[Bugs] [Bug 13523] New: [CVE 21] glib 1.2.10 CVEs found

bugzilla bugzilla на rosalinux.ru
Ср Авг 23 23:19:29 MSK 2023 

https://bugzilla.rosalinux.ru/show_bug.cgi?id=13523

          Platform: 2021.1
            Bug ID: 13523
           Summary: [CVE 21] glib 1.2.10  CVEs found
    Classification: ROSA-based products
           Product: ROSA Fresh
           Version: All
          Hardware: All
               URL: CVE-2020-35457, CVE-2021-27218, CVE-2021-27219,
                    CVE-2021-28153, CVE-2021-3800,
                OS: Linux
            Status: CONFIRMED
          Severity: normal
          Priority: Normal
         Component: System (kernel, glibc, systemd, bash, PAM...)
          Assignee: bugs на lists.rosalinux.ru
          Reporter: y.tumanov на rosalinux.ru
        QA Contact: bugs на lists.rosalinux.ru
                CC: e.kosachev на rosalinux.ru, s.matveev на rosalinux.ru,
                    y.tumanov на rosalinux.ru
  Target Milestone: ---
             Flags: secteam_verified?

Please patch CVEs for package glib version 1.2.10

INFO (CVEs are): glib 1.2.10
 cves found
CVE-2020-35457
Desc: ** DISPUTED ** GNOME GLib before 2.65.3 has an integer overflow, that
might lead to an out-of-bounds write, in g_option_group_add_entries. NOTE: the
vendor's position is "Realistically this is not a security issue. The standard
pattern is for callers to provide a static list of option entries in a fixed
number of calls to g_option_group_add_entries()." The researcher states that
this pattern is undocumented.
Link: https://nvd.nist.gov/vuln/detail/CVE-2020-35457
Severity: HIGH
CVE-2021-27218
Desc: An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before
2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a
64-bit platform, the length would be truncated modulo 2**32, causing unintended
length truncation.
Link: https://nvd.nist.gov/vuln/detail/CVE-2021-27218
Severity: HIGH
CVE-2021-27219
Desc: An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before
2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms
due to an implicit cast from 64 bits to 32 bits. The overflow could potentially
lead to memory corruption.
Link: https://nvd.nist.gov/vuln/detail/CVE-2021-27219
Severity: HIGH
CVE-2021-28153
Desc: An issue was discovered in GNOME GLib before 2.66.8. When
g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a
path that is a dangling symlink, it incorrectly also creates the target of the
symlink as an empty file, which could conceivably have security relevance if
the symlink is attacker-controlled. (If the path is a symlink to a file that
already exists, then the contents of that file correctly remain unchanged.)
Link: https://nvd.nist.gov/vuln/detail/CVE-2021-28153
Severity: MEDIUM
CVE-2021-3800
Desc: A flaw was found in glib before version 2.63.6. Due to random charset
alias, pkexec can leak content from files owned by privileged users to
unprivileged ones under the right condition.
Link: https://nvd.nist.gov/vuln/detail/CVE-2021-3800
Severity: MEDIUM

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.
----------- следущая часть -----------
Вложение в формате HTML было извлечено…
URL: <http://lists.rosalinux.ru/pipermail/bugs/attachments/20230823/bbc4aa62/attachment-0001.html>

Подробная информация о списке рассылки Bugs