gio-branding-upstream-2.86.3-3.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2026:10111-1 Final 1 1 2026-01-29T00:00:00Z current 2026-01-29T00:00:00Z 2026-01-29T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z gio-branding-upstream-2.86.3-3.1 on GA media These are all security issues fixed in the gio-branding-upstream-2.86.3-3.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2026-10111 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2026-1484/ SUSE CVE CVE-2026-1484 page https://www.suse.com/security/cve/CVE-2026-1485/ SUSE CVE CVE-2026-1485 page https://www.suse.com/security/cve/CVE-2026-1489/ SUSE CVE CVE-2026-1489 page openSUSE Tumbleweed gio-branding-upstream-2.86.3-3.1 glib2-devel-2.86.3-3.1 glib2-devel-32bit-2.86.3-3.1 glib2-devel-static-2.86.3-3.1 glib2-lang-2.86.3-3.1 glib2-tests-devel-2.86.3-3.1 glib2-tools-2.86.3-3.1 glib2-tools-32bit-2.86.3-3.1 libgio-2_0-0-2.86.3-3.1 libgio-2_0-0-32bit-2.86.3-3.1 libgirepository-2_0-0-2.86.3-3.1 libglib-2_0-0-2.86.3-3.1 libglib-2_0-0-32bit-2.86.3-3.1 libgmodule-2_0-0-2.86.3-3.1 libgmodule-2_0-0-32bit-2.86.3-3.1 libgobject-2_0-0-2.86.3-3.1 libgobject-2_0-0-32bit-2.86.3-3.1 libgthread-2_0-0-2.86.3-3.1 libgthread-2_0-0-32bit-2.86.3-3.1 typelib-1_0-GIRepository-3_0-2.86.3-3.1 typelib-1_0-GLib-2_0-2.86.3-3.1 typelib-1_0-GLibUnix-2_0-2.86.3-3.1 typelib-1_0-GModule-2_0-2.86.3-3.1 typelib-1_0-GObject-2_0-2.86.3-3.1 typelib-1_0-Gio-2_0-2.86.3-3.1 gio-branding-upstream-2.86.3-3.1 as a component of openSUSE Tumbleweed glib2-devel-2.86.3-3.1 as a component of openSUSE Tumbleweed glib2-devel-32bit-2.86.3-3.1 as a component of openSUSE Tumbleweed glib2-devel-static-2.86.3-3.1 as a component of openSUSE Tumbleweed glib2-lang-2.86.3-3.1 as a component of openSUSE Tumbleweed glib2-tests-devel-2.86.3-3.1 as a component of openSUSE Tumbleweed glib2-tools-2.86.3-3.1 as a component of openSUSE Tumbleweed glib2-tools-32bit-2.86.3-3.1 as a component of openSUSE Tumbleweed libgio-2_0-0-2.86.3-3.1 as a component of openSUSE Tumbleweed libgio-2_0-0-32bit-2.86.3-3.1 as a component of openSUSE Tumbleweed libgirepository-2_0-0-2.86.3-3.1 as a component of openSUSE Tumbleweed libglib-2_0-0-2.86.3-3.1 as a component of openSUSE Tumbleweed libglib-2_0-0-32bit-2.86.3-3.1 as a component of openSUSE Tumbleweed libgmodule-2_0-0-2.86.3-3.1 as a component of openSUSE Tumbleweed libgmodule-2_0-0-32bit-2.86.3-3.1 as a component of openSUSE Tumbleweed libgobject-2_0-0-2.86.3-3.1 as a component of openSUSE Tumbleweed