gio-branding-upstream-2.68.4-2.2 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10791 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z gio-branding-upstream-2.68.4-2.2 on GA media These are all security issues fixed in the gio-branding-upstream-2.68.4-2.2 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10791 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:10791 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2008-2371/ SUSE CVE CVE-2008-2371 page https://www.suse.com/security/cve/CVE-2018-16428/ SUSE CVE CVE-2018-16428 page https://www.suse.com/security/cve/CVE-2018-16429/ SUSE CVE CVE-2018-16429 page https://www.suse.com/security/cve/CVE-2019-12450/ SUSE CVE CVE-2019-12450 page https://www.suse.com/security/cve/CVE-2020-6750/ SUSE CVE CVE-2020-6750 page https://www.suse.com/security/cve/CVE-2021-27218/ SUSE CVE CVE-2021-27218 page https://www.suse.com/security/cve/CVE-2021-27219/ SUSE CVE CVE-2021-27219 page openSUSE Tumbleweed gio-branding-upstream-2.68.4-2.2 glib2-devel-2.68.4-2.2 glib2-devel-32bit-2.68.4-2.2 glib2-devel-static-2.68.4-2.2 glib2-lang-2.68.4-2.2 glib2-tests-devel-2.68.4-2.2 glib2-tools-2.68.4-2.2 glib2-tools-32bit-2.68.4-2.2 libgio-2_0-0-2.68.4-2.2 libgio-2_0-0-32bit-2.68.4-2.2 libgio-fam-2.68.4-2.2 libgio-fam-32bit-2.68.4-2.2 libglib-2_0-0-2.68.4-2.2 libglib-2_0-0-32bit-2.68.4-2.2 libgmodule-2_0-0-2.68.4-2.2 libgmodule-2_0-0-32bit-2.68.4-2.2 libgobject-2_0-0-2.68.4-2.2 libgobject-2_0-0-32bit-2.68.4-2.2 libgthread-2_0-0-2.68.4-2.2 libgthread-2_0-0-32bit-2.68.4-2.2 gio-branding-upstream-2.68.4-2.2 as a component of openSUSE Tumbleweed glib2-devel-2.68.4-2.2 as a component of openSUSE Tumbleweed glib2-devel-32bit-2.68.4-2.2 as a component of openSUSE Tumbleweed glib2-devel-static-2.68.4-2.2 as a component of openSUSE Tumbleweed glib2-lang-2.68.4-2.2 as a component of openSUSE Tumbleweed glib2-tests-devel-2.68.4-2.2 as a component of openSUSE Tumbleweed glib2-tools-2.68.4-2.2 as a component of openSUSE Tumbleweed glib2-tools-32bit-2.68.4-2.2 as a component of openSUSE Tumbleweed libgio-2_0-0-2.68.4-2.2 as a component of openSUSE Tumbleweed libgio-2_0-0-32bit-2.68.4-2.2 as a component of openSUSE Tumbleweed libgio-fam-2.68.4-2.2 as a component of openSUSE Tumbleweed libgio-fam-32bit-2.68.4-2.2 as a component of openSUSE Tumbleweed libglib-2_0-0-2.68.4-2.2 as a component of openSUSE Tumbleweed libglib-2_0-0-32bit-2.68.4-2.2 as a component of openSUSE Tumbleweed libgmodule-2_0-0-2.68.4-2.2 as a component of openSUSE Tumbleweed libgmodule-2_0-0-32bit-2.68.4-2.2 as a component of openSUSE Tumbleweed libgobject-2_0-0-2.68.4-2.2 as a component of openSUSE Tumbleweed libgobject-2_0-0-32bit-2.68.4-2.2 as a component of openSUSE Tumbleweed libgthread-2_0-0-2.68.4-2.2 as a component of openSUSE Tumbleweed libgthread-2_0-0-32bit-2.68.4-2.2 as a component of openSUSE Tumbleweed Heap-based buffer overflow in pcre_compile.c in the Perl-Compatible Regular Expression (PCRE) library 7.7 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a