ELA-679-1 glib2.0 security update

information disclosure

2022-09-15
Packageglib2.0
Version2.42.1-1+deb8u5 (jessie), 2.50.3-2+deb9u4 (stretch)
Related CVEs CVE-2021-3800

It was found that GLib, a general-purpose portable utility library, could be used to print partial contents from arbitrary files. This could be exploited from setuid binaries linking to GLib for information disclosure of files with a specific format.

For Debian 8 jessie, these problems have been fixed in version 2.42.1-1+deb8u5.

For Debian 9 stretch, these problems have been fixed in version 2.50.3-2+deb9u4.

We recommend that you upgrade your glib2.0 packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/