ELA-140-1 glib2.0 security update

insecure permissions

Related CVEs CVE-2018-16428 CVE-2018-16429 CVE-2019-13012

Several flaws were corrected in glib2.0, a general-purpose C library.


A NULL pointer dereference may lead to a denial-of-service (application
crash) when parsing a document.


While parsing an invalid string an out-of-bounds read may occur which can
lead to an access violation error or may have other unspecified impact.


The keyfile settings backend in GNOME GLib creates directories and files
with insecure permissions. This is similar to CVE-2019-12450.

For Debian 7 Wheezy, these problems have been fixed in version 2.33.12+really2.32.4-5+deb7u2.

We recommend that you upgrade your glib2.0 packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.