Security update for glib2 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2026:0355-1 Final 1 1 2026-01-31T02:04:37Z current 2026-01-31T02:04:37Z 2026-01-31T02:04:37Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for glib2 This update for glib2 fixes the following issues: - CVE-2026-1485: Fixed buffer underflow and out-of-bounds access due to integer wraparound in content type parsing (bsc#1257354). - CVE-2026-1484: Fixed buffer underflow and out-of-bounds access due to miscalculated buffer boundaries in the Base64 encoding routine (bsc#1257355). - CVE-2026-1489: Fixed undersized heap allocation followed by out-of-bounds access due to integer overflow in Unicode case conversion (bsc#1257353). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Container suse/sle-micro-rancher/5.2:latest-2026-355,Container suse/sle-micro/5.2/toolbox:latest-2026-355,SUSE-2026-355,SUSE-SUSE-MicroOS-5.2-2026-355 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2026/suse-su-20260355-1/ Link for SUSE-SU-2026:0355-1 https://lists.suse.com/pipermail/sle-security-updates/2026-February/024001.html E-Mail link for SUSE-SU-2026:0355-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1257353 SUSE Bug 1257353 https://bugzilla.suse.com/1257354 SUSE Bug 1257354 https://bugzilla.suse.com/1257355 SUSE Bug 1257355 https://www.suse.com/security/cve/CVE-2026-1484/ SUSE CVE CVE-2026-1484 page https://www.suse.com/security/cve/CVE-2026-1485/ SUSE CVE CVE-2026-1485 page https://www.suse.com/security/cve/CVE-2026-1489/ SUSE CVE CVE-2026-1489 page Container suse/sle-micro-rancher/5.2:latest Container suse/sle-micro/5.2/toolbox:latest SUSE Linux Enterprise Micro 5.2 libglib-2_0-0-2.62.6-150200.3.42.1 libgmodule-2_0-0-2.62.6-150200.3.42.1 libgobject-2_0-0-2.62.6-150200.3.42.1 gio-branding-upstream-2.62.6-150200.3.42.1 glib2-devel-2.62.6-150200.3.42.1 glib2-devel-32bit-2.62.6-150200.3.42.1 glib2-devel-64bit-2.62.6-150200.3.42.1 glib2-devel-static-2.62.6-150200.3.42.1 glib2-lang-2.62.6-150200.3.42.1 glib2-tests-2.62.6-150200.3.42.1 glib2-tools-2.62.6-150200.3.42.1 glib2-tools-32bit-2.62.6-150200.3.42.1 glib2-tools-64bit-2.62.6-150200.3.42.1 libgio-2_0-0-2.62.6-150200.3.42.1 libgio-2_0-0-32bit-2.62.6-150200.3.42.1 libgio-2_0-0-64bit-2.62.6-150200.3.42.1 libgio-fam-2.62.6-150200.3.42.1 libgio-fam-32bit-2.62.6-150200.3.42.1 libgio-fam-64bit-2.62.6-150200.3.42.1 libglib-2_0-0-32bit-2.62.6-150200.3.42.1 libglib-2_0-0-64bit-2.62.6-150200.3.42.1 libgmodule-2_0-0-32bit-2.62.6-150200.3.42.1 libgmodule-2_0-0-64bit-2.62.6-150200.3.42.1 libgobject-2_0-0-32bit-2.62.6-150200.3.42.1 libgobject-2_0-0-64bit-2.62.6-150200.3.42.1 libgthread-2_0-0-2.62.6-150200.3.42.1 libgthread-2_0-0-32bit-2.62.6-150200.3.42.1 libgthread-2_0-0-64bit-2.62.6-150200.3.42.1 libglib-2_0-0-2.62.6-150200.3.42.1 as a component of Container suse/sle-micro-rancher/5.2:latest libgmodule-2_0-0-2.62.6-150200.3.42.1 as a component of Container suse/sle-micro-rancher/5.2:latest libgobject-2_0-0-2.62.6-150200.3.42.1 as a component of Container suse/sle-micro-rancher/5.2:latest libglib-2_0-0-2.62.6-150200.3.42.1 as a component of Container suse/sle-micro/5.2/toolbox:latest libgmodule-2_0-0-2.62.6-150200.3.42.1 as a component of Container suse/sle-micro/5.2/toolbox:latest glib2-tools-2.62.6-150200.3.42.1 as a component of SUSE Linux Enterprise Micro 5.2 