Stay Secure with the Latest Linux Advisories

security advisorysecurity issueFedora

Fedora 30: Security Advisory for Glib2 File Permissions and Network Fixes

glib 2.60.4 release: * Fixes to improved network status detection with NetworkManager * Leak fixes to some `glib-genmarshal` generated code * Further fixes to the Happy Eyeballs (RFC 8305) implementation * File system permissions fix to clamp down permissions in a small time window when copying files (CVE-2019-12450). --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2019-c18d2bd1bd 2019-06-17 18:27:25.204662 --------------------------------------------------------------------------------Name : glib2 Product : Fedora 30 Version : 2.60.4 Release : 1.fc30 URL : https://www.gtk.org/ Summary : A library of handy utility functions Description : GLib is the low-level core library that forms the basis for projects such as GTK+ and GNOME. It provides data structure handling for C, portability wrappers, and interfaces for such runtime functionality as an event loop, threads, dynamic loading, and an object system. --------------------------------------------------------------------------------Update Information: glib 2.60.4 release: * Fixes to improved network status detection with NetworkManager * Leak fixes to some `glib-genmarshal` generated code * Further fixes to the Happy Eyeballs (RFC 8305) implementation * File system permissions fix to clamp down permissions in a small time window when copying files (CVE-2019-12450) --------------------------------------------------------------------------------ChangeLog: * Tue Jun 11 2019 Kalev Lember - 2.60.4-1 - Update to 2.60.4 * Tue May 21 2019 Kalev Lember - 2.60.3-1 - Update to 2.60.3 * Fri May 3 2019 Kalev Lember - 2.60.2-1 - Update to 2.60.2 --------------------------------------------------------------------------------References: [ 1 ] Bug #1719141 - CVE-2019-12450 glib2: file_copy_fallback in gio/gfile.c in GNOME GLib does not properly restrict file permissions while a copy operation is in progress https://bugzilla.redhat.com/show_bug.cgi?id=1719141 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-c18d2bd1bd' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ . Resolved several bugs in glib2 for Fedora 30, enhancing connectivity status detection and adjusting file access permissions.. Fedora Glib2 Security Update, File Permissions Fix, Network Status Detection. . Severity: Important. LinuxSecurity.com Team

Jun 17, 2019 •Important Fedora