{"id":"MGASA-2021-0318","summary":"Updated glib2.0 packages fix security vulnerabilities","details":"Krzesimir Nowak discovered that GLib incorrectly handled certain large\nbuffers. A remote attacker could use this issue to cause applications linked\nto GLib to crash, resulting in a denial of service, or possibly execute\narbitrary code (CVE-2021-27218).\n\nKevin Backhouse discovered that GLib incorrectly handled certain memory\nallocations. A remote attacker could use this issue to cause applications\nlinked to GLib to crash, resulting in a denial of service, or possibly execute\narbitrary code (CVE-2021-27219).\n\nIt was discovered that GLib incorrectly handled certain symlinks when\nreplacing files. If a user or automated system were tricked into extracting a\nspecially crafted file with File Roller, a remote attacker could possibly\ncreate files outside of the intended directory (CVE-2021-28153).\n","modified":"2026-04-16T04:41:24.076694321Z","published":"2021-07-08T22:43:19Z","upstream":["CVE-2021-27218","CVE-2021-27219","CVE-2021-28153"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2021-0318.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=28520"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-4759-1"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-4764-1"}],"affected":[{"package":{"name":"glib2.0","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/glib2.0?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.60.2-1.5.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0318.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}