glib2-2.56.4-156.el8
エラータID: AXSA:2021-2834:05
GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures.
Security Fix(es):
* glib2: Possible privilege escalation thourgh pkexec and aliases (CVE-2021-3800)
* glib: g_file_replace() with G_FILE_CREATE_REPLACE_DESTINATION creates empty target for dangling symlink (CVE-2021-28153)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2021-28153
An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is attacker-controlled. (If the path is a symlink to a file that already exists, then the contents of that file correctly remain unchanged.)
CVE-2021-3800
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Update packages.
An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is attacker-controlled. (If the path is a symlink to a file that already exists, then the contents of that file correctly remain unchanged.)
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
N/A
SRPMS
- glib2-2.56.4-156.el8.src.rpm
MD5: f448557b2776dfe62c34bd33acf3843c
SHA-256: 754be117c7677fd431a0ef89f5e6d1448c0311cb0bc8b99fd694a4c1c9d7691b
Size: 6.78 MB
Asianux Server 8 for x86_64
- glib2-2.56.4-156.el8.x86_64.rpm
MD5: 6cad46b94b38248944eea87036b84f7d
SHA-256: 6fe3095861449ccb4e553548913f4ad472ef3c8c276775cc1d4edd0fac053a82
Size: 2.49 MB - glib2-devel-2.56.4-156.el8.x86_64.rpm
MD5: 41df3f386fbde0ab730b44208161061a
SHA-256: 45674666ec5aafa28e177b2cf5cd0f0e1a9fda5f13f4ab2d6cae0776219faa25
Size: 423.15 kB - glib2-doc-2.56.4-156.el8.noarch.rpm
MD5: 1ac25719ac099d1ab1ce90924d516ea5
SHA-256: 4c48b58e46cf00d73102fbf4b51a7c21c8a9bc8d08e20d8449b22855e6dc5ab4
Size: 1.57 MB - glib2-fam-2.56.4-156.el8.x86_64.rpm
MD5: 1744e1c8261ed058c86ea35a0c957372
SHA-256: 14a6bcf6cf84cbde3254c74176b40b25940b13a9c46dce32e4c985a067ea8629
Size: 13.06 kB - glib2-static-2.56.4-156.el8.x86_64.rpm
MD5: c8c2092262871af2d9f3c58803623184
SHA-256: 277cd43ab046beceedcf90eb8617b1350bb02f528d5589822664fc78f3f48484
Size: 1.51 MB - glib2-tests-2.56.4-156.el8.x86_64.rpm
MD5: 0f848a0e22122670d61bbbdcb4bbe0a1
SHA-256: 36450223961f450b35ea7fd9958ad96ef9b40a1d77dbeafdb968e390fd9b7534
Size: 1.77 MB - glib2-2.56.4-156.el8.i686.rpm
MD5: 774a5dd79032773341a4cbbc61ead440
SHA-256: 7293226ce46b93d1f416067965cb74fe0f0665824bee355cc170a9822c3a6f62
Size: 2.58 MB - glib2-devel-2.56.4-156.el8.i686.rpm
MD5: 6fa7e1c71a488d8ffba99bdcbe9a6f66
SHA-256: e1472687d883c872f69f4419f464f8b029b8e65bff5dd0218027159dd02fcef2
Size: 424.81 kB - glib2-static-2.56.4-156.el8.i686.rpm
MD5: 0c5fc1f484c6802f30d327246df4bf95
SHA-256: 79a56588827dd3bc0185cbcd315047318b1b7e7b262eee33152be0ace99e8eaf
Size: 1.66 MB
日本語