regular expression that begins with an option and contains multiple branches. CVE-2008-2371 openSUSE Tumbleweed:gio-branding-upstream-2.68.4-2.2 openSUSE Tumbleweed:glib2-devel-2.68.4-2.2 openSUSE Tumbleweed:glib2-devel-32bit-2.68.4-2.2 openSUSE Tumbleweed:glib2-devel-static-2.68.4-2.2 openSUSE Tumbleweed:glib2-lang-2.68.4-2.2 openSUSE Tumbleweed:glib2-tests-devel-2.68.4-2.2 openSUSE Tumbleweed:glib2-tools-2.68.4-2.2 openSUSE Tumbleweed:glib2-tools-32bit-2.68.4-2.2 openSUSE Tumbleweed:libgio-2_0-0-2.68.4-2.2 openSUSE Tumbleweed:libgio-2_0-0-32bit-2.68.4-2.2 openSUSE Tumbleweed:libgio-fam-2.68.4-2.2 openSUSE Tumbleweed:libgio-fam-32bit-2.68.4-2.2 openSUSE Tumbleweed:libglib-2_0-0-2.68.4-2.2 openSUSE Tumbleweed:libglib-2_0-0-32bit-2.68.4-2.2 openSUSE Tumbleweed:libgmodule-2_0-0-2.68.4-2.2 openSUSE Tumbleweed:libgmodule-2_0-0-32bit-2.68.4-2.2 openSUSE Tumbleweed:libgobject-2_0-0-2.68.4-2.2 openSUSE Tumbleweed:libgobject-2_0-0-32bit-2.68.4-2.2 openSUSE Tumbleweed:libgthread-2_0-0-2.68.4-2.2 openSUSE Tumbleweed:libgthread-2_0-0-32bit-2.68.4-2.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2008-2371.html CVE-2008-2371 https://bugzilla.suse.com/400013 SUSE Bug 400013 https://bugzilla.suse.com/992991 SUSE Bug 992991 In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmarkup.c has a NULL pointer dereference. CVE-2018-16428 openSUSE Tumbleweed:gio-branding-upstream-2.68.4-2.2 openSUSE Tumbleweed:glib2-devel-2.68.4-2.2 openSUSE Tumbleweed:glib2-devel-32bit-2.68.4-2.2 openSUSE Tumbleweed:glib2-devel-static-2.68.4-2.2 openSUSE Tumbleweed:glib2-lang-2.68.4-2.2 openSUSE Tumbleweed:glib2-tests-devel-2.68.4-2.2 openSUSE Tumbleweed:glib2-tools-2.68.4-2.2 openSUSE Tumbleweed:glib2-tools-32bit-2.68.4-2.2 openSUSE Tumbleweed:libgio-2_0-0-2.68.4-2.2 openSUSE Tumbleweed:libgio-2_0-0-32bit-2.68.4-2.2 openSUSE Tumbleweed:libgio-fam-2.68.4-2.2 openSUSE Tumbleweed:libgio-fam-32bit-2.68.4-2.2 openSUSE Tumbleweed:libglib-2_0-0-2.68.4-2.2 openSUSE Tumbleweed:libglib-2_0-0-32bit-2.68.4-2.2 openSUSE Tumbleweed:libgmodule-2_0-0-2.68.4-2.2 openSUSE Tumbleweed:libgmodule-2_0-0-32bit-2.68.4-2.2 openSUSE Tumbleweed:libgobject-2_0-0-2.68.4-2.2 openSUSE Tumbleweed:libgobject-2_0-0-32bit-2.68.4-2.2 openSUSE Tumbleweed:libgthread-2_0-0-2.68.4-2.2 openSUSE Tumbleweed:libgthread-2_0-0-32bit-2.68.4-2.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-16428.html CVE-2018-16428 https://bugzilla.suse.com/1107121 SUSE Bug 1107121 GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c, related to utf8_str(). CVE-2018-16429 openSUSE Tumbleweed:gio-branding-upstream-2.68.4-2.2 openSUSE Tumbleweed:glib2-devel-2.68.4-2.2 openSUSE Tumbleweed:glib2-devel-32bit-2.68.4-2.2 openSUSE Tumbleweed:glib2-devel-static-2.68.4-2.2 openSUSE Tumbleweed:glib2-lang-2.68.4-2.2 openSUSE Tumbleweed:glib2-tests-devel-2.68.4-2.2 openSUSE Tumbleweed:glib2-tools-2.68.4-2.2 openSUSE Tumbleweed:glib2-tools-32bit-2.68.4-2.2 openSUSE Tumbleweed:libgio-2_0-0-2.68.4-2.2 openSUSE