ALT-PU-2025-10191-3

Package glib2 updated to version 2.84.4-alt1 for branch sisyphus in task 391979.

Уязвимость набора библиотек GLib, связанная с целочисленным переполнением, позволяющая нарушителю вызвать отказ в обслуживании

Severity: LOW (3.7)Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Severity: LOW (2.6)Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P

References:

CVE-2025-6052

Уязвимость набора библиотек GLib, связанная с неверным ограничением имени пути к каталогу, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Severity: LOW (3.7)Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Severity: LOW (2.6)Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N

References:

CVE-2025-7039

A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn’t. As a result, data may be written past the end of the allocated memory, leading to crashes or memory corruption.

Severity: HIGH (7.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.

Severity: LOW (3.7)Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

References:

Version: 2.1.2

Package glib2 update in sisyphus on 2025-08-08

ALT-PU-2025-10191-3

Closed vulnerabilities

BDU:2025-12471

BDU:2026-05134

CVE-2025-6052

CVE-2025-7039