First published: Tue May 07 2024(Updated: )
An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
ubuntu/glib2.0 | <2.64.6-1~ubuntu20.04.7 | 2.64.6-1~ubuntu20.04.7 |
ubuntu/glib2.0 | <2.72.4-0ubuntu2.3 | 2.72.4-0ubuntu2.3 |
ubuntu/glib2.0 | <2.78.0-2ubuntu0.1 | 2.78.0-2ubuntu0.1 |
ubuntu/glib2.0 | <2.80.0-6ubuntu3.1 | 2.80.0-6ubuntu3.1 |
debian/glib2.0 | 2.66.8-1+deb11u4 2.66.8-1+deb11u3 2.74.6-2+deb12u3 2.74.6-2+deb12u2 2.81.1-3 | |
redhat/glib | <2.78.5 | 2.78.5 |
redhat/glib | <2.80.1 | 2.80.1 |
redhat/glib | <2.81.0 | 2.81.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.