libgobject-2_0-0-32bit-2.86.3-3.1 as a component of openSUSE Tumbleweed libgthread-2_0-0-2.86.3-3.1 as a component of openSUSE Tumbleweed libgthread-2_0-0-32bit-2.86.3-3.1 as a component of openSUSE Tumbleweed typelib-1_0-GIRepository-3_0-2.86.3-3.1 as a component of openSUSE Tumbleweed typelib-1_0-GLib-2_0-2.86.3-3.1 as a component of openSUSE Tumbleweed typelib-1_0-GLibUnix-2_0-2.86.3-3.1 as a component of openSUSE Tumbleweed typelib-1_0-GModule-2_0-2.86.3-3.1 as a component of openSUSE Tumbleweed typelib-1_0-GObject-2_0-2.86.3-3.1 as a component of openSUSE Tumbleweed typelib-1_0-Gio-2_0-2.86.3-3.1 as a component of openSUSE Tumbleweed A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably. CVE-2026-1484 openSUSE Tumbleweed:gio-branding-upstream-2.86.3-3.1 openSUSE Tumbleweed:glib2-devel-2.86.3-3.1 openSUSE Tumbleweed:glib2-devel-32bit-2.86.3-3.1 openSUSE Tumbleweed:glib2-devel-static-2.86.3-3.1 openSUSE Tumbleweed:glib2-lang-2.86.3-3.1 openSUSE Tumbleweed:glib2-tests-devel-2.86.3-3.1 openSUSE Tumbleweed:glib2-tools-2.86.3-3.1 openSUSE Tumbleweed:glib2-tools-32bit-2.86.3-3.1 openSUSE Tumbleweed:libgio-2_0-0-2.86.3-3.1 openSUSE Tumbleweed:libgio-2_0-0-32bit-2.86.3-3.1 openSUSE Tumbleweed:libgirepository-2_0-0-2.86.3-3.1 openSUSE Tumbleweed:libglib-2_0-0-2.86.3-3.1 openSUSE Tumbleweed:libglib-2_0-0-32bit-2.86.3-3.1 openSUSE Tumbleweed:libgmodule-2_0-0-2.86.3-3.1 openSUSE Tumbleweed:libgmodule-2_0-0-32bit-2.86.3-3.1 openSUSE Tumbleweed:libgobject-2_0-0-2.86.3-3.1 openSUSE Tumbleweed:libgobject-2_0-0-32bit-2.86.3-3.1 openSUSE Tumbleweed:libgthread-2_0-0-2.86.3-3.1 openSUSE Tumbleweed:libgthread-2_0-0-32bit-2.86.3-3.1 openSUSE Tumbleweed:typelib-1_0-GIRepository-3_0-2.86.3-3.1 openSUSE Tumbleweed:typelib-1_0-GLib-2_0-2.86.3-3.1 openSUSE Tumbleweed:typelib-1_0-GLibUnix-2_0-2.86.3-3.1 openSUSE Tumbleweed:typelib-1_0-GModule-2_0-2.86.3-3.1 openSUSE Tumbleweed:typelib-1_0-GObject-2_0-2.86.3-3.1 openSUSE Tumbleweed:typelib-1_0-Gio-2_0-2.86.3-3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-1484.html CVE-2026-1484 https://bugzilla.suse.com/1257355 SUSE Bug 1257355 A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability. CVE-2026-1485 openSUSE Tumbleweed:gio-branding-upstream-2.86.3-3.1 openSUSE Tumbleweed:glib2-devel-2.86.3-3.1 openSUSE Tumbleweed:glib2-devel-32bit-2.86.3-3.1 openSUSE Tumbleweed:glib2-devel-static-2.86.3-3.1 openSUSE Tumbleweed:glib2-lang-2.86.3-3.1 openSUSE Tumbleweed:glib2-tests-devel-2.86.3-3.1 openSUSE Tumbleweed:glib2-tools-2.86.3-3.1 openSUSE