-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2021-c9848cf37f 2021-02-08 01:29:15.825073 -------------------------------------------------------------------------------- Name : glib2 Product : Fedora 33 Version : 2.66.6 Release : 1.fc33 URL : http://www.gtk.org Summary : A library of handy utility functions Description : GLib is the low-level core library that forms the basis for projects such as GTK+ and GNOME. It provides data structure handling for C, portability wrappers, and interfaces for such runtime functionality as an event loop, threads, dynamic loading, and an object system. -------------------------------------------------------------------------------- Update Information: * Fix various instances within GLib where `g_memdup()` was vulnerable to a silent integer truncation and heap overflow problem (discovered by Kevin Backhouse, work by Philip Withnall) (#2319) * Fix some issues with handling over-long (invalid) input when parsing for `GDate` (!1824) * Don���t load GIO modules or parse other GIO environment variables when `AT_SECURE` is set (i.e. in a setuid/setgid/setcap process). GIO has always been documented as not being safe to use in privileged processes, but people persist in using it unsafely, so these changes should harden things against potential attacks at least a little. Unfortunately they break a couple of projects which were relying on reading `DBUS_SESSION_BUS_ADDRESS`, so GIO continues to read that for setgid/setcap (but not setuid) processes. This loophole will be closed in GLib 2.70 (see issue #2316), which should give modules 6 months to change their behaviour. (Work by Simon McVittie and Philip Withnall) (#2168, #2305) * Fix `g_spawn()` searching `PATH` when it wasn���t meant to (work by Simon McVittie and Thomas Haller) (!1913) -------------------------------------------------------------------------------- ChangeLog: * Thu Feb 4 2021 Kalev Lember <klember(a)redhat.com&gt; - 2.66.6-1 - Update to 2.66.6 * Wed Feb 3 2021 Kalev Lember <klember(a)redhat.com&gt; - 2.66.5-1 - Update to 2.66.5 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-c9848cf37f' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------