. . LinuxSecurity.com Team

May 20, 2025 OpenSUSE

security advisorymoderate severitySUSE Linux

SUSE Linux 15 SP6: 2025:1367-1 moderate: glib2 buffer underread

* bsc#1240897 Cross-References: * CVE-2025-3360 . # Security update for glib2 Announcement ID: SUSE-SU-2025:1367-1 Release Date: 2025-04-24T14:38:56Z Rating: moderate References: * bsc#1240897 Cross-References: * CVE-2025-3360 CVSS scores: * CVE-2025-3360 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-3360 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-3360 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * Basesystem Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves one vulnerability can now be installed. ## Description: This update for glib2 fixes the following issues: * CVE-2025-3360: Fixed integer overflow and buffer underread when parsing a very long and invalid ISO 8601 timestamp with g_date_time_new_from_iso8601() (bsc#1240897) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2025-1367=1 openSUSE-SLE-15.6-2025-1367=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-1367=1 ## Package List: * openSUSE Leap 15.6 (noarch) * gio-branding-upstream-2.78.6-150600.4.11.1 * glib2-lang-2.78.6-150600.4.11.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * libgmodule-2_0-0-2.78.6-150600.4.11.1 * glib2-devel-debuginfo-2.78.6-150600.4.11.1 * libgio-2_0-0-2.78.6-150600.4.11.1 * glib2-debugsource-2.78.6-150600.4.11.1 * glib2-tools-debuginfo-2.78.6-150600.4.11.1 * libgthread-2_0-0-debuginfo-2.78.6-150600.4.11.1 * glib2-tests-devel-debuginfo-2.78.6-150600.4.11.1 *libgmodule-2_0-0-debuginfo-2.78.6-150600.4.11.1 * libglib-2_0-0-debuginfo-2.78.6-150600.4.11.1 * glib2-devel-static-2.78.6-150600.4.11.1 * glib2-devel-2.78.6-150600.4.11.1 * libgio-2_0-0-debuginfo-2.78.6-150600.4.11.1 * libgobject-2_0-0-debuginfo-2.78.6-150600.4.11.1 * libgthread-2_0-0-2.78.6-150600.4.11.1 * libgobject-2_0-0-2.78.6-150600.4.11.1 * glib2-tests-devel-2.78.6-150600.4.11.1 * glib2-tools-2.78.6-150600.4.11.1 * libglib-2_0-0-2.78.6-150600.4.11.1 * glib2-doc-2.78.6-150600.4.11.1 * openSUSE Leap 15.6 (x86_64) * glib2-devel-32bit-2.78.6-150600.4.11.1 * glib2-tools-32bit-2.78.6-150600.4.11.1 * libglib-2_0-0-32bit-debuginfo-2.78.6-150600.4.11.1 * libgio-2_0-0-32bit-debuginfo-2.78.6-150600.4.11.1 * libgthread-2_0-0-32bit-2.78.6-150600.4.11.1 * glib2-tools-32bit-debuginfo-2.78.6-150600.4.11.1 * libglib-2_0-0-32bit-2.78.6-150600.4.11.1 * libgthread-2_0-0-32bit-debuginfo-2.78.6-150600.4.11.1 * libgmodule-2_0-0-32bit-debuginfo-2.78.6-150600.4.11.1 * libgobject-2_0-0-32bit-2.78.6-150600.4.11.1 * libgmodule-2_0-0-32bit-2.78.6-150600.4.11.1 * libgobject-2_0-0-32bit-debuginfo-2.78.6-150600.4.11.1 * libgio-2_0-0-32bit-2.78.6-150600.4.11.1 * glib2-devel-32bit-debuginfo-2.78.6-150600.4.11.1 * openSUSE Leap 15.6 (aarch64_ilp32) * libgobject-2_0-0-64bit-debuginfo-2.78.6-150600.4.11.1 * libgthread-2_0-0-64bit-debuginfo-2.78.6-150600.4.11.1 * glib2-devel-64bit-2.78.6-150600.4.11.1 * libgmodule-2_0-0-64bit-2.78.6-150600.4.11.1 * glib2-devel-64bit-debuginfo-2.78.6-150600.4.11.1 * glib2-tools-64bit-2.78.6-150600.4.11.1 * libgmodule-2_0-0-64bit-debuginfo-2.78.6-150600.4.11.1 * libgobject-2_0-0-64bit-2.78.6-150600.4.11.1 * libglib-2_0-0-64bit-debuginfo-2.78.6-150600.4.11.1 * libgio-2_0-0-64bit-2.78.6-150600.4.11.1 * libglib-2_0-0-64bit-2.78.6-150600.4.11.1 * libgio-2_0-0-64bit-debuginfo-2.78.6-150600.4.11.1 * libgthread-2_0-0-64bit-2.78.6-150600.4.11.1 *glib2-tools-64bit-debuginfo-2.78.6-150600.4.11.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * libgmodule-2_0-0-2.78.6-150600.4.11.1 * glib2-devel-debuginfo-2.78.6-150600.4.11.1 * libgio-2_0-0-2.78.6-150600.4.11.1 * glib2-debugsource-2.78.6-150600.4.11.1 * glib2-tools-debuginfo-2.78.6-150600.4.11.1 * libgthread-2_0-0-debuginfo-2.78.6-150600.4.11.1 * libgmodule-2_0-0-debuginfo-2.78.6-150600.4.11.1 * libglib-2_0-0-debuginfo-2.78.6-150600.4.11.1 * glib2-devel-2.78.6-150600.4.11.1 * libgio-2_0-0-debuginfo-2.78.6-150600.4.11.1 * libgthread-2_0-0-2.78.6-150600.4.11.1 * libgobject-2_0-0-2.78.6-150600.4.11.1 * glib2-tools-2.78.6-150600.4.11.1 * libgobject-2_0-0-debuginfo-2.78.6-150600.4.11.1 * libglib-2_0-0-2.78.6-150600.4.11.1 * Basesystem Module 15-SP6 (noarch) * glib2-lang-2.78.6-150600.4.11.1 * Basesystem Module 15-SP6 (x86_64) * libglib-2_0-0-32bit-debuginfo-2.78.6-150600.4.11.1 * libgio-2_0-0-32bit-debuginfo-2.78.6-150600.4.11.1 * libglib-2_0-0-32bit-2.78.6-150600.4.11.1 * libgmodule-2_0-0-32bit-debuginfo-2.78.6-150600.4.11.1 * libgobject-2_0-0-32bit-2.78.6-150600.4.11.1 * libgmodule-2_0-0-32bit-2.78.6-150600.4.11.1 * libgobject-2_0-0-32bit-debuginfo-2.78.6-150600.4.11.1 * libgio-2_0-0-32bit-2.78.6-150600.4.11.1 ## References: * https://www.suse.com/security/cve/CVE-2025-3360.html * https://bugzilla.suse.com/show_bug.cgi?id=1240897 . Critical security notice for openSUSE Linux regarding a buffer overread vulnerability in glib2 that may affect the reliability of the system.. SUSE Linux, glib2, security update. . LinuxSecurity.com Team

