Advisories » MGASA-2024-0311

Updated glib2.0 packages fix security vulnerability

Publication date: 25 Sep 2024
Modification date: 25 Sep 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-34397

Description

An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and
2.80.x before 2.80.1. When a GDBus-based client subscribes to signals
from a trusted system service such as NetworkManager on a shared
computer, other users of the same computer can send spoofed D-Bus
signals that the GDBus-based client will wrongly interpret as having
been sent by the trusted system service. This could lead to the
GDBus-based client behaving incorrectly, with an application-dependent
impact. (CVE-2024-34397)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=33198
• https://www.openwall.com/lists/oss-security/2024/05/07/5
• https://ubuntu.com/security/notices/USN-6768-1
• https://lwn.net/Articles/975988/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34397

SRPMS

9/core

• glib2.0-2.76.3-1.2.mga9