Issued:
2009-03-24
Updated:
2009-03-24

RHSA-2009:0336 - Security Advisory

Synopsis

Moderate: glib2 security update

Type/Severity

Security Advisory: Moderate

Topic

Updated glib2 packages that fix several security issues are now available
for Red Hat Enterprise Linux 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Description

GLib is the low-level core library that forms the basis for projects such
as GTK+ and GNOME. It provides data structure handling for C, portability
wrappers, and interfaces for such runtime functionality as an event loop,
threads, dynamic loading, and an object system.

Diego Petteno discovered multiple integer overflows causing heap-based
buffer overflows in GLib's Base64 encoding and decoding functions. An
attacker could use these flaws to crash an application using GLib's Base64
functions to encode or decode large, untrusted inputs, or, possibly,
execute arbitrary code as the user running the application. (CVE-2008-4316)

Note: No application shipped with Red Hat Enterprise Linux 5 uses the
affected functions. Third-party applications may, however, be affected.

All users of glib2 should upgrade to these updated packages, which contain
backported patches to resolve these issues.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Affected Products

  • Red Hat Enterprise Linux Server 5 x86_64
  • Red Hat Enterprise Linux Server 5 ia64
  • Red Hat Enterprise Linux Server 5 i386
  • Red Hat Enterprise Linux Server - Extended Update Support 5.3 x86_64
  • Red Hat Enterprise Linux Server - Extended Update Support 5.3 ia64
  • Red Hat Enterprise Linux Server - Extended Update Support 5.3 i386
  • Red Hat Enterprise Linux Workstation 5 x86_64
  • Red Hat Enterprise Linux Workstation 5 i386
  • Red Hat Enterprise Linux Desktop 5 i386
  • Red Hat Enterprise Linux for IBM z Systems 5 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.3 s390x
  • Red Hat Enterprise Linux for Power, big endian 5 ppc
  • Red Hat Enterprise Linux Server from RHUI 5 x86_64
  • Red Hat Enterprise Linux Server from RHUI 5 i386
  • Red Hat Enterprise Linux Server - AUS 5.3 x86_64
  • Red Hat Enterprise Linux Server - AUS 5.3 ia64
  • Red Hat Enterprise Linux Server - AUS 5.3 i386
  • Red Hat Enterprise Linux Desktop 5 x86_64
  • Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.3 ppc

Fixes

  • BZ - 474770 - CVE-2008-4316 glib2: integer overflows in the base64 handling functions (oCERT-2008-015)

CVEs

References

Red Hat Enterprise Linux Server 5

SRPM
glib2-2.12.3-4.el5_3.1.src.rpm SHA-256: f020fa43cb77915473ba242a4d7f50b7877dedcd83e20961315ddf434d334754
x86_64
glib2-2.12.3-4.el5_3.1.i386.rpm SHA-256: 8057aa742522d025bf3ba444694103e59645ffc6087088120c4e3f9e552b30bf
glib2-2.12.3-4.el5_3.1.x86_64.rpm SHA-256: c92ea745eee7386d7d5c722dec1971b116e2b97f8fe1e2ee227c41ffb3e9e1e0
glib2-devel-2.12.3-4.el5_3.1.i386.rpm SHA-256: 12b469c079c1924a7c9a877e437c209d3bb90eb4906eace483adb948399bbc25
glib2-devel-2.12.3-4.el5_3.1.x86_64.rpm SHA-256: 0f7068f113f43e636b3b319cdc9978b2f42888941d0f7efc34f51bcdc865166e
ia64
glib2-2.12.3-4.el5_3.1.i386.rpm SHA-256: 8057aa742522d025bf3ba444694103e59645ffc6087088120c4e3f9e552b30bf
glib2-2.12.3-4.el5_3.1.ia64.rpm SHA-256: d91b8ce6f734d817a595d2e8fe45542910d841d6e6cfa32ee07c63836437d472
glib2-devel-2.12.3-4.el5_3.1.ia64.rpm SHA-256: 526e2e8325174a0abc5a4be81c6b872276bd2ea78019c9574b3c3833b5f41838
i386
glib2-2.12.3-4.el5_3.1.i386.rpm SHA-256: 8057aa742522d025bf3ba444694103e59645ffc6087088120c4e3f9e552b30bf
glib2-devel-2.12.3-4.el5_3.1.i386.rpm SHA-256: 12b469c079c1924a7c9a877e437c209d3bb90eb4906eace483adb948399bbc25

