Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

GLib: Privilege Escalation — GLSA 202406-01

A vulnerability has been discovered in GLib, which can lead to privilege escalation.

Affected packages

Package dev-libs/glib on all architectures
Affected versions < 2.78.6
Unaffected versions >= 2.78.6

Background

GLib is a library providing a number of GNOME's core objects and functions.

Description

A vulnerability has been discovered in GLib. Please review the CVE identifier referenced below for details.

Impact

When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager or logind on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact.

Workaround

There is no known workaround at this time.

Resolution

All GLib users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-libs/glib-2.78.6"

References

Release date
June 22, 2024

Latest revision
June 22, 2024: 1

Severity
high

Exploitable
local

Bugzilla entries