All errata/sisyphus/ALT-PU-2020-1480-2
ALT-PU-2020-1480-2

Package update glib2 in branch sisyphus

Version2.64.1-alt1
Task#247780
Published2026-02-04
Max severityMEDIUM
Severity:

Closed issues (3)

BDU:2024-07303
MEDIUM5.5

Уязвимость набора библиотек GLib, связанная с раскрытием информации, позволяющая нарушителю получить доступ к конфиденциальным данным

Published: 2024-09-23Modified: 2026-01-20
CVSS 3.xMEDIUM 5.5
CVSS:3.x/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVSS 2.0MEDIUM 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:N/A:N
References
CVE-2020-6750
MEDIUM5.9

GSocketClient in GNOME GLib through 2.62.4 may occasionally connect directly to a target address instead of connecting via a proxy server when configured to do so, because the proxy_addr field is mishandled. This bug is timing-dependent and may occur only sporadically depending on network delays. The greatest security relevance is in use cases where a proxy is used to help with privacy/anonymity, even though there is no technical barrier to a direct connection. NOTE: versions before 2.60 are unaffected.

Published: 2020-01-09Modified: 2024-11-21
CVSS 2.0MEDIUM 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSS 3.xMEDIUM 5.9
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
References
CVE-2021-3800
MEDIUM5.5

A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privileged users to unprivileged ones under the right condition.

Published: 2022-08-23Modified: 2024-11-21
CVSS 3.xMEDIUM 5.5
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
References