Tumbleweed:libgio-2_0-0-32bit-2.68.4-2.2 openSUSE Tumbleweed:libgio-fam-2.68.4-2.2 openSUSE Tumbleweed:libgio-fam-32bit-2.68.4-2.2 openSUSE Tumbleweed:libglib-2_0-0-2.68.4-2.2 openSUSE Tumbleweed:libglib-2_0-0-32bit-2.68.4-2.2 openSUSE Tumbleweed:libgmodule-2_0-0-2.68.4-2.2 openSUSE Tumbleweed:libgmodule-2_0-0-32bit-2.68.4-2.2 openSUSE Tumbleweed:libgobject-2_0-0-2.68.4-2.2 openSUSE Tumbleweed:libgobject-2_0-0-32bit-2.68.4-2.2 openSUSE Tumbleweed:libgthread-2_0-0-2.68.4-2.2 openSUSE Tumbleweed:libgthread-2_0-0-32bit-2.68.4-2.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-16429.html CVE-2018-16429 https://bugzilla.suse.com/1107116 SUSE Bug 1107116 file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used. CVE-2019-12450 openSUSE Tumbleweed:gio-branding-upstream-2.68.4-2.2 openSUSE Tumbleweed:glib2-devel-2.68.4-2.2 openSUSE Tumbleweed:glib2-devel-32bit-2.68.4-2.2 openSUSE Tumbleweed:glib2-devel-static-2.68.4-2.2 openSUSE Tumbleweed:glib2-lang-2.68.4-2.2 openSUSE Tumbleweed:glib2-tests-devel-2.68.4-2.2 openSUSE Tumbleweed:glib2-tools-2.68.4-2.2 openSUSE Tumbleweed:glib2-tools-32bit-2.68.4-2.2 openSUSE Tumbleweed:libgio-2_0-0-2.68.4-2.2 openSUSE Tumbleweed:libgio-2_0-0-32bit-2.68.4-2.2 openSUSE Tumbleweed:libgio-fam-2.68.4-2.2 openSUSE Tumbleweed:libgio-fam-32bit-2.68.4-2.2 openSUSE Tumbleweed:libglib-2_0-0-2.68.4-2.2 openSUSE Tumbleweed:libglib-2_0-0-32bit-2.68.4-2.2 openSUSE Tumbleweed:libgmodule-2_0-0-2.68.4-2.2 openSUSE Tumbleweed:libgmodule-2_0-0-32bit-2.68.4-2.2 openSUSE Tumbleweed:libgobject-2_0-0-2.68.4-2.2 openSUSE Tumbleweed:libgobject-2_0-0-32bit-2.68.4-2.2 openSUSE Tumbleweed:libgthread-2_0-0-2.68.4-2.2 openSUSE Tumbleweed:libgthread-2_0-0-32bit-2.68.4-2.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-12450.html CVE-2019-12450 https://bugzilla.suse.com/1137001 SUSE Bug 1137001 https://bugzilla.suse.com/1139959 SUSE Bug 1139959 https://bugzilla.suse.com/1142126 SUSE Bug 1142126 GSocketClient in GNOME GLib through 2.62.4 may occasionally connect directly to a target address instead of connecting via a proxy server when configured to do so, because the proxy_addr field is mishandled. This bug is timing-dependent and may occur only sporadically depending on network delays. The greatest security relevance is in use cases where a proxy is used to help with privacy/anonymity, even though there is no technical barrier to a direct connection. NOTE: versions before 2.60 are unaffected. CVE-2020-6750 openSUSE Tumbleweed:gio-branding-upstream-2.68.4-2.2 openSUSE Tumbleweed:glib2-devel-2.68.4-2.2 openSUSE Tumbleweed:glib2-devel-32bit-2.68.4-2.2 openSUSE Tumbleweed:glib2-devel-static-2.68.4-2.2 openSUSE Tumbleweed:glib2-lang-2.68.4-2.2 openSUSE Tumbleweed:glib2-tests-devel-2.68.4-2.2 openSUSE Tumbleweed:glib2-tools-2.68.4-2.2 openSUSE Tumbleweed:glib2-tools-32bit-2.68.4-2.2 openSUSE Tumbleweed:libgio-2_0-0-2.68.4-2.2 openSUSE Tumbleweed:libgio-2_0-0-32bit-2.68.4-2.2 openSUSE Tumbleweed:libgio-fam-2.68.4-2.2 openSUSE Tumbleweed:libgio-fam-32bit-2.68.4-2.2 openSUSE Tumbleweed:libglib-2_0-0-2.68.4-2.2 openSUSE Tumbleweed:libglib-2_0-0-32bit-2.68.4-2.2 openSUSE Tumbleweed:libgmodule-2_0-0-2.68.4-2.2 openSUSE Tumbleweed:libgmodule-2_0-0-32bit-2.68.4-2.2 openSUSE Tumbleweed:libgobject-2_0-0-2.68.4-2.2 openSUSE Tumbleweed:libgobject-2_0-0-32bit-2.68.4-2.2 openSUSE Tumbleweed:libgthread-2_0-0-2.68.4-2.2 openSUSE Tumbleweed:libgthread-2_0-0-32bit-2.68.4-2.