Security update for glib2 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:4278-1 Final 1 1 2025-11-27T13:13:51Z current 2025-11-27T13:13:51Z 2025-11-27T13:13:51Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for glib2 This update for glib2 fixes the following issues: - CVE-2025-7039: Fixed buffer under-read on glib through glib/gfileutils.c via get_tmp_file() (bsc#1249055) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2025-4278,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-4278 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-20254278-1/ Link for SUSE-SU-2025:4278-1 https://lists.suse.com/pipermail/sle-security-updates/2025-November/023408.html E-Mail link for SUSE-SU-2025:4278-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1249055 SUSE Bug 1249055 https://www.suse.com/security/cve/CVE-2025-7039/ SUSE CVE CVE-2025-7039 page SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 gio-branding-upstream-2.48.2-12.49.1 glib2-devel-2.48.2-12.49.1 glib2-devel-32bit-2.48.2-12.49.1 glib2-devel-64bit-2.48.2-12.49.1 glib2-devel-static-2.48.2-12.49.1 glib2-lang-2.48.2-12.49.1 glib2-tools-2.48.2-12.49.1 glib2-tools-32bit-2.48.2-12.49.1 glib2-tools-64bit-2.48.2-12.49.1 libgio-2_0-0-2.48.2-12.49.1 libgio-2_0-0-32bit-2.48.2-12.49.1 libgio-2_0-0-64bit-2.48.2-12.49.1 libgio-fam-2.48.2-12.49.1 libgio-fam-32bit-2.48.2-12.49.1 libgio-fam-64bit-2.48.2-12.49.1 libglib-2_0-0-2.48.2-12.49.1 libglib-2_0-0-32bit-2.48.2-12.49.1 libglib-2_0-0-64bit-2.48.2-12.49.1 libgmodule-2_0-0-2.48.2-12.49.1 libgmodule-2_0-0-32bit-2.48.2-12.49.1 libgmodule-2_0-0-64bit-2.48.2-12.49.1 libgobject-2_0-0-2.48.2-12.49.1 libgobject-2_0-0-32bit-2.48.2-12.49.1 libgobject-2_0-0-64bit-2.48.2-12.49.1 libgthread-2_0-0-2.48.2-12.49.1 libgthread-2_0-0-32bit-2.48.2-12.49.1 libgthread-2_0-0-64bit-2.48.2-12.49.1 glib2-devel-2.48.2-12.49.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 glib2-devel-static-2.48.2-12.49.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 glib2-lang-2.48.2-12.49.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 glib2-tools-2.48.2-12.49.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 libgio-2_0-0-2.48.2-12.49.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 libgio-2_0-0-32bit-2.48.2-12.49.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 libglib-2_0-0-2.48.2-12.49.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 libglib-2_0-0-32bit-2.48.2-12.49.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 libgmodule-2_0-0-2.48.2-12.49.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 libgmodule-2_0-0-32bit-2.48.2-12.49.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 libgobject-2_0-0-2.48.2-12.49.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 libgobject-2_0-0-32bit-2.48.2-12.49.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 libgthread-2_0-0-2.48.2-12.49.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 libgthread-2_0-0-32bit-2.48.2-12.49.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations. CVE-2025-7039 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:glib2-devel-2.48.2-12.49.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:glib2-devel-static-2.48.2-12.49.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:glib2-lang-2.48.2-12.49.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:glib2-tools-2.48.2-12.49.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libgio-2_0-0-2.48.2-12.49.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libgio-2_0-0-32bit-2.48.2-12.49.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libglib-2_0-0-2.48.2-12.49.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libglib-2_0-0-32bit-2.48.2-12.49.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libgmodule-2_0-0-2.48.2-12.49.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libgmodule-2_0-0-32bit-2.48.2-12.49.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libgobject-2_0-0-2.48.2-12.49.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libgobject-2_0-0-32bit-2.48.2-12.49.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libgthread-2_0-0-2.48.2-12.49.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libgthread-2_0-0-32bit-2.48.2-12.49.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254278-1/ https://www.suse.com/security/cve/CVE-2025-7039.html CVE-2025-7039 https://bugzilla.suse.com/1249055 SUSE Bug 1249055