SUSE Package Hub - SUSE-SLE-Module-Packagehub-Subpackages-15-2018-2780

Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-2018-2780

Security update for glib2

Type: security

Severity: moderate

Issued: 2018-11-26

Description:

This update for glib2 fixes the following issues:

Security issues fixed:

- CVE-2018-16428: Do not do a NULL pointer dereference (crash).
  Avoid that, at the cost of introducing a new translatable error
  message (bsc#1107121).
- CVE-2018-16429: Fixed out-of-bounds read vulnerability ing_markup_parse_context_parse() (bsc#1107116).

Non-security issue fixed:

- various GVariant parsing issues have been resolved (bsc#1111499)

References

CVE: CVE-2018-16429
CVE: CVE-2018-16428
Bugzilla: 1111499 VUL-0: glib, glib2: GLib variant binary form and D-Bus message parsing problems
Bugzilla: 1107121 VUL-1: CVE-2018-16428: glib,glib2: g_markup_parse_context_end_parse() in gmarkup.c has a NULL pointer dereference
Bugzilla: 1107116 VUL-1: CVE-2018-16429: glib,glib2: out-of-bounds read vulnerability ing_markup_parse_context_parse() in gmarkup.c, related to utf8_str()

Packages

glib2-2.54.3-4.7.1