[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
glib vulnerable to CVE-2021-28153
From: |
Léo Le Bouter |
Subject: |
glib vulnerable to CVE-2021-28153 |
Date: |
Fri, 12 Mar 2021 01:13:56 +0100 |
User-agent: |
Evolution 3.34.2 |
Hello!
CVE-2021-28153 11.03.21 23:15
An issue was discovered in GNOME GLib before 2.66.8. When
g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to
replace a path that is a dangling symlink, it incorrectly also creates
the target of the symlink as an empty file, which could conceivably
have security relevance if the symlink is attacker-controlled. (If the
path is a symlink to a file that already exists, then the contents of
that file correctly remain unchanged.)
Another CVE just out,
See: https://gitlab.gnome.org/GNOME/glib/-/issues/2325
We need to backport another patch again it seems?
Thank you,
Léo
signature.asc
Description: This is a digitally signed message part
- glib vulnerable to CVE-2021-28153,
Léo Le Bouter <=