Security update for glib2 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2019:1596-1 Final 1 1 2019-06-21T08:18:06Z current 2019-06-21T08:18:06Z 2019-06-21T08:18:06Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for glib2 This update for glib2 fixes the following issues: Security issues fixed: - CVE-2019-12450: Fixed an improper file permission when copy operation takes place (bsc#1137001). - CVE-2018-16428: Avoid a NULL pointer dereference (bsc#1107121). - CVE-2018-16429: Fixed out-of-bounds read vulnerability ing_markup_parse_context_parse() (bsc#1107116). - Some exploitable parser bugs in GVariant and GDBus subsystems were fixed (bsc#1111499). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2019-1596,SUSE-SLE-SERVER-12-2019-1596,SUSE-SLE-SERVER-12-SP1-2019-1596 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2019/suse-su-20191596-1/ Link for SUSE-SU-2019:1596-1 https://lists.suse.com/pipermail/sle-security-updates/2019-June/005611.html E-Mail link for SUSE-SU-2019:1596-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1107116 SUSE Bug 1107116 https://bugzilla.suse.com/1107121 SUSE Bug 1107121 https://bugzilla.suse.com/1111499 SUSE Bug 1111499 https://bugzilla.suse.com/1137001 SUSE Bug 1137001 https://www.suse.com/security/cve/CVE-2018-16428/ SUSE CVE CVE-2018-16428 page https://www.suse.com/security/cve/CVE-2018-16429/ SUSE CVE CVE-2018-16429 page https://www.suse.com/security/cve/CVE-2019-12450/ SUSE CVE CVE-2019-12450 page SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12-LTSS gio-branding-upstream-2.38.2-7.9.2 glib2-devel-2.38.2-7.9.2 glib2-devel-32bit-2.38.2-7.9.2 glib2-devel-64bit-2.38.2-7.9.2 glib2-devel-static-2.38.2-7.9.2 glib2-lang-2.38.2-7.9.2 glib2-tools-2.38.2-7.9.2 glib2-tools-32bit-2.38.2-7.9.2 glib2-tools-64bit-2.38.2-7.9.2 libgio-2_0-0-2.38.2-7.9.2 libgio-2_0-0-32bit-2.38.2-7.9.2 libgio-2_0-0-64bit-2.38.2-7.9.2 libgio-fam-2.38.2-7.9.2 libgio-fam-32bit-2.38.2-7.9.2 libgio-fam-64bit-2.38.2-7.9.2 libglib-2_0-0-2.38.2-7.9.2 libglib-2_0-0-32bit-2.38.2-7.9.2 libglib-2_0-0-64bit-2.38.2-7.9.2 libgmodule-2_0-0-2.38.2-7.9.2 libgmodule-2_0-0-32bit-2.38.2-7.9.2 libgmodule-2_0-0-64bit-2.38.2-7.9.2 libgobject-2_0-0-2.38.2-7.9.2 libgobject-2_0-0-32bit-2.38.2-7.9.2 libgobject-2_0-0-64bit-2.38.2-7.9.2 libgthread-2_0-0-2.38.2-7.9.2 libgthread-2_0-0-32bit-2.38.2-7.9.2 libgthread-2_0-0-64bit-2.38.2-7.9.2 glib2-lang-2.38.2-7.9.2 as a component of SUSE Linux Enterprise Server 12 SP1-LTSS glib2-tools-2.38.2-7.9.2 as a component of SUSE Linux Enterprise Server 12 SP1-LTSS libgio-2_0-0-2.38.2-7.9.2 as a component of SUSE Linux Enterprise Server 