[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

glib vulnerable to CVE-2021-28153

From: Léo Le Bouter
Subject: glib vulnerable to CVE-2021-28153
Date: Fri, 12 Mar 2021 01:13:56 +0100
User-agent: Evolution 3.34.2


CVE-2021-28153  11.03.21 23:15
An issue was discovered in GNOME GLib before 2.66.8. When
g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to
replace a path that is a dangling symlink, it incorrectly also creates
the target of the symlink as an empty file, which could conceivably
have security relevance if the symlink is attacker-controlled. (If the
path is a symlink to a file that already exists, then the contents of
that file correctly remain unchanged.)

Another CVE just out,


We need to backport another patch again it seems?

Thank you,

Attachment: signature.asc
Description: This is a digitally signed message part

reply via email to

[Prev in Thread] Current Thread [Next in Thread]