Security update for glib2 SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:4005-1 Final 1 1 2018-12-06T14:33:00Z current 2018-12-06T14:33:00Z 2018-12-06T14:33:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for glib2 This update for glib2 fixes the following issues: Security issues fixed: - CVE-2018-16428: Do not do a NULL pointer dereference (crash). Avoid that, at the cost of introducing a new translatable error message (bsc#1107121). - CVE-2018-16429: Fixed out-of-bounds read vulnerability ing_markup_parse_context_parse() (bsc#1107116). Non-security issue fixed: - various GVariant parsing issues have been resolved (bsc#1111499) This update was imported from the SUSE:SLE-15:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00005.html E-Mail link for openSUSE-SU-2018:4005-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 15.0 gio-branding-upstream-2.54.3-lp150.3.3.1 glib2-2.54.3-lp150.3.3.1 glib2-devel-2.54.3-lp150.3.3.1 glib2-devel-32bit-2.54.3-lp150.3.3.1 glib2-devel-static-2.54.3-lp150.3.3.1 glib2-lang-2.54.3-lp150.3.3.1 glib2-tools-2.54.3-lp150.3.3.1 glib2-tools-32bit-2.54.3-lp150.3.3.1 libgio-2_0-0-2.54.3-lp150.3.3.1 libgio-2_0-0-32bit-2.54.3-lp150.3.3.1 libgio-fam-2.54.3-lp150.3.3.1 libgio-fam-32bit-2.54.3-lp150.3.3.1 libglib-2_0-0-2.54.3-lp150.3.3.1 libglib-2_0-0-32bit-2.54.3-lp150.3.3.1 libgmodule-2_0-0-2.54.3-lp150.3.3.1 libgmodule-2_0-0-32bit-2.54.3-lp150.3.3.1 libgobject-2_0-0-2.54.3-lp150.3.3.1 libgobject-2_0-0-32bit-2.54.3-lp150.3.3.1 libgthread-2_0-0-2.54.3-lp150.3.3.1 libgthread-2_0-0-32bit-2.54.3-lp150.3.3.1 gio-branding-upstream-2.54.3-lp150.3.3.1 as a component of openSUSE Leap 15.0 glib2-2.54.3-lp150.3.3.1 as a component of openSUSE Leap 15.0 glib2-devel-2.54.3-lp150.3.3.1 as a component of openSUSE Leap 15.0 glib2-devel-32bit-2.54.3-lp150.3.3.1 as a component of openSUSE Leap 15.0 glib2-devel-static-2.54.3-lp150.3.3.1 as a component of openSUSE Leap 15.0 glib2-lang-2.54.3-lp150.3.3.1 as a component of openSUSE Leap 15.0 glib2-tools-2.54.3-lp150.3.3.1 as a component of openSUSE Leap 15.0 glib2-tools-32bit-2.54.3-lp150.3.3.1 as a component of openSUSE Leap 15.0 libgio-2_0-0-2.54.3-lp150.3.3.1 as a component of openSUSE Leap 15.0 libgio-2_0-0-32bit-2.54.3-lp150.3.3.1 as a component of openSUSE Leap 15.0 libgio-fam-2.54.3-lp150.3.3.1 as a component of openSUSE Leap 15.0 libgio-fam-32bit-2.54.3-lp150.3.3.1 as a component of openSUSE Leap 15.0 libglib-2_0-0-2.54.3-lp150.3.3.1 as a component of openSUSE Leap 15.0 libglib-2_0-0-32bit-2.54.3-lp150.3.3.1 as a component of openSUSE Leap 15.0 libgmodule-2_0-0-2.54.3-lp150.3.3.1 as a component of openSUSE Leap 15.0 libgmodule-2_0-0-32bit-2.54.3-lp150.3.3.1 as a component of openSUSE Leap 15.0 libgobject-2_0-0-2.54.3-lp150.3.3.1 as a component of openSUSE Leap 15.0 libgobject-2_0-0-32bit-2.54.3-lp150.3.3.1 as a component of openSUSE Leap 15.0 