Login
Newsletter
Werbung

Sicherheit: Zwei Probleme in GLib
Aktuelle Meldungen Distributionen
Name: Zwei Probleme in GLib
ID: USN-4759-1
Distribution: Ubuntu
Plattformen: Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 20.10
Datum: Mo, 8. März 2021, 23:23
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27218
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27219
Applikationen: GLib

Originalnachricht

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============6409401115912237265==
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature";
boundary="KVH8o6jTnuNEkJQFbuvJQOwe6WSM4zPk4"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--KVH8o6jTnuNEkJQFbuvJQOwe6WSM4zPk4
Content-Type: multipart/mixed;
boundary="vhhpN8jcqkmwxw9m7KA8wcX7HM5FWeQBb";
protected-headers="v1"
From: Marc Deslauriers <marc.deslauriers@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: "ubuntu-security-announce@lists.ubuntu.com"
<ubuntu-security-announce@lists.ubuntu.com>
Message-ID: <1ed05809-5597-4d49-f363-26b94a1499c0@canonical.com>
Subject: [USN-4759-1] GLib vulnerabilities

--vhhpN8jcqkmwxw9m7KA8wcX7HM5FWeQBb
Content-Type: text/plain; charset=utf-8
Content-Language: en-C
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-4759-1
March 08, 2021

glib2.0 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in GLib.

Software Description:
- glib2.0: GLib library of C routines

Details:

Krzesimir Nowak discovered that GLib incorrectly handled certain large
buffers. A remote attacker could use this issue to cause applications
linked to GLib to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2021-27218)

Kevin Backhouse discovered that GLib incorrectly handled certain memory
allocations. A remote attacker could use this issue to cause applications
linked to GLib to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2021-27219)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.10:
libglib2.0-0 2.66.1-2ubuntu0.1

Ubuntu 20.04 LTS:
libglib2.0-0 2.64.6-1~ubuntu20.04.2

Ubuntu 18.04 LTS:
libglib2.0-0 2.56.4-0ubuntu0.18.04.7

Ubuntu 16.04 LTS:
libglib2.0-0 2.48.2-0ubuntu4.7

After a standard system update you need to restart your session to make all
the necessary changes.

References:
https://ubuntu.com/security/notices/USN-4759-1
CVE-2021-27218, CVE-2021-27219

Package Information:
https://launchpad.net/ubuntu/+source/glib2.0/2.66.1-2ubuntu0.1
https://launchpad.net/ubuntu/+source/glib2.0/2.64.6-1~ubuntu20.04.2
https://launchpad.net/ubuntu/+source/glib2.0/2.56.4-0ubuntu0.18.04.7
https://launchpad.net/ubuntu/+source/glib2.0/2.48.2-0ubuntu4.7


--vhhpN8jcqkmwxw9m7KA8wcX7HM5FWeQBb--

--KVH8o6jTnuNEkJQFbuvJQOwe6WSM4zPk4
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmBGeNwACgkQZWnYVadE
vpM/IhAAl+yUUm0J8m2RaKie1YozRwt+9TbHETxBXcrXUZnvie1H42uxFldQthMh
KcBfiSFnX7ZKynbEvegaXyEryYMH27fQ2k+clJkaqJtBt0nYL8O4FeWFO+Ct72yw
UF1mpCyVZkI/pXzPaoVSCqhiYfiUnS/miyK69XBLJ3heIcTFYU/e44g+dF7isRlV
6UMfiOxWXsAk7X+Qog7Z1t/a/wnDOt4kBa9MjHdB4kYbvqe8m9B25DxxM9Bcdp7I
wwcs6naB4yo/PrOSVN8XunEBErDG3lJ+Jyhu4qYpb8wo5XkeknFTOX+Yk5sSkbDD
iTEnDVx+Sr9jzuj3ZiTqrJ2IjgWywTtoyPWem2YO2l9ZxR3VC+wFduUX1qfaDg1k
32TY7VhJunus5OIGvxwiDu140qPpT9YUSsu2N/VA8qZlHgAk85rwgirABvdEZYAJ
XEz0koQdd9pKaJp0DdJqvZrjdUWbiqibxbkYxeugPFiIsv6V1IbesNlv/hC0LTRR
8Jc0mxHCK7Q2wkX8sJUhVUGyXb9M7bcC955DOp1CNWuc5hv64tNl1s7Y/89M8Fnw
NLIDJbHgm0dAbmWYvI9/SuAfh7vohF299aTrJ6991H9eIGxst49B1j5GL/THOnie
wcCNDaNYJGi0/YvTA6PJiEC8hLR3ymswrQ3t04hFiwN+HC6c+Fk=
=izEP
-----END PGP SIGNATURE-----

--KVH8o6jTnuNEkJQFbuvJQOwe6WSM4zPk4--


--===============6409401115912237265==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5
LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl
IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj
dXJpdHktYW5ub3VuY2UK

--===============6409401115912237265==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung