glib vulnerable to CVE-2021-28153

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

glib vulnerable to CVE-2021-28153

From:	Léo Le Bouter
Subject:	glib vulnerable to CVE-2021-28153
Date:	Fri, 12 Mar 2021 01:13:56 +0100
User-agent:	Evolution 3.34.2

Hello!

CVE-2021-28153  11.03.21 23:15
An issue was discovered in GNOME GLib before 2.66.8. When
g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to
replace a path that is a dangling symlink, it incorrectly also creates
the target of the symlink as an empty file, which could conceivably
have security relevance if the symlink is attacker-controlled. (If the
path is a symlink to a file that already exists, then the contents of
that file correctly remain unchanged.)

Another CVE just out,

See: https://gitlab.gnome.org/GNOME/glib/-/issues/2325

We need to backport another patch again it seems?

Thank you,
Léo

signature.asc
Description: This is a digitally signed message part

[Prev in Thread]

Current Thread

[Next in Thread]

glib vulnerable to CVE-2021-28153, Léo Le Bouter <=
- Re: glib vulnerable to CVE-2021-28153, Mark H Weaver, 2021/03/12
  - Re: glib vulnerable to CVE-2021-28153, Léo Le Bouter, 2021/03/12

Prev by Date: Re: Commit pushed to master with unauthorised signature
Next by Date: Re: glib vulnerable to CVE-2021-28153
Previous by thread: Examples on why ungrafting is necessary
Next by thread: Re: glib vulnerable to CVE-2021-28153
Index(es):
- Date
- Thread