glib2-2.68.4-11.el9

エラータID: AXSA:2023-6826:03

Release date: 
Friday, December 8, 2023 - 09:05
Subject: 
glib2-2.68.4-11.el9
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Low
Description: 

GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures.

Security Fix(es):

* glib: GVariant offset table entry size is not checked in is_normal() (CVE-2023-29499)
* glib: g_variant_byteswap() can take a long time with some non-normal inputs (CVE-2023-32611)
* glib: GVariant deserialisation does not match spec for non-normal data (CVE-2023-32665)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the MIRACLE LINUX 9.3 Release Notes linked from the References section.

CVE-2023-29499
A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.
CVE-2023-32611
A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.
CVE-2023-32665
A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.

Solution: 

Update packages.

CVEs: 
CVE-2023-29499
A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.
CVE-2023-32611
A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.
CVE-2023-32665
A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.
Additional Info: 

N/A

Download: 

SRPMS
  1. glib2-2.68.4-11.el9.src.rpm
    MD5: 58ce87a5464f8afc326a0327207feced
    SHA-256: cb8d0cd2d47c732ad360ca0b3732c404379c5b159b338023b21847ef7a38fbbc
    Size: 4.80 MB

Asianux Server 9 for x86_64
  1. glib2-2.68.4-11.el9.i686.rpm
    MD5: 55c7a162bd4d5dfcffa1098f8b23b961
    SHA-256: d62b4bf1886142b5aeeb6c31c8cf3c0d211fe180b55b7e7e904b1dbe2c364aee
    Size: 2.69 MB
  2. glib2-2.68.4-11.el9.x86_64.rpm
    MD5: f63337f28a91d5df428ce512ce1543ed
    SHA-256: 2eb38ff5405b50a823795f3b422e10e2cccde214351752f1483e7e7dda48d081
    Size: 2.61 MB
  3. glib2-devel-2.68.4-11.el9.i686.rpm
    MD5: 80b70d5473f99320ec67d311e5eb4c65
    SHA-256: 3362f5c67c99bde66a7e47ee4c1fae191c5544e76cb556a8eec764dde6f2b190
    Size: 471.59 kB
  4. glib2-devel-2.68.4-11.el9.x86_64.rpm
    MD5: c90712f54ae78bb4f1d9670b8e23009f
    SHA-256: cf96e1c31ffb0a5e56adfbb14de970eebbf14127a146e9b6d317dd538d26b8a7
    Size: 470.19 kB
  5. glib2-doc-2.68.4-11.el9.noarch.rpm
    MD5: 52f5e2be7f450c9fa9f12c95210a5323
    SHA-256: 55483c7fee536d274cdc38e8d55570701eaeb89f68d29629274730fe7b158427
    Size: 1.39 MB
  6. glib2-static-2.68.4-11.el9.i686.rpm
    MD5: ac21fbf55b01ea81b01c8f419b099d3c
    SHA-256: 07ab899e7dda0ff8354ee62f75699cda78369cde8016e62c7c44af8b584f2d23
    Size: 1.75 MB
  7. glib2-static-2.68.4-11.el9.x86_64.rpm
    MD5: 77a9fcb3f178e0d0e2227ff4397abb73
    SHA-256: 7175ce907daabe2b67a007b45fb1bd18591743a7ee43d22f0c13a76031e92049
    Size: 1.62 MB
  8. glib2-tests-2.68.4-11.el9.x86_64.rpm
    MD5: 9ce2c127588267c1ba35e432173a2cc8
    SHA-256: eca73d1e457038abeaf0036f74560df4f5cc3a6cd75c5cadbab58d892886e4da
    Size: 1.76 MB