| Package | glib2.0 |
|---|---|
| Version | 2.42.1-1+deb8u6 (jessie), 2.50.3-2+deb9u5 (stretch) |
| Related CVEs | CVE-2023-29499 CVE-2023-32611 CVE-2023-32665 |
Several security vulnerabilities were found in GLib, a general-purpose utility library, used by projects such as GTK+, GIMP, and GNOME.
CVE-2023-29499
GVariant deserialization fails to validate that the input conforms to the
expected format, leading to denial of service.
CVE-2023-32611
GVariant deserialization is vulnerable to a slowdown issue where a crafted
GVariant can cause excessive processing, leading to denial of service.
CVE-2023-32665
GVariant deserialization is vulnerable to an exponential blowup issue where
a crafted GVariant can cause excessive processing, leading to denial of
service.
For Debian 8 jessie, these problems have been fixed in version 2.42.1-1+deb8u6.
For Debian 9 stretch, these problems have been fixed in version 2.50.3-2+deb9u5.
We recommend that you upgrade your glib2.0 packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.