[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DSA 5682-1] glib2.0 security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5682-1                   [email protected]
https://www.debian.org/security/                     Salvatore Bonaccorso
May 07, 2024                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : glib2.0
CVE ID         : CVE-2024-34397

Alicia Boya Garcia reported that the GDBus signal subscriptions in the
GLib library are prone to a spoofing vulnerability. A local attacker can
take advantage of this flaw to cause a GDBus-based client to behave
incorrectly, with an application-dependent impact.

gnome-shell is updated along with this update to avoid a screencast
regression after fixing CVE-2024-34397.

For the oldstable distribution (bullseye), this problem has been fixed
in version 2.66.8-1+deb11u2.

For the stable distribution (bookworm), this problem has been fixed in
version 2.74.6-2+deb12u1.

We recommend that you upgrade your glib2.0 packages.

For the detailed security status of glib2.0 please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/glib2.0

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmY6hPhfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0SluA//YDiwiCjSmeQFXuFfSBga+BnPqAx5PHWjPbnjOyTefp6TH0xXiw0mQ2vF
5c99+cwy1kQkWffYJErX7XyLeoaOHxanXOUzyqhCLBH7iJFWIDiKDntYsd1BELDo
2H+9zOISltTowkcx9H0tq3HKM18SFHc/iiImc28wX6PdkosqGHGtTFF/qPOEDqi1
oqObyJV+F0RjGSiTE3qzF6zxmJHrn8oCvQ53L3VbspL+eohfCurkRMjLeg897Opo
A67Eh82ZhUouKIBNRNZ6UGVsJ55vKWsYdyvC2zi4e9dbUSumijcPr2kci4C3Rb1M
e63SYSL3xWA42z7LbtOdJZh0l7HcHZHDSw4UKhPw6jrCl+4ck5fQN9ezuGU5Rg8d
5oUjuDRIvH6G1vGELd6+P90hj/c+z23g3N41J05YWsLr1imoYuc/zHAHFlpt7NzI
dJRczbKl0SUcxQGnevDmgj5LNmqTQvH/Q9t+d8jy6E8n1OP2IweMn+Tiit4abEGN
9bKAc09/qUhKwGrnHFfi7S9lPF9rpQun+voVylacrQsf2ijs2sgWX0kyH81Govxv
s/QbTNUJUkXrQmAIahFQPzqEokdZd4phP1w25urjEx1ji7RklR9KtF6bBu6V1mhz
fZ1Md3uhUt+8Vktbqwzfj18lvEXYg808ClX7ZA+x5cgTOJJKf8o=
=uIf7
-----END PGP SIGNATURE-----


Reply to: