[USN-7114-1] GLib vulnerability

Leonidas S. Barbosa leo.barbosa at canonical.com
Mon Nov 18 18:43:44 UTC 2024 

==========================================================================
Ubuntu Security Notice USN-7114-1
November 18, 2024

glib2.0 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

GLib could be made to crash or other undefined behavior
if it received a specially crafted input.

Software Description:
- glib2.0: GLib library of C routines

Details:

It was discovered that Glib incorrectly handled certain trailing
characters. An attacker could possibly use this issue to cause
a crash or other undefined behavior.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
  libglib2.0-0t64                 2.80.0-6ubuntu3.2
  libglib2.0-bin                  2.80.0-6ubuntu3.2

Ubuntu 22.04 LTS
  libglib2.0-0                    2.72.4-0ubuntu2.4
  libglib2.0-bin                  2.72.4-0ubuntu2.4

Ubuntu 20.04 LTS
  libglib2.0-0                    2.64.6-1~ubuntu20.04.8
  libglib2.0-bin                  2.64.6-1~ubuntu20.04.8

Ubuntu 18.04 LTS
  libglib2.0-0                    2.56.4-0ubuntu0.18.04.9+esm4
                                  Available with Ubuntu Pro
  libglib2.0-bin                  2.56.4-0ubuntu0.18.04.9+esm4
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
  libglib2.0-0                    2.48.2-0ubuntu4.8+esm4
                                  Available with Ubuntu Pro
  libglib2.0-bin                  2.48.2-0ubuntu4.8+esm4
                                  Available with Ubuntu Pro

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7114-1
  CVE-2024-52533

Package Information:
  https://launchpad.net/ubuntu/+source/glib2.0/2.80.0-6ubuntu3.2
  https://launchpad.net/ubuntu/+source/glib2.0/2.72.4-0ubuntu2.4
  https://launchpad.net/ubuntu/+source/glib2.0/2.64.6-1~ubuntu20.04.8

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20241118/45854555/attachment.sig>

More information about the ubuntu-security-announce mailing list