Apr 24, 2025 SuSE

security advisorydenial of servicephp

Debian: DSA-4240-1 Critical PHP7.0 Update For Buffer Overflow

Several vulnerabilities were found in PHP, a widely-used open source general purpose scripting language: CVE-2018-7584 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4240-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Moritz Muehlenhoff July 05, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : php7.0 CVE ID : CVE-2018-7584 CVE-2018-10545 CVE-2018-10546 CVE-2018-10547 CVE-2018-10548 CVE-2018-10549 Several vulnerabilities were found in PHP, a widely-used open source general purpose scripting language: CVE-2018-7584 Buffer underread in parsing HTTP responses CVE-2018-10545 Dumpable FPM child processes allowed the bypass of opcache access controls CVE-2018-10546 Denial of service via infinite loop in convert.iconv stream filter CVE-2018-10547 The fix for CVE-2018-5712 (shipped in DSA 4080) was incomplete CVE-2018-10548 Denial of service via malformed LDAP server responses CVE-2018-10549 Out-of-bounds read when parsing malformed JPEG files For the stable distribution (stretch), these problems have been fixed in version 7.0.30-0+deb9u1. We recommend that you upgrade your php7.0 packages. For the detailed security status of php7.0 please refer to its security tracker page at: Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Important PHP patches tackle security flaws such as memory corruption and service disruption in Debian DSA-4240-2.. PHP Security Update, Debian DSA-4240-1, PHP Vulnerability Mitigation. . Severity: Critical. LinuxSecurity.com Team

Jul 05, 2018 •Critical Debian

security advisorycriticalformat string

Slackware 14.1: 2016-148-01 Critical: libxml2 Buffer Issues

New libxml2 packages are available for Slackware 14.0, 14.1, and -current to fix security issues. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] libxml2 (SSA:2016-148-01) New libxml2 packages are available for Slackware 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/libxml2-2.9.4-i486-1_slack14.1.txz: Upgraded. This release fixes bugs and security issues: Heap-based buffer underreads due to xmlParseName (CVE-2016-4447). Format string vulnerability (CVE-2016-4448). Inappropriate fetch of entities content (CVE-2016-4449). For more information, see: https://www.cve.org/CVERecord?id=CVE-2016-4447 https://www.cve.org/CVERecord?id=CVE-2016-4448 https://www.cve.org/CVERecord?id=CVE-2016-4449 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you. Updated package for Slackware 14.0: Updated package for Slackware x86_64 14.0: Updated package for Slackware 14.1: Updated package for Slackware x86_64 14.1: Updated package for Slackware -current: Updated package for Slackware x86_64 -current: MD5 signatures: +-------------+ Slackware 14.0 package: c498433ae7d6077a9d5245877aa2c06e libxml2-2.9.4-i486-1_slack14.0.txz Slackware x86_64 14.0 package: c92258a87bb30a6cdce2b5428d640bd5 libxml2-2.9.4-x86_64-1_slack14.0.txz Slackware 14.1 package: 2b74b913a164a23ad2da10eebf923e46 libxml2-2.9.4-i486-1_slack14.1.txz Slackware x86_64 14.1 package: e2dee612c7de77822824e43a61414c2c libxml2-2.9.4-x86_64-1_slack14.1.txz Slackware -current package: 98d1ede4a347a49f2ad972ac5339b9e6 l/libxml2-2.9.4-i586-1.txz Slackware x86_64 -currentpackage: c2d5721aac77b74d7e47a2a8a372d47a l/libxml2-2.9.4-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg libxml2-2.9.4-i486-1_slack14.1.txz +-----+ . Exciting new updates for libxml2 on Slackware that tackle vital security vulnerabilities and enhance system reliability. Update your systems today!. libxml2 packages, security update, slackware upgrade. . Severity: Critical. LinuxSecurity.com Team

May 27, 2016 •Critical Slackware

Stay Secure with the Latest Linux Advisories

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Refine advisories

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution

Explore Latest Linux Security advisories

SUSE Linux Micro 6.0: 2025:20318-1 moderate: glib2 buffer underread

SUSE Linux Enterprise Micro moderate: glib2 patch for CVE-2025-3360

openSUSE Leap 15.4: SUSE-SU-2025:01599-1 moderate: glib2 buffer underread

SUSE Linux 15 SP6: 2025:1367-1 moderate: glib2 buffer underread

Debian: DSA-4240-1 Critical PHP7.0 Update For Buffer Overflow

Slackware 14.1: 2016-148-01 Critical: libxml2 Buffer Issues

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Stay Secure with the Latest Linux Advisories

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Refine advisories

severity

Topics

Distro

Published Date

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Explore Latest Linux Security advisories

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Search Topics

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!