A glib2.0 security update has been released for Debian GNU/Linux 8 and 9 Extended LTS to address an issue where GLib could be used to print partial contents from arbitrary files.
ELA-679-1 glib2.0 security update
Package glib2.0
ELA-679-1 glib2.0 security update
Version 2.42.1-1+deb8u5 (jessie), 2.50.3-2+deb9u4 (stretch)
Related CVEs CVE-2021-3800
It was found that GLib, a general-purpose portable utility library, could be used to print partial contents from arbitrary files. This could be exploited from setuid binaries linking to GLib for information disclosure of files with a specific format.
For Debian 8 jessie, these problems have been fixed in version 2.42.1-1+deb8u5.
For Debian 9 stretch, these problems have been fixed in version 2.50.3-2+deb9u4.
We recommend that you upgrade your glib2.0 packages.
Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/
