gio-branding-upstream-2.50.2-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10473-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z gio-branding-upstream-2.50.2-1.1 on GA media These are all security issues fixed in the gio-branding-upstream-2.50.2-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10473 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2008-4316/ SUSE CVE CVE-2008-4316 page https://www.suse.com/security/cve/CVE-2012-3524/ SUSE CVE CVE-2012-3524 page openSUSE Tumbleweed gio-branding-upstream-2.50.2-1.1 glib2-devel-2.50.2-1.1 glib2-devel-32bit-2.50.2-1.1 glib2-devel-static-2.50.2-1.1 glib2-lang-2.50.2-1.1 glib2-tools-2.50.2-1.1 glib2-tools-32bit-2.50.2-1.1 libgio-2_0-0-2.50.2-1.1 libgio-2_0-0-32bit-2.50.2-1.1 libgio-fam-2.50.2-1.1 libgio-fam-32bit-2.50.2-1.1 libglib-2_0-0-2.50.2-1.1 libglib-2_0-0-32bit-2.50.2-1.1 libgmodule-2_0-0-2.50.2-1.1 libgmodule-2_0-0-32bit-2.50.2-1.1 libgobject-2_0-0-2.50.2-1.1 libgobject-2_0-0-32bit-2.50.2-1.1 libgthread-2_0-0-2.50.2-1.1 libgthread-2_0-0-32bit-2.50.2-1.1 gio-branding-upstream-2.50.2-1.1 as a component of openSUSE Tumbleweed glib2-devel-2.50.2-1.1 as a component of openSUSE Tumbleweed glib2-devel-32bit-2.50.2-1.1 as a component of openSUSE Tumbleweed glib2-devel-static-2.50.2-1.1 as a component of openSUSE Tumbleweed glib2-lang-2.50.2-1.1 as a component of openSUSE Tumbleweed glib2-tools-2.50.2-1.1 as a component of openSUSE Tumbleweed glib2-tools-32bit-2.50.2-1.1 as a component of openSUSE Tumbleweed libgio-2_0-0-2.50.2-1.1 as a component of openSUSE Tumbleweed libgio-2_0-0-32bit-2.50.2-1.1 as a component of openSUSE Tumbleweed libgio-fam-2.50.2-1.1 as a component of openSUSE Tumbleweed libgio-fam-32bit-2.50.2-1.1 as a component of openSUSE Tumbleweed libglib-2_0-0-2.50.2-1.1 as a component of openSUSE Tumbleweed libglib-2_0-0-32bit-2.50.2-1.1 as a component of openSUSE Tumbleweed libgmodule-2_0-0-2.50.2-1.1 as a component of openSUSE Tumbleweed libgmodule-2_0-0-32bit-2.50.2-1.1 as a component of openSUSE Tumbleweed libgobject-2_0-0-2.50.2-1.1 as a component of openSUSE Tumbleweed libgobject-2_0-0-32bit-2.50.2-1.1 as a component of openSUSE Tumbleweed libgthread-2_0-0-2.50.2-1.1 as a component of openSUSE Tumbleweed libgthread-2_0-0-32bit-2.50.2-1.1 as a component of openSUSE Tumbleweed Multiple integer overflows in glib/gbase64.c in GLib before 2.20 allow context-dependent attackers to execute arbitrary code via a long string that is converted either (1) from or (2) to a base64 representation. CVE-2008-4316 openSUSE Tumbleweed:gio-branding-upstream-2.50.2-1.1 openSUSE Tumbleweed:glib2-devel-2.50.2-1.1 openSUSE Tumbleweed:glib2-devel-32bit-2.50.2-1.1 openSUSE Tumbleweed:glib2-devel-static-2.50.2-1.1 openSUSE Tumbleweed:glib2-lang-2.50.2-1.1 openSUSE Tumbleweed:glib2-tools-2.50.2-1.1 openSUSE Tumbleweed:glib2-tools-32bit-2.50.2-1.1 openSUSE Tumbleweed:libgio-2_0-0-2.50.2-1.1 openSUSE Tumbleweed:libgio-2_0-0-32bit-2.50.2-1.1 openSUSE Tumbleweed:libgio-fam-2.50.2-1.1 openSUSE Tumbleweed:libgio-fam-32bit-2.50.2-1.1 openSUSE Tumbleweed:libglib-2_0-0-2.50.2-1.1 openSUSE Tumbleweed:libglib-2_0-0-32bit-2.50.2-1.1 openSUSE Tumbleweed:libgmodule-2_0-0-2.50.2-1.1 openSUSE Tumbleweed:libgmodule-2_0-0-32bit-2.50.2-1.1 openSUSE Tumbleweed:libgobject-2_0-0-2.50.2-1.1 openSUSE Tumbleweed:libgobject-2_0-0-32bit-2.50.2-1.1 openSUSE Tumbleweed:libgthread-2_0-0-2.50.2-1.1 openSUSE Tumbleweed:libgthread-2_0-0-32bit-2.50.2-1.1 moderate 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2008-4316.html CVE-2008-4316 https://bugzilla.suse.com/382708 SUSE Bug 382708 https://bugzilla.suse.com/449927 SUSE Bug 449927 https://bugzilla.suse.com/475541 SUSE Bug 475541 libdbus 1.5.x and earlier, when used in setuid or other privileged programs in X.org and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. NOTE: libdbus maintainers state that this is a vulnerability in the applications that do not cleanse environment variables, not in libdbus itself: "we do not support use of libdbus in setuid binaries that do not sanitize their environment before their first call into libdbus." CVE-2012-3524 openSUSE Tumbleweed:gio-branding-upstream-2.50.2-1.1 openSUSE Tumbleweed:glib2-devel-2.50.2-1.1 openSUSE Tumbleweed:glib2-devel-32bit-2.50.2-1.1 openSUSE Tumbleweed:glib2-devel-static-2.50.2-1.1 openSUSE Tumbleweed:glib2-lang-2.50.2-1.1 openSUSE Tumbleweed:glib2-tools-2.50.2-1.1 openSUSE Tumbleweed:glib2-tools-32bit-2.50.2-1.1 openSUSE Tumbleweed:libgio-2_0-0-2.50.2-1.1 openSUSE Tumbleweed:libgio-2_0-0-32bit-2.50.2-1.1 openSUSE Tumbleweed:libgio-fam-2.50.2-1.1 openSUSE Tumbleweed:libgio-fam-32bit-2.50.2-1.1 openSUSE Tumbleweed:libglib-2_0-0-2.50.2-1.1 openSUSE Tumbleweed:libglib-2_0-0-32bit-2.50.2-1.1 openSUSE Tumbleweed:libgmodule-2_0-0-2.50.2-1.1 openSUSE Tumbleweed:libgmodule-2_0-0-32bit-2.50.2-1.1 openSUSE Tumbleweed:libgobject-2_0-0-2.50.2-1.1 openSUSE Tumbleweed:libgobject-2_0-0-32bit-2.50.2-1.1 openSUSE Tumbleweed:libgthread-2_0-0-2.50.2-1.1 openSUSE Tumbleweed:libgthread-2_0-0-32bit-2.50.2-1.1 moderate 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-3524.html CVE-2012-3524 https://bugzilla.suse.com/697105 SUSE Bug 697105 https://bugzilla.suse.com/852781 SUSE Bug 852781 https://bugzilla.suse.com/912016 SUSE Bug 912016