SUSE-SU-2023:3535-1 -- SLES glib2, libgthread-2_0-0, libglib-2_0-0, libgio-2_0-0, libgmodule-2_0-0, libgobject-2_0-0ID: oval:org.secpod.oval:def:89049360 | Date: (C)2023-11-17 (M)2024-04-29 |
Class: PATCH | Family: unix |
This update for glib2 fixes the following issues: * CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files. * CVE-2023-32665: Fixed GVariant deserialisation which does not match spec for non-normal data. * CVE-2023-32643: Fixed a heap-buffer-overflow in g_variant_serialised_get_child. * CVE-2023-29499: Fixed GVariant offset table entry size which is not checked in is_normal. * CVE-2023-32636: Fixed a wrong timeout in fuzz_variant_text. * CVE-2023-32611: Fixed an issue where g_variant_byteswap can take a long time with some non-normal inputs
Platform: |
SUSE Linux Enterprise Server 15 SP1 |
Product: |
glib2 |
libgthread-2_0-0 |
libglib-2_0-0 |
libgio-2_0-0 |
libgmodule-2_0-0 |
libgobject-2_0-0 |