ALT-PU-2021-1517-1
Closed vulnerabilities
Published: 2021-03-11
BDU:2022-00320
Уязвимость функции g_file_replace() библиотеки Glib, связанная с возможностью работы под учетной записью операционной системы без полномочий root, позволяющая нарушителю оказать воздействие на целостность данных
Severity: MEDIUM (5.3)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
References:
Published: 2021-03-12
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2021-28153
An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is attacker-controlled. (If the path is a symlink to a file that already exists, then the contents of that file correctly remain unchanged.)
Severity: MEDIUM (5.3)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
References:
- https://gitlab.gnome.org/GNOME/glib/-/issues/2325
- https://gitlab.gnome.org/GNOME/glib/-/issues/2325
- [debian-lts-announce] 20220606 [SECURITY] [DLA 3044-1] glib2.0 security update
- [debian-lts-announce] 20220606 [SECURITY] [DLA 3044-1] glib2.0 security update
- FEDORA-2021-a1f51fc418
- FEDORA-2021-a1f51fc418
- FEDORA-2021-5c81cb03d0
- FEDORA-2021-5c81cb03d0
- GLSA-202107-13
- GLSA-202107-13
- https://security.netapp.com/advisory/ntap-20210416-0003/
- https://security.netapp.com/advisory/ntap-20210416-0003/