Bugzilla – Bug 1209714
VUL-0: CVE-2023-24593: glib2: DoS caused by handling a malicious text-form variant
Last modified: 2024-06-26 21:00:28 UTC
A vulnerability was found in GLib2.0, where DoS caused by handling a malicious text-form variant which is structured to cause looping superlinear to its text size. Applications are at risk if they parse untrusted text-form variants. References: https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-24593 https://bugzilla.redhat.com/show_bug.cgi?id=2181183
Alynx, I think this can be included in the bulk fixing of bsc#1209713.
Tracking as affected: - SUSE:SLE-15:Update/glib2 - SUSE:SLE-12-SP2:Update/glib2 - SUSE:SLE-15-SP2:Update/glib2 - SUSE:SLE-15-SP4:Update/glib2 SUSE:SLE-15:Update/glib2 update is not required, since it's LTSS-only and CVSS score is < 7. Not sure about SUSE:SLE-11-SP1:Update/glib2, could you have a look?
(In reply to Yifan Jiang from comment #1) > Alynx, I think this can be included in the bulk fixing of bsc#1209713. OK, let me handle this
SRs are accepted now.
SUSE-SU-2023:1910-1: An update that solves two vulnerabilities can now be installed. Category: security (moderate) Bug References: 1209713, 1209714 CVE References: CVE-2023-24593, CVE-2023-25180 Sources used: SUSE Linux Enterprise Software Development Kit 12 SP5 (src): glib2-2.48.2-12.31.1 SUSE Linux Enterprise High Performance Computing 12 SP5 (src): glib2-2.48.2-12.31.1 SUSE Linux Enterprise Server 12 SP5 (src): glib2-2.48.2-12.31.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): glib2-2.48.2-12.31.1 SUSE Linux Enterprise Workstation Extension 12 12-SP5 (src): glib2-2.48.2-12.31.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:2060-1: An update that solves two vulnerabilities and has one fix can now be installed. Category: security (moderate) Bug References: 1209713, 1209714, 1210135 CVE References: CVE-2023-24593, CVE-2023-25180 Sources used: openSUSE Leap Micro 5.3 (src): glib2-2.70.5-150400.3.8.1 openSUSE Leap 15.4 (src): glib2-2.70.5-150400.3.8.1 SUSE Linux Enterprise Micro for Rancher 5.3 (src): glib2-2.70.5-150400.3.8.1 SUSE Linux Enterprise Micro 5.3 (src): glib2-2.70.5-150400.3.8.1 SUSE Linux Enterprise Micro for Rancher 5.4 (src): glib2-2.70.5-150400.3.8.1 SUSE Linux Enterprise Micro 5.4 (src): glib2-2.70.5-150400.3.8.1 Basesystem Module 15-SP4 (src): glib2-2.70.5-150400.3.8.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:2076-1: An update that solves two vulnerabilities and has one fix can now be installed. Category: security (moderate) Bug References: 1209713, 1209714, 1210135 CVE References: CVE-2023-24593, CVE-2023-25180 Sources used: openSUSE Leap 15.4 (src): glib2-2.62.6-150200.3.15.1 SUSE Linux Enterprise Real Time 15 SP3 (src): glib2-2.62.6-150200.3.15.1 SUSE Linux Enterprise Micro 5.1 (src): glib2-2.62.6-150200.3.15.1 SUSE Linux Enterprise Micro 5.2 (src): glib2-2.62.6-150200.3.15.1 SUSE Linux Enterprise Micro for Rancher 5.2 (src): glib2-2.62.6-150200.3.15.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.