libgthread-2_0-0-2.54.3-lp150.3.3.1 as a component of openSUSE Leap 15.0 libgthread-2_0-0-32bit-2.54.3-lp150.3.3.1 as a component of openSUSE Leap 15.0 In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmarkup.c has a NULL pointer dereference. CVE-2018-16428 openSUSE Leap 15.0:gio-branding-upstream-2.54.3-lp150.3.3.1 openSUSE Leap 15.0:glib2-2.54.3-lp150.3.3.1 openSUSE Leap 15.0:glib2-devel-2.54.3-lp150.3.3.1 openSUSE Leap 15.0:glib2-devel-32bit-2.54.3-lp150.3.3.1 openSUSE Leap 15.0:glib2-devel-static-2.54.3-lp150.3.3.1 openSUSE Leap 15.0:glib2-lang-2.54.3-lp150.3.3.1 openSUSE Leap 15.0:glib2-tools-2.54.3-lp150.3.3.1 openSUSE Leap 15.0:glib2-tools-32bit-2.54.3-lp150.3.3.1 openSUSE Leap 15.0:libgio-2_0-0-2.54.3-lp150.3.3.1 openSUSE Leap 15.0:libgio-2_0-0-32bit-2.54.3-lp150.3.3.1 openSUSE Leap 15.0:libgio-fam-2.54.3-lp150.3.3.1 openSUSE Leap 15.0:libgio-fam-32bit-2.54.3-lp150.3.3.1 openSUSE Leap 15.0:libglib-2_0-0-2.54.3-lp150.3.3.1 openSUSE Leap 15.0:libglib-2_0-0-32bit-2.54.3-lp150.3.3.1 openSUSE Leap 15.0:libgmodule-2_0-0-2.54.3-lp150.3.3.1 openSUSE Leap 15.0:libgmodule-2_0-0-32bit-2.54.3-lp150.3.3.1 openSUSE Leap 15.0:libgobject-2_0-0-2.54.3-lp150.3.3.1 openSUSE Leap 15.0:libgobject-2_0-0-32bit-2.54.3-lp150.3.3.1 openSUSE Leap 15.0:libgthread-2_0-0-2.54.3-lp150.3.3.1 openSUSE Leap 15.0:libgthread-2_0-0-32bit-2.54.3-lp150.3.3.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00005.html https://www.suse.com/security/cve/CVE-2018-16428.html CVE-2018-16428 https://bugzilla.suse.com/1107121 SUSE Bug 1107121 GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c, related to utf8_str(). CVE-2018-16429 openSUSE Leap 15.0:gio-branding-upstream-2.54.3-lp150.3.3.1 openSUSE Leap 15.0:glib2-2.54.3-lp150.3.3.1 openSUSE Leap 15.0:glib2-devel-2.54.3-lp150.3.3.1 openSUSE Leap 15.0:glib2-devel-32bit-2.54.3-lp150.3.3.1 openSUSE Leap 15.0:glib2-devel-static-2.54.3-lp150.3.3.1 openSUSE Leap 15.0:glib2-lang-2.54.3-lp150.3.3.1 openSUSE Leap 15.0:glib2-tools-2.54.3-lp150.3.3.1 openSUSE Leap 15.0:glib2-tools-32bit-2.54.3-lp150.3.3.1 openSUSE Leap 15.0:libgio-2_0-0-2.54.3-lp150.3.3.1 openSUSE Leap 15.0:libgio-2_0-0-32bit-2.54.3-lp150.3.3.1 openSUSE Leap 15.0:libgio-fam-2.54.3-lp150.3.3.1 openSUSE Leap 15.0:libgio-fam-32bit-2.54.3-lp150.3.3.1 openSUSE Leap 15.0:libglib-2_0-0-2.54.3-lp150.3.3.1 openSUSE Leap 15.0:libglib-2_0-0-32bit-2.54.3-lp150.3.3.1 openSUSE Leap 15.0:libgmodule-2_0-0-2.54.3-lp150.3.3.1 openSUSE Leap 15.0:libgmodule-2_0-0-32bit-2.54.3-lp150.3.3.1 openSUSE Leap 15.0:libgobject-2_0-0-2.54.3-lp150.3.3.1 openSUSE Leap 15.0:libgobject-2_0-0-32bit-2.54.3-lp150.3.3.1 openSUSE Leap 15.0:libgthread-2_0-0-2.54.3-lp150.3.3.1 openSUSE Leap 15.0:libgthread-2_0-0-32bit-2.54.3-lp150.3.3.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00005.html https://www.suse.com/security/cve/CVE-2018-16429.html CVE-2018-16429 https://bugzilla.suse.com/1107116 SUSE Bug 1107116