libgio-2_0-0-2.62.6-150200.3.42.1 as a component of SUSE Linux Enterprise Micro 5.2 libglib-2_0-0-2.62.6-150200.3.42.1 as a component of SUSE Linux Enterprise Micro 5.2 libgmodule-2_0-0-2.62.6-150200.3.42.1 as a component of SUSE Linux Enterprise Micro 5.2 libgobject-2_0-0-2.62.6-150200.3.42.1 as a component of SUSE Linux Enterprise Micro 5.2 A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably. CVE-2026-1484 Container suse/sle-micro-rancher/5.2:latest:libglib-2_0-0-2.62.6-150200.3.42.1 Container suse/sle-micro-rancher/5.2:latest:libgmodule-2_0-0-2.62.6-150200.3.42.1 Container suse/sle-micro-rancher/5.2:latest:libgobject-2_0-0-2.62.6-150200.3.42.1 Container suse/sle-micro/5.2/toolbox:latest:libglib-2_0-0-2.62.6-150200.3.42.1 Container suse/sle-micro/5.2/toolbox:latest:libgmodule-2_0-0-2.62.6-150200.3.42.1 SUSE Linux Enterprise Micro 5.2:glib2-tools-2.62.6-150200.3.42.1 SUSE Linux Enterprise Micro 5.2:libgio-2_0-0-2.62.6-150200.3.42.1 SUSE Linux Enterprise Micro 5.2:libglib-2_0-0-2.62.6-150200.3.42.1 SUSE Linux Enterprise Micro 5.2:libgmodule-2_0-0-2.62.6-150200.3.42.1 SUSE Linux Enterprise Micro 5.2:libgobject-2_0-0-2.62.6-150200.3.42.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260355-1/ https://www.suse.com/security/cve/CVE-2026-1484.html CVE-2026-1484 https://bugzilla.suse.com/1257355 SUSE Bug 1257355 A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability. CVE-2026-1485 Container suse/sle-micro-rancher/5.2:latest:libglib-2_0-0-2.62.6-150200.3.42.1 Container suse/sle-micro-rancher/5.2:latest:libgmodule-2_0-0-2.62.6-150200.3.42.1 Container suse/sle-micro-rancher/5.2:latest:libgobject-2_0-0-2.62.6-150200.3.42.1 Container suse/sle-micro/5.2/toolbox:latest:libglib-2_0-0-2.62.6-150200.3.42.1 Container suse/sle-micro/5.2/toolbox:latest:libgmodule-2_0-0-2.62.6-150200.3.42.1 SUSE Linux Enterprise Micro 5.2:glib2-tools-2.62.6-150200.3.42.1 SUSE Linux Enterprise Micro 5.2:libgio-2_0-0-2.62.6-150200.3.42.1 SUSE Linux Enterprise Micro 5.2:libglib-2_0-0-2.62.6-150200.3.42.1 SUSE Linux Enterprise Micro 5.2:libgmodule-2_0-0-2.62.6-150200.3.42.1 SUSE Linux Enterprise Micro 5.2:libgobject-2_0-0-2.62.6-150200.3.42.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260355-1/ https://www.suse.com/security/cve/CVE-2026-1485.html CVE-2026-1485 https://bugzilla.suse.com/1257354 SUSE Bug 1257354 A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable. CVE-2026-1489 Container suse/sle-micro-rancher/5.2:latest:libglib-2_0-0-2.62.6-150200.3.42.1 Container suse/sle-micro-rancher/5.2:latest:libgmodule-2_0-0-2.62.6-150200.3.42.1 Container suse/sle-micro-rancher/5.2:latest:libgobject-2_0-0-2.62.6-150200.3.42.1 Container suse/sle-micro/5.2/toolbox:latest:libglib-2_0-0-2.62.6-150200.3.42.1 Container suse/sle-micro/5.2/toolbox:latest:libgmodule-2_0-0-2.62.6-150200.3.42.1 SUSE Linux Enterprise Micro 5.2:glib2-tools-2.62.6-150200.3.42.1 SUSE Linux Enterprise Micro 5.2:libgio-2_0-0-2.62.6-150200.3.42.1 SUSE Linux Enterprise Micro 5.2:libglib-2_0-0-2.62.6-150200.3.42.1 SUSE Linux Enterprise Micro 5.2:libgmodule-2_0-0-2.62.6-150200.3.42.1 SUSE Linux Enterprise Micro 5.2:libgobject-2_0-0-2.62.6-150200.3.42.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260355-1/ https://www.suse.com/security/cve/CVE-2026-1489.html CVE-2026-1489 https://bugzilla.suse.com/1257353 SUSE Bug 1257353