ALT-PU-2021-1517-1

Package update glib2 in branch sisyphus

Version2.66.8-alt1

Published2021-03-19

Max severityMEDIUM

Severity:

Closed issues (2)

MEDIUM5.3

Уязвимость функции g_file_replace() библиотеки Glib, связанная с возможностью работы под учетной записью операционной системы без полномочий root, позволяющая нарушителю оказать воздействие на целостность данных

Published: 2022-01-20Modified: 2023-11-13

CVSS 3.xMEDIUM 5.3

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CVSS 2.0MEDIUM 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:P/A:N

References

CVE-2021-28153

MEDIUM5.3

An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is attacker-controlled. (If the path is a symlink to a file that already exists, then the contents of that file correctly remain unchanged.)

Published: 2021-03-11Modified: 2024-11-21

CVSS 2.0MEDIUM 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS 3.xMEDIUM 5.3

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References