12 SP1-LTSS libgio-2_0-0-32bit-2.38.2-7.9.2 as a component of SUSE Linux Enterprise Server 12 SP1-LTSS libglib-2_0-0-2.38.2-7.9.2 as a component of SUSE Linux Enterprise Server 12 SP1-LTSS libglib-2_0-0-32bit-2.38.2-7.9.2 as a component of SUSE Linux Enterprise Server 12 SP1-LTSS libgmodule-2_0-0-2.38.2-7.9.2 as a component of SUSE Linux Enterprise Server 12 SP1-LTSS libgmodule-2_0-0-32bit-2.38.2-7.9.2 as a component of SUSE Linux Enterprise Server 12 SP1-LTSS libgobject-2_0-0-2.38.2-7.9.2 as a component of SUSE Linux Enterprise Server 12 SP1-LTSS libgobject-2_0-0-32bit-2.38.2-7.9.2 as a component of SUSE Linux Enterprise Server 12 SP1-LTSS libgthread-2_0-0-2.38.2-7.9.2 as a component of SUSE Linux Enterprise Server 12 SP1-LTSS libgthread-2_0-0-32bit-2.38.2-7.9.2 as a component of SUSE Linux Enterprise Server 12 SP1-LTSS glib2-lang-2.38.2-7.9.2 as a component of SUSE Linux Enterprise Server 12-LTSS glib2-tools-2.38.2-7.9.2 as a component of SUSE Linux Enterprise Server 12-LTSS libgio-2_0-0-2.38.2-7.9.2 as a component of SUSE Linux Enterprise Server 12-LTSS libgio-2_0-0-32bit-2.38.2-7.9.2 as a component of SUSE Linux Enterprise Server 12-LTSS libglib-2_0-0-2.38.2-7.9.2 as a component of SUSE Linux Enterprise Server 12-LTSS libglib-2_0-0-32bit-2.38.2-7.9.2 as a component of SUSE Linux Enterprise Server 12-LTSS libgmodule-2_0-0-2.38.2-7.9.2 as a component of SUSE Linux Enterprise Server 12-LTSS libgmodule-2_0-0-32bit-2.38.2-7.9.2 as a component of SUSE Linux Enterprise Server 12-LTSS libgobject-2_0-0-2.38.2-7.9.2 as a component of SUSE Linux Enterprise Server 12-LTSS libgobject-2_0-0-32bit-2.38.2-7.9.2 as a component of SUSE Linux Enterprise Server 12-LTSS libgthread-2_0-0-2.38.2-7.9.2 as a component of SUSE Linux Enterprise Server 12-LTSS libgthread-2_0-0-32bit-2.38.2-7.9.2 as a component of SUSE Linux Enterprise Server 12-LTSS In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmarkup.c has a NULL pointer dereference. CVE-2018-16428 SUSE Linux Enterprise Server 12 SP1-LTSS:glib2-lang-2.38.2-7.9.2 SUSE Linux Enterprise Server 12 SP1-LTSS:glib2-tools-2.38.2-7.9.2 SUSE Linux Enterprise Server 12 SP1-LTSS:libgio-2_0-0-2.38.2-7.9.2 SUSE Linux Enterprise Server 12 SP1-LTSS:libgio-2_0-0-32bit-2.38.2-7.9.2 SUSE Linux Enterprise Server 12 SP1-LTSS:libglib-2_0-0-2.38.2-7.9.2 SUSE Linux Enterprise Server 12 SP1-LTSS:libglib-2_0-0-32bit-2.38.2-7.9.2 SUSE Linux Enterprise Server 12 SP1-LTSS:libgmodule-2_0-0-2.38.2-7.9.2 SUSE Linux Enterprise Server 12 SP1-LTSS:libgmodule-2_0-0-32bit-2.38.2-7.9.2 SUSE Linux Enterprise Server 12 SP1-LTSS:libgobject-2_0-0-2.38.2-7.9.2 SUSE Linux