ELA-140-1 glib2.0 security update

insecure permissions

2019-07-05
Packageglib2.0
Version2.33.12+really2.32.4-5+deb7u2
Related CVEs CVE-2018-16428 CVE-2018-16429 CVE-2019-13012


Several flaws were corrected in glib2.0, a general-purpose C library.

CVE-2018-16428

A NULL pointer dereference may lead to a denial-of-service (application
crash) when parsing a document.

CVE-2018-16429

While parsing an invalid string an out-of-bounds read may occur which can
lead to an access violation error or may have other unspecified impact.

CVE-2019-13012

The keyfile settings backend in GNOME GLib creates directories and files
with insecure permissions. This is similar to CVE-2019-12450.


For Debian 7 Wheezy, these problems have been fixed in version 2.33.12+really2.32.4-5+deb7u2.

We recommend that you upgrade your glib2.0 packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.