SUSE-SU-2023:3535-1 -- SLES glib2, libgthread-2_0-0, libglib-2_0-0, libgio-2_0-0, libgmodule-2_0-0, libgobject-2_0-0| ID: oval:org.secpod.oval:def:89049360 | Date: (C)2023-11-17 (M)2024-04-29 |
| Class: PATCH | Family: unix |
This update for glib2 fixes the following issues: * CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files. * CVE-2023-32665: Fixed GVariant deserialisation which does not match spec for non-normal data. * CVE-2023-32643: Fixed a heap-buffer-overflow in g_variant_serialised_get_child. * CVE-2023-29499: Fixed GVariant offset table entry size which is not checked in is_normal. * CVE-2023-32636: Fixed a wrong timeout in fuzz_variant_text. * CVE-2023-32611: Fixed an issue where g_variant_byteswap can take a long time with some non-normal inputs
| Platform: |
| SUSE Linux Enterprise Server 15 SP1 |
| Product: |
| glib2 |
| libgthread-2_0-0 |
| libglib-2_0-0 |
| libgio-2_0-0 |
| libgmodule-2_0-0 |
| libgobject-2_0-0 |