Enterprise Server 12 SP1-LTSS:libgobject-2_0-0-32bit-2.38.2-7.9.2 SUSE Linux Enterprise Server 12 SP1-LTSS:libgthread-2_0-0-2.38.2-7.9.2 SUSE Linux Enterprise Server 12 SP1-LTSS:libgthread-2_0-0-32bit-2.38.2-7.9.2 SUSE Linux Enterprise Server 12-LTSS:glib2-lang-2.38.2-7.9.2 SUSE Linux Enterprise Server 12-LTSS:glib2-tools-2.38.2-7.9.2 SUSE Linux Enterprise Server 12-LTSS:libgio-2_0-0-2.38.2-7.9.2 SUSE Linux Enterprise Server 12-LTSS:libgio-2_0-0-32bit-2.38.2-7.9.2 SUSE Linux Enterprise Server 12-LTSS:libglib-2_0-0-2.38.2-7.9.2 SUSE Linux Enterprise Server 12-LTSS:libglib-2_0-0-32bit-2.38.2-7.9.2 SUSE Linux Enterprise Server 12-LTSS:libgmodule-2_0-0-2.38.2-7.9.2 SUSE Linux Enterprise Server 12-LTSS:libgmodule-2_0-0-32bit-2.38.2-7.9.2 SUSE Linux Enterprise Server 12-LTSS:libgobject-2_0-0-2.38.2-7.9.2 SUSE Linux Enterprise Server 12-LTSS:libgobject-2_0-0-32bit-2.38.2-7.9.2 SUSE Linux Enterprise Server 12-LTSS:libgthread-2_0-0-2.38.2-7.9.2 SUSE Linux Enterprise Server 12-LTSS:libgthread-2_0-0-32bit-2.38.2-7.9.2 low 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2019/suse-su-20191596-1/ https://www.suse.com/security/cve/CVE-2018-16428.html CVE-2018-16428 https://bugzilla.suse.com/1107121 SUSE Bug 1107121 GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c, related to utf8_str(). CVE-2018-16429 SUSE Linux Enterprise Server 12 SP1-LTSS:glib2-lang-2.38.2-7.9.2 SUSE Linux Enterprise Server 12 SP1-LTSS:glib2-tools-2.38.2-7.9.2 SUSE Linux Enterprise Server 12 SP1-LTSS:libgio-2_0-0-2.38.2-7.9.2 SUSE Linux Enterprise Server 12 SP1-LTSS:libgio-2_0-0-32bit-2.38.2-7.9.2 SUSE Linux Enterprise Server 12 SP1-LTSS:libglib-2_0-0-2.38.2-7.9.2 SUSE Linux Enterprise Server 12 SP1-LTSS:libglib-2_0-0-32bit-2.38.2-7.9.2 SUSE Linux Enterprise Server 12 SP1-LTSS:libgmodule-2_0-0-2.38.2-7.9.2 SUSE Linux Enterprise Server 12 SP1-LTSS:libgmodule-2_0-0-32bit-2.38.2-7.9.2 SUSE Linux Enterprise Server 12 SP1-LTSS:libgobject-2_0-0-2.38.2-7.9.2 SUSE Linux Enterprise Server 12 SP1-LTSS:libgobject-2_0-0-32bit-2.38.2-7.9.2 SUSE Linux Enterprise Server 12 SP1-LTSS:libgthread-2_0-0-2.38.2-7.9.2 SUSE Linux Enterprise Server 12 SP1-LTSS:libgthread-2_0-0-32bit-2.38.2-7.9.2 SUSE Linux Enterprise Server 12-LTSS:glib2-lang-2.38.2-7.9.2 SUSE Linux Enterprise Server 12-LTSS:glib2-tools-2.38.2-7.9.2 SUSE Linux Enterprise Server 12-LTSS:libgio-2_0-0-2.38.2-7.9.2 SUSE Linux Enterprise Server 12-LTSS:libgio-2_0-0-32bit-2.38.2-7.9.2 SUSE Linux Enterprise Server 12-LTSS:libglib-2_0-0-2.38.2-7.9.2 SUSE Linux Enterprise Server 12-LTSS:libglib-2_0-0-32bit-2.38.2-7.9.2 SUSE Linux Enterprise Server 12-LTSS:libgmodule-2_0-0-2.38.2-7.9.2 