Fedora Linux 8783 Published by

A mingw-glib2 security update has been released for Fedora 38.



[SECURITY] Fedora 38 Update: mingw-glib2-2.74.7-1.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2023-9e5a29a25d
2023-06-16 02:20:54.533002
--------------------------------------------------------------------------------

Name : mingw-glib2
Product : Fedora 38
Version : 2.74.7
Release : 1.fc38
URL : http://www.gtk.org
Summary : MinGW Windows GLib2 library
Description :
MinGW Windows Glib2 library.

--------------------------------------------------------------------------------
Update Information:

Update to glib2-2.74.7.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jun 6 2023 Sandro Mani [manisandro@gmail.com] - 2.74.7-1
- Update to 2.74.7
* Thu Mar 23 2023 Sandro Mani [manisandro@gmail.com] - 2.76.1-1
- Update to 2.76.1
* Sun Mar 19 2023 Sandro Mani [manisandro@gmail.com] - 2.76.0-1
- Update to 2.76.0
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2212693 - CVE-2023-32665 mingw-glib2: glib: GVariant deserialisation does not match spec for non-normal data [fedora-37]
https://bugzilla.redhat.com/show_bug.cgi?id=2212693
[ 2 ] Bug #2212697 - CVE-2023-32665 mingw-glib2: glib: GVariant deserialisation does not match spec for non-normal data [fedora-38]
https://bugzilla.redhat.com/show_bug.cgi?id=2212697
[ 3 ] Bug #2212701 - CVE-2023-29499 mingw-glib2: glib: GVariant offset table entry size is not checked in is_normal() [fedora-37]
https://bugzilla.redhat.com/show_bug.cgi?id=2212701
[ 4 ] Bug #2212707 - CVE-2023-29499 mingw-glib2: glib: GVariant offset table entry size is not checked in is_normal() [fedora-38]
https://bugzilla.redhat.com/show_bug.cgi?id=2212707
[ 5 ] Bug #2212710 - CVE-2023-32611 mingw-glib2: glib: g_variant_byteswap() can take a long time with some non-normal inputs [fedora-37]
https://bugzilla.redhat.com/show_bug.cgi?id=2212710
[ 6 ] Bug #2212712 - CVE-2023-32611 mingw-glib2: glib: g_variant_byteswap() can take a long time with some non-normal inputs [fedora-38]
https://bugzilla.redhat.com/show_bug.cgi?id=2212712
[ 7 ] Bug #2212718 - CVE-2023-32643 mingw-glib2: glib: fuzz_variant_binary_byteswap: Heap-buffer-overflow in g_variant_serialised_get_child [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2212718
[ 8 ] Bug #2212723 - CVE-2023-32636 mingw-glib2: glib: fuzz_variant_text: Timeout in fuzz_variant_text [fedora-37]
https://bugzilla.redhat.com/show_bug.cgi?id=2212723
[ 9 ] Bug #2212728 - CVE-2023-32636 mingw-glib2: glib: fuzz_variant_text: Timeout in fuzz_variant_text [fedora-38]
https://bugzilla.redhat.com/show_bug.cgi?id=2212728
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-9e5a29a25d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------