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6750.html CVE-2020-6750 https://bugzilla.suse.com/1160668 SUSE Bug 1160668 An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation. CVE-2021-27218 openSUSE Tumbleweed:gio-branding-upstream-2.68.4-2.2 openSUSE Tumbleweed:glib2-devel-2.68.4-2.2 openSUSE Tumbleweed:glib2-devel-32bit-2.68.4-2.2 openSUSE Tumbleweed:glib2-devel-static-2.68.4-2.2 openSUSE Tumbleweed:glib2-lang-2.68.4-2.2 openSUSE Tumbleweed:glib2-tests-devel-2.68.4-2.2 openSUSE Tumbleweed:glib2-tools-2.68.4-2.2 openSUSE Tumbleweed:glib2-tools-32bit-2.68.4-2.2 openSUSE Tumbleweed:libgio-2_0-0-2.68.4-2.2 openSUSE Tumbleweed:libgio-2_0-0-32bit-2.68.4-2.2 openSUSE Tumbleweed:libgio-fam-2.68.4-2.2 openSUSE Tumbleweed:libgio-fam-32bit-2.68.4-2.2 openSUSE Tumbleweed:libglib-2_0-0-2.68.4-2.2 openSUSE Tumbleweed:libglib-2_0-0-32bit-2.68.4-2.2 openSUSE Tumbleweed:libgmodule-2_0-0-2.68.4-2.2 openSUSE Tumbleweed:libgmodule-2_0-0-32bit-2.68.4-2.2 openSUSE Tumbleweed:libgobject-2_0-0-2.68.4-2.2 openSUSE Tumbleweed:libgobject-2_0-0-32bit-2.68.4-2.2 openSUSE Tumbleweed:libgthread-2_0-0-2.68.4-2.2 openSUSE Tumbleweed:libgthread-2_0-0-32bit-2.68.4-2.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-27218.html CVE-2021-27218 https://bugzilla.suse.com/1182328 SUSE Bug 1182328 https://bugzilla.suse.com/1182362 SUSE Bug 1182362 An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption. CVE-2021-27219 openSUSE Tumbleweed:gio-branding-upstream-2.68.4-2.2 openSUSE Tumbleweed:glib2-devel-2.68.4-2.2 openSUSE Tumbleweed:glib2-devel-32bit-2.68.4-2.2 openSUSE Tumbleweed:glib2-devel-static-2.68.4-2.2 openSUSE Tumbleweed:glib2-lang-2.68.4-2.2 openSUSE Tumbleweed:glib2-tests-devel-2.68.4-2.2 openSUSE Tumbleweed:glib2-tools-2.68.4-2.2 openSUSE Tumbleweed:glib2-tools-32bit-2.68.4-2.2 openSUSE Tumbleweed:libgio-2_0-0-2.68.4-2.2 openSUSE Tumbleweed:libgio-2_0-0-32bit-2.68.4-2.2 openSUSE Tumbleweed:libgio-fam-2.68.4-2.2 openSUSE Tumbleweed:libgio-fam-32bit-2.68.4-2.2 openSUSE Tumbleweed:libglib-2_0-0-2.68.4-2.2 openSUSE Tumbleweed:libglib-2_0-0-32bit-2.68.4-2.2 openSUSE Tumbleweed:libgmodule-2_0-0-2.68.4-2.2 openSUSE Tumbleweed:libgmodule-2_0-0-32bit-2.68.4-2.2 openSUSE Tumbleweed:libgobject-2_0-0-2.68.4-2.2 openSUSE Tumbleweed:libgobject-2_0-0-32bit-2.68.4-2.2 openSUSE Tumbleweed:libgthread-2_0-0-2.68.4-2.2 openSUSE Tumbleweed:libgthread-2_0-0-32bit-2.68.4-2.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-27219.html CVE-2021-27219 https://bugzilla.suse.com/1182362 SUSE Bug 1182362 https://bugzilla.suse.com/1194015 SUSE Bug 1194015