SUSE Linux Enterprise Server 12-LTSS:libgmodule-2_0-0-32bit-2.38.2-7.9.2 SUSE Linux Enterprise Server 12-LTSS:libgobject-2_0-0-2.38.2-7.9.2 SUSE Linux Enterprise Server 12-LTSS:libgobject-2_0-0-32bit-2.38.2-7.9.2 SUSE Linux Enterprise Server 12-LTSS:libgthread-2_0-0-2.38.2-7.9.2 SUSE Linux Enterprise Server 12-LTSS:libgthread-2_0-0-32bit-2.38.2-7.9.2 low 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2019/suse-su-20191596-1/ https://www.suse.com/security/cve/CVE-2018-16429.html CVE-2018-16429 https://bugzilla.suse.com/1107116 SUSE Bug 1107116 file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used. CVE-2019-12450 SUSE Linux Enterprise Server 12 SP1-LTSS:glib2-lang-2.38.2-7.9.2 SUSE Linux Enterprise Server 12 SP1-LTSS:glib2-tools-2.38.2-7.9.2 SUSE Linux Enterprise Server 12 SP1-LTSS:libgio-2_0-0-2.38.2-7.9.2 SUSE Linux Enterprise Server 12 SP1-LTSS:libgio-2_0-0-32bit-2.38.2-7.9.2 SUSE Linux Enterprise Server 12 SP1-LTSS:libglib-2_0-0-2.38.2-7.9.2 SUSE Linux Enterprise Server 12 SP1-LTSS:libglib-2_0-0-32bit-2.38.2-7.9.2 SUSE Linux Enterprise Server 12 SP1-LTSS:libgmodule-2_0-0-2.38.2-7.9.2 SUSE Linux Enterprise Server 12 SP1-LTSS:libgmodule-2_0-0-32bit-2.38.2-7.9.2 SUSE Linux Enterprise Server 12 SP1-LTSS:libgobject-2_0-0-2.38.2-7.9.2 SUSE Linux Enterprise Server 12 SP1-LTSS:libgobject-2_0-0-32bit-2.38.2-7.9.2 SUSE Linux Enterprise Server 12 SP1-LTSS:libgthread-2_0-0-2.38.2-7.9.2 SUSE Linux Enterprise Server 12 SP1-LTSS:libgthread-2_0-0-32bit-2.38.2-7.9.2 SUSE Linux Enterprise Server 12-LTSS:glib2-lang-2.38.2-7.9.2 SUSE Linux Enterprise Server 12-LTSS:glib2-tools-2.38.2-7.9.2 SUSE Linux Enterprise Server 12-LTSS:libgio-2_0-0-2.38.2-7.9.2 SUSE Linux Enterprise Server 12-LTSS:libgio-2_0-0-32bit-2.38.2-7.9.2 SUSE Linux Enterprise Server 12-LTSS:libglib-2_0-0-2.38.2-7.9.2 SUSE Linux Enterprise Server 12-LTSS:libglib-2_0-0-32bit-2.38.2-7.9.2 SUSE Linux Enterprise Server 12-LTSS:libgmodule-2_0-0-2.38.2-7.9.2 SUSE Linux Enterprise Server 12-LTSS:libgmodule-2_0-0-32bit-2.38.2-7.9.2 SUSE Linux Enterprise Server 12-LTSS:libgobject-2_0-0-2.38.2-7.9.2 SUSE Linux Enterprise Server 12-LTSS:libgobject-2_0-0-32bit-2.38.2-7.9.2 SUSE Linux Enterprise Server 12-LTSS:libgthread-2_0-0-2.38.2-7.9.2 SUSE Linux Enterprise Server 12-LTSS:libgthread-2_0-0-32bit-2.38.2-7.9.2 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2019/suse-su-20191596-1/ https://www.suse.com/security/cve/CVE-2019-12450.html CVE-2019-12450 https://bugzilla.suse.com/1137001 SUSE Bug 1137001 https://bugzilla.suse.com/1139959 SUSE Bug 1139959 https://bugzilla.suse.com/1142126 SUSE Bug 1142126