Tumbleweed:glib2-tools-32bit-2.86.3-3.1 openSUSE Tumbleweed:libgio-2_0-0-2.86.3-3.1 openSUSE Tumbleweed:libgio-2_0-0-32bit-2.86.3-3.1 openSUSE Tumbleweed:libgirepository-2_0-0-2.86.3-3.1 openSUSE Tumbleweed:libglib-2_0-0-2.86.3-3.1 openSUSE Tumbleweed:libglib-2_0-0-32bit-2.86.3-3.1 openSUSE Tumbleweed:libgmodule-2_0-0-2.86.3-3.1 openSUSE Tumbleweed:libgmodule-2_0-0-32bit-2.86.3-3.1 openSUSE Tumbleweed:libgobject-2_0-0-2.86.3-3.1 openSUSE Tumbleweed:libgobject-2_0-0-32bit-2.86.3-3.1 openSUSE Tumbleweed:libgthread-2_0-0-2.86.3-3.1 openSUSE Tumbleweed:libgthread-2_0-0-32bit-2.86.3-3.1 openSUSE Tumbleweed:typelib-1_0-GIRepository-3_0-2.86.3-3.1 openSUSE Tumbleweed:typelib-1_0-GLib-2_0-2.86.3-3.1 openSUSE Tumbleweed:typelib-1_0-GLibUnix-2_0-2.86.3-3.1 openSUSE Tumbleweed:typelib-1_0-GModule-2_0-2.86.3-3.1 openSUSE Tumbleweed:typelib-1_0-GObject-2_0-2.86.3-3.1 openSUSE Tumbleweed:typelib-1_0-Gio-2_0-2.86.3-3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-1485.html CVE-2026-1485 https://bugzilla.suse.com/1257354 SUSE Bug 1257354 A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable. CVE-2026-1489 openSUSE Tumbleweed:gio-branding-upstream-2.86.3-3.1 openSUSE Tumbleweed:glib2-devel-2.86.3-3.1 openSUSE Tumbleweed:glib2-devel-32bit-2.86.3-3.1 openSUSE Tumbleweed:glib2-devel-static-2.86.3-3.1 openSUSE Tumbleweed:glib2-lang-2.86.3-3.1 openSUSE Tumbleweed:glib2-tests-devel-2.86.3-3.1 openSUSE Tumbleweed:glib2-tools-2.86.3-3.1 openSUSE Tumbleweed:glib2-tools-32bit-2.86.3-3.1 openSUSE Tumbleweed:libgio-2_0-0-2.86.3-3.1 openSUSE Tumbleweed:libgio-2_0-0-32bit-2.86.3-3.1 openSUSE Tumbleweed:libgirepository-2_0-0-2.86.3-3.1 openSUSE Tumbleweed:libglib-2_0-0-2.86.3-3.1 openSUSE Tumbleweed:libglib-2_0-0-32bit-2.86.3-3.1 openSUSE Tumbleweed:libgmodule-2_0-0-2.86.3-3.1 openSUSE Tumbleweed:libgmodule-2_0-0-32bit-2.86.3-3.1 openSUSE Tumbleweed:libgobject-2_0-0-2.86.3-3.1 openSUSE Tumbleweed:libgobject-2_0-0-32bit-2.86.3-3.1 openSUSE Tumbleweed:libgthread-2_0-0-2.86.3-3.1 openSUSE Tumbleweed:libgthread-2_0-0-32bit-2.86.3-3.1 openSUSE Tumbleweed:typelib-1_0-GIRepository-3_0-2.86.3-3.1 openSUSE Tumbleweed:typelib-1_0-GLib-2_0-2.86.3-3.1 openSUSE Tumbleweed:typelib-1_0-GLibUnix-2_0-2.86.3-3.1 openSUSE Tumbleweed:typelib-1_0-GModule-2_0-2.86.3-3.1 openSUSE Tumbleweed:typelib-1_0-GObject-2_0-2.86.3-3.1 openSUSE Tumbleweed:typelib-1_0-Gio-2_0-2.86.3-3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-1489.html CVE-2026-1489 https://bugzilla.suse.com/1257353 SUSE Bug 1257353