Hello everyone,
Today, a critical 0day security vulnerability was discovered in glib2.
This vulnerability has to do with the g_bytes_new and g_memdup
functions, which are very commonly used in applications that use GLib.
The vulnerability is an integer-overflow in the g_bytes_new function.
More information on this vulnerability can be found here:
https://gitlab.gnome.org/GNOME/glib/-/issues/2319
https://mail.gnome.org/archives/desktop-devel-list/2021-February/msg00000.html
As the maintainer mentions, this security vulnerability should be taken
as a "matter of urgency, since this is a zero-day". In addition, every
application that uses these functions from GLib is vulnerable. New
versions of various packages will probably be released over the next few
days to fix the issue from their side, but you should update to
GLib-2.66.6 as soon as possible in order to be protected from this
security vulnerability.
It should be safe to upgrade from 2.62.x and later to 2.66.6. The fixed
version, glib2-2.66.6, has been committed to SVN, and should be in the
book at the next render.
In addition to the update to glib2, an update to JasPer was performed
today that fixed 25 security vulnerabilities. It's suggested that you
update your system to JasPer-2.0.24 as soon as possible too, if you have
JasPer installed. The new version of JasPer will be in the next render
as well.
Thank you,
- Doug
--
http://lists.linuxfromscratch.org/listinfo/blfs-dev
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page