--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2021-c9848cf37f
2021-02-08 01:29:15.825073
--------------------------------------------------------------------------------
Name : glib2
Product : Fedora 33
Version : 2.66.6
Release : 1.fc33
URL :
http://www.gtk.org
Summary : A library of handy utility functions
Description :
GLib is the low-level core library that forms the basis for projects
such as GTK+ and GNOME. It provides data structure handling for C,
portability wrappers, and interfaces for such runtime functionality
as an event loop, threads, dynamic loading, and an object system.
--------------------------------------------------------------------------------
Update Information:
* Fix various instances within GLib where `g_memdup()` was vulnerable to a
silent integer truncation and heap overflow problem (discovered by Kevin
Backhouse, work by Philip Withnall) (#2319) * Fix some issues with handling
over-long (invalid) input when parsing for `GDate` (!1824) * Don���t load GIO
modules or parse other GIO environment variables when `AT_SECURE` is set (i.e.
in a setuid/setgid/setcap process). GIO has always been documented as not
being safe to use in privileged processes, but people persist in using it
unsafely, so these changes should harden things against potential attacks at
least a little. Unfortunately they break a couple of projects which were
relying on reading `DBUS_SESSION_BUS_ADDRESS`, so GIO continues to read that
for setgid/setcap (but not setuid) processes. This loophole will be closed in
GLib 2.70 (see issue #2316), which should give modules 6 months to change
their behaviour. (Work by Simon McVittie and Philip Withnall) (#2168, #2305) *
Fix `g_spawn()` searching `PATH` when it wasn���t meant to (work by Simon
McVittie and Thomas Haller) (!1913)
--------------------------------------------------------------------------------
ChangeLog:
* Thu Feb 4 2021 Kalev Lember <klember(a)redhat.com> - 2.66.6-1
- Update to 2.66.6
* Wed Feb 3 2021 Kalev Lember <klember(a)redhat.com> - 2.66.5-1
- Update to 2.66.5
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2021-c9848cf37f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------