mingw-glib2-2.66.7-2.el8

エラータID: AXSA:2021-2771:01

Release date: 
Tuesday, December 14, 2021 - 14:12
Subject: 
mingw-glib2-2.66.7-2.el8
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

GLib provides the core application building blocks for libraries and
applications written in C. It provides the core object system used in GNOME, the
main loop implementation, and a large set of utility functions for strings and
common data structures.

The following packages have been upgraded to a later upstream version:
mingw-glib2 (2.66.7).

Security Fix(es):

* glib: integer overflow in g_bytes_new function on 64-bit platforms due to an
implicit cast from 64 bits to 32 bits (CVE-2021-27219)
* glib: integer overflow in g_byte_array_new_take function when called with a
buffer of 4GB or more on a 64-bit platform (CVE-2021-27218)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

CVE-2021-27218
An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If
g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit
platform, the length would be truncated modulo 2**32, causing unintended length
truncation.
CVE-2021-27219
An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3.
The function g_bytes_new has an integer overflow on 64-bit platforms due to an
implicit cast from 64 bits to 32 bits. The overflow could potentially lead to
memory corruption.

Solution: 

Update packages.

CVEs: 
CVE-2021-27218
An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation.
CVE-2021-27219
An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption.
Additional Info: 

N/A

Download: 

SRPMS
  1. mingw-glib2-2.66.7-2.el8.src.rpm
    MD5: 82e74bd89704487164587ea7575224db
    SHA-256: 7ff563e26930273d070aa921462e53b546f0f04e0a1df7e11653de3c1eba6d5f
    Size: 4.65 MB

Asianux Server 8 for x86_64
  1. mingw32-glib2-2.66.7-2.el8.noarch.rpm
    MD5: fa4b4f2bed4db53940fe3106b7b50834
    SHA-256: 385ac7fbd0e95d24bb72e609a240c2ff393cbd2034e6b040cb9c16ed313b342c
    Size: 2.90 MB
  2. mingw32-glib2-static-2.66.7-2.el8.noarch.rpm
    MD5: 952ac26524b86c43d3412e5bfbc31464
    SHA-256: 00129d5dcb69eb13448ccca6646b4f90d2f17103ca5a23e9032deff57a4bf9de
    Size: 1.17 MB
  3. mingw64-glib2-2.66.7-2.el8.noarch.rpm
    MD5: 2d109aec45f94092f9bdfa2c129bee95
    SHA-256: 237f705127f365c4c6a4f8db6785afd5835845f7156ff4fce3449af377cc6899
    Size: 2.94 MB
  4. mingw64-glib2-static-2.66.7-2.el8.noarch.rpm
    MD5: 6119763e8e361bc81d8542c1817b8d48
    SHA-256: 8a367a785e2a5c75f2d2b4817bc99604998f4dd9ae9a11d9343a34799a639643
    Size: 1.28 MB