USN-6768-1: GLib vulnerability
Severity
medium
Vendor
VMware Tanzu
Versions Affected
- Canonical Ubuntu 22.04
- Cflinuxfs4
Description
Alicia Boya García discovered that GLib incorrectly handled signal subscriptions. A local attacker could use this issue to spoof D-Bus signals resulting in a variety of impacts including possible privilege escalation. Update Instructions: Run `sudo pro fix USN-6768-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libglib2.0-0 - 2.64.6-1~ubuntu20.04.7 libglib2.0-bin - 2.64.6-1~ubuntu20.04.7 libglib2.0-data - 2.64.6-1~ubuntu20.04.7 libglib2.0-dev - 2.64.6-1~ubuntu20.04.7 libglib2.0-dev-bin - 2.64.6-1~ubuntu20.04.7 libglib2.0-doc - 2.64.6-1~ubuntu20.04.7 libglib2.0-tests - 2.64.6-1~ubuntu20.04.7 No subscription required.
Fixed VMware Products and Versions
- Cfinuxfs4
- 1.97.0 or greater
- Jammy Stemcells
- 1.445 or greater
- Operation Manager
- 3.0.28+LTS-T or greater
- Operations Manager Image
- 3.0.28+LTS-T or greater
References
https://ubuntu.com/security/notices/USN-6768-1
https://www.cloudfoundry.org/blog/usn-6768-1
https://cve.mitre.org/cgi-bin/cvename.cgi?name=usn-6768-1
History
2024-05-09: Initial vulnerability report published.