it-securitynotifies AT lists.piratenpartei.de
Betreff: Sicherheitsankündigungen
Listenarchiv
- From: Salvatore Bonaccorso <carnil AT debian.org>
- To: debian-security-announce AT lists.debian.org
- Subject: [IT-SecNots] [SECURITY] [DSA 5682-1] glib2.0 security update
- Date: Tue, 07 May 2024 19:53:01 +0000
- List-archive: https://lists.debian.org/msgid-search/E1s4Qs1-002iKS-Gq AT seger.debian.org
- List-id: <debian-security-announce.lists.debian.org>
- List-url: <http://lists.debian.org/debian-security-announce/>
- Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Date:Message-Id:Subject:To:From:Reply-To:Cc:MIME-Version: Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=MfaYXnP9WJDQ10D8l+aAnoJM0Gv81Kz8EuQa9Bgc2Ro=; b=F1 YonZqMW0niZefH5LOtnnv2w/JwxjYpJ7bxxaxlFL1/psskdCUo7tG3PDJ9z6K5JgrHT/zbBwvMek7 Zf6fVLkhEq2y2LWmHhXoqzIluLjR5ttfE2adyB9DT9wDaSFNqrf66j/TvCarcp/45e1TkXUZdL2aJ 26XvlMb43cSh/UbJmX0W/O+g0s6BSb7Nr8wtaFDYRsp1VrZRwRThN9mmCGC126LFiQbaZN2LidFZM 0hy87OqFwkMCr8TgLe2PMJNyRQhCvECQeS8AlJcJYZe2v+huMzvnrLPEswh8CNvS5ZB5TF0J0f74C XkRVvmwN7ZS3i4YpX+W2WaMFWU3ay5zQ==;
- Old-return-path: <carnil AT seger.debian.org>
- Priority: urgent
- Resent-date: Tue, 7 May 2024 19:53:30 +0000 (UTC)
- Resent-from: debian-security-announce AT lists.debian.org
- Resent-message-id: <GASUSfjkzaM.A.H0H.6aoOmB@bendel>
- Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-5682-1 security AT debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
May 07, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : glib2.0
CVE ID : CVE-2024-34397
Alicia Boya Garcia reported that the GDBus signal subscriptions in the
GLib library are prone to a spoofing vulnerability. A local attacker can
take advantage of this flaw to cause a GDBus-based client to behave
incorrectly, with an application-dependent impact.
gnome-shell is updated along with this update to avoid a screencast
regression after fixing CVE-2024-34397.
For the oldstable distribution (bullseye), this problem has been fixed
in version 2.66.8-1+deb11u2.
For the stable distribution (bookworm), this problem has been fixed in
version 2.74.6-2+deb12u1.
We recommend that you upgrade your glib2.0 packages.
For the detailed security status of glib2.0 please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/glib2.0
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmY6hPhfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0SluA//YDiwiCjSmeQFXuFfSBga+BnPqAx5PHWjPbnjOyTefp6TH0xXiw0mQ2vF
5c99+cwy1kQkWffYJErX7XyLeoaOHxanXOUzyqhCLBH7iJFWIDiKDntYsd1BELDo
2H+9zOISltTowkcx9H0tq3HKM18SFHc/iiImc28wX6PdkosqGHGtTFF/qPOEDqi1
oqObyJV+F0RjGSiTE3qzF6zxmJHrn8oCvQ53L3VbspL+eohfCurkRMjLeg897Opo
A67Eh82ZhUouKIBNRNZ6UGVsJ55vKWsYdyvC2zi4e9dbUSumijcPr2kci4C3Rb1M
e63SYSL3xWA42z7LbtOdJZh0l7HcHZHDSw4UKhPw6jrCl+4ck5fQN9ezuGU5Rg8d
5oUjuDRIvH6G1vGELd6+P90hj/c+z23g3N41J05YWsLr1imoYuc/zHAHFlpt7NzI
dJRczbKl0SUcxQGnevDmgj5LNmqTQvH/Q9t+d8jy6E8n1OP2IweMn+Tiit4abEGN
9bKAc09/qUhKwGrnHFfi7S9lPF9rpQun+voVylacrQsf2ijs2sgWX0kyH81Govxv
s/QbTNUJUkXrQmAIahFQPzqEokdZd4phP1w25urjEx1ji7RklR9KtF6bBu6V1mhz
fZ1Md3uhUt+8Vktbqwzfj18lvEXYg808ClX7ZA+x5cgTOJJKf8o=
=uIf7
-----END PGP SIGNATURE-----
- [IT-SecNots] [SECURITY] [DSA 5682-1] glib2.0 security update, Salvatore Bonaccorso, 07.05.2024
Archiv bereitgestellt durch MHonArc 2.6.19+.