Advisories » MGASA-2018-0405

Updated glib2.0 packages fix security vulnerabilities

Publication date: 19 Oct 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-16428 , CVE-2018-16429

Description

The updated glib2.0 packages fix security vulnerabilities:

In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmarkup.c
has a NULL pointer dereference (CVE-2018-16428).

GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in
g_markup_parse_context_parse() in gmarkup.c, related to utf8_str()
(CVE-2018-16429).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=23665
• https://usn.ubuntu.com/3767-1/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16428
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16429

SRPMS

6/core

• glib2.0-2.54.3-1.2.mga6