Security update for glib2 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2019:14102-1 Final 1 1 2019-06-24T09:14:33Z current 2019-06-24T09:14:33Z 2019-06-24T09:14:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for glib2 This update for glib2 fixes the following issues: Security issue fixed: - CVE-2019-12450: Fixed an improper file permission when copy operation takes place (bsc#1137001). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). sleposp3-glib2-14102,slessp4-glib2-14102 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2019/suse-su-201914102-1/ Link for SUSE-SU-2019:14102-1 https://lists.suse.com/pipermail/sle-security-updates/2019-June/005625.html E-Mail link for SUSE-SU-2019:14102-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1137001 SUSE Bug 1137001 https://www.suse.com/security/cve/CVE-2019-12450/ SUSE CVE CVE-2019-12450 page SUSE Linux Enterprise Point of Sale 11 SP3 SUSE Linux Enterprise Server 11 SP4-LTSS glib2-2.22.5-0.8.39.1 glib2-doc-2.22.5-0.8.39.1 glib2-lang-2.22.5-0.8.39.1 libgio-2_0-0-2.22.5-0.8.39.1 libglib-2_0-0-2.22.5-0.8.39.1 libgmodule-2_0-0-2.22.5-0.8.39.1 libgobject-2_0-0-2.22.5-0.8.39.1 libgthread-2_0-0-2.22.5-0.8.39.1 libgio-2_0-0-32bit-2.22.5-0.8.39.1 libglib-2_0-0-32bit-2.22.5-0.8.39.1 libgmodule-2_0-0-32bit-2.22.5-0.8.39.1 libgobject-2_0-0-32bit-2.22.5-0.8.39.1 libgthread-2_0-0-32bit-2.22.5-0.8.39.1 glib2-2.22.5-0.8.39.1 as a component of SUSE Linux Enterprise Point of Sale 11 SP3 glib2-doc-2.22.5-0.8.39.1 as a component of SUSE Linux Enterprise Point of Sale 11 SP3 glib2-lang-2.22.5-0.8.39.1 as a component of SUSE Linux Enterprise Point of Sale 11 SP3 libgio-2_0-0-2.22.5-0.8.39.1 as a component of SUSE Linux Enterprise Point of Sale 11 SP3 libglib-2_0-0-2.22.5-0.8.39.1 as a component of SUSE Linux Enterprise Point of Sale 11 SP3 libgmodule-2_0-0-2.22.5-0.8.39.1 as a component of SUSE Linux Enterprise Point of Sale 11 SP3 libgobject-2_0-0-2.22.5-0.8.39.1 as a component of SUSE Linux Enterprise Point of Sale 11 SP3 libgthread-2_0-0-2.22.5-0.8.39.1 as a component of SUSE Linux Enterprise Point of Sale 11 SP3 glib2-2.22.5-0.8.39.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS glib2-doc-2.22.5-0.8.39.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS glib2-lang-2.22.5-0.8.39.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS libgio-2_0-0-2.22.5-0.8.39.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS libgio-2_0-0-32bit-2.22.5-0.8.39.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS libglib-2_0-0-2.22.5-0.8.39.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS libglib-2_0-0-32bit-2.22.5-0.8.39.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS libgmodule-2_0-0-2.22.5-0.8.39.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS libgmodule-2_0-0-32bit-2.22.5-0.8.39.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS libgobject-2_0-0-2.22.5-0.8.39.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS libgobject-2_0-0-32bit-2.22.5-0.8.39.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS libgthread-2_0-0-2.22.5-0.8.39.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS libgthread-2_0-0-32bit-2.22.5-0.8.39.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used. CVE-2019-12450 SUSE Linux Enterprise Point of Sale 11 SP3:glib2-2.22.5-0.8.39.1 SUSE Linux Enterprise Point of Sale 11 SP3:glib2-doc-2.22.5-0.8.39.1 SUSE Linux Enterprise Point of Sale 11 SP3:glib2-lang-2.22.5-0.8.39.1 SUSE Linux Enterprise Point of Sale 11 SP3:libgio-2_0-0-2.22.5-0.8.39.1 SUSE Linux Enterprise Point of Sale 11 SP3:libglib-2_0-0-2.22.5-0.8.39.1 SUSE Linux Enterprise Point of Sale 11 SP3:libgmodule-2_0-0-2.22.5-0.8.39.1 SUSE Linux Enterprise Point of Sale 11 SP3:libgobject-2_0-0-2.22.5-0.8.39.1 SUSE Linux Enterprise Point of Sale 11 SP3:libgthread-2_0-0-2.22.5-0.8.39.1 SUSE Linux Enterprise Server 11 SP4-LTSS:glib2-2.22.5-0.8.39.1 SUSE Linux Enterprise Server 11 SP4-LTSS:glib2-doc-2.22.5-0.8.39.1 SUSE Linux Enterprise Server 11 SP4-LTSS:glib2-lang-2.22.5-0.8.39.1 SUSE Linux Enterprise Server 11 SP4-LTSS:libgio-2_0-0-2.22.5-0.8.39.1 SUSE Linux Enterprise Server 11 SP4-LTSS:libgio-2_0-0-32bit-2.22.5-0.8.39.1 SUSE Linux Enterprise Server 11 SP4-LTSS:libglib-2_0-0-2.22.5-0.8.39.1 SUSE Linux Enterprise Server 11 SP4-LTSS:libglib-2_0-0-32bit-2.22.5-0.8.39.1 SUSE Linux Enterprise Server 11 SP4-LTSS:libgmodule-2_0-0-2.22.5-0.8.39.1 SUSE Linux Enterprise Server 11 SP4-LTSS:libgmodule-2_0-0-32bit-2.22.5-0.8.39.1 SUSE Linux Enterprise Server 11 SP4-LTSS:libgobject-2_0-0-2.22.5-0.8.39.1 SUSE Linux Enterprise Server 11 SP4-LTSS:libgobject-2_0-0-32bit-2.22.5-0.8.39.1 SUSE Linux Enterprise Server 11 SP4-LTSS:libgthread-2_0-0-2.22.5-0.8.39.1 SUSE Linux Enterprise Server 11 SP4-LTSS:libgthread-2_0-0-32bit-2.22.5-0.8.39.1 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2019/suse-su-201914102-1/ https://www.suse.com/security/cve/CVE-2019-12450.html CVE-2019-12450 https://bugzilla.suse.com/1137001 SUSE Bug 1137001 https://bugzilla.suse.com/1139959 SUSE Bug 1139959 https://bugzilla.suse.com/1142126 SUSE Bug 1142126