Red Hat Enterprise Linux Workstation 5

SRPM
glib2-2.12.3-4.el5_3.1.src.rpm SHA-256: f020fa43cb77915473ba242a4d7f50b7877dedcd83e20961315ddf434d334754
x86_64
glib2-2.12.3-4.el5_3.1.i386.rpm SHA-256: 8057aa742522d025bf3ba444694103e59645ffc6087088120c4e3f9e552b30bf
glib2-2.12.3-4.el5_3.1.x86_64.rpm SHA-256: c92ea745eee7386d7d5c722dec1971b116e2b97f8fe1e2ee227c41ffb3e9e1e0
glib2-devel-2.12.3-4.el5_3.1.i386.rpm SHA-256: 12b469c079c1924a7c9a877e437c209d3bb90eb4906eace483adb948399bbc25
glib2-devel-2.12.3-4.el5_3.1.x86_64.rpm SHA-256: 0f7068f113f43e636b3b319cdc9978b2f42888941d0f7efc34f51bcdc865166e
i386
glib2-2.12.3-4.el5_3.1.i386.rpm SHA-256: 8057aa742522d025bf3ba444694103e59645ffc6087088120c4e3f9e552b30bf
glib2-devel-2.12.3-4.el5_3.1.i386.rpm SHA-256: 12b469c079c1924a7c9a877e437c209d3bb90eb4906eace483adb948399bbc25

Red Hat Enterprise Linux Desktop 5

SRPM
glib2-2.12.3-4.el5_3.1.src.rpm SHA-256: f020fa43cb77915473ba242a4d7f50b7877dedcd83e20961315ddf434d334754
x86_64
glib2-2.12.3-4.el5_3.1.i386.rpm SHA-256: 8057aa742522d025bf3ba444694103e59645ffc6087088120c4e3f9e552b30bf
glib2-2.12.3-4.el5_3.1.x86_64.rpm SHA-256: c92ea745eee7386d7d5c722dec1971b116e2b97f8fe1e2ee227c41ffb3e9e1e0
i386
glib2-2.12.3-4.el5_3.1.i386.rpm SHA-256: 8057aa742522d025bf3ba444694103e59645ffc6087088120c4e3f9e552b30bf

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
glib2-2.12.3-4.el5_3.1.src.rpm SHA-256: f020fa43cb77915473ba242a4d7f50b7877dedcd83e20961315ddf434d334754
s390x
glib2-2.12.3-4.el5_3.1.s390.rpm SHA-256: 4c07824384882b5de60bb2ba14b321e690b2e09f6c24ec78fc8dbe34164e2cbd
glib2-2.12.3-4.el5_3.1.s390x.rpm SHA-256: f6548de2333368161acdbde0857112f250547dc3e82d35fd78a5e96fc45da816
glib2-devel-2.12.3-4.el5_3.1.s390.rpm SHA-256: 689361e05e9935b419b0b329bf8e89ec8b2c953c5bc542c3d0c9690de85626a9
glib2-devel-2.12.3-4.el5_3.1.s390x.rpm SHA-256: 2ae64806fe77bfdd4a4267a756cdf0dbd6af11e4ab7810909b869a78ae722f67

Red Hat Enterprise Linux for Power, big endian 5

SRPM
glib2-2.12.3-4.el5_3.1.src.rpm SHA-256: f020fa43cb77915473ba242a4d7f50b7877dedcd83e20961315ddf434d334754
ppc
glib2-2.12.3-4.el5_3.1.ppc.rpm SHA-256: e2854be71cc074956ca8e835e9891e2b334ec22d0b54f7b58f6ac3cbc265f703
glib2-2.12.3-4.el5_3.1.ppc64.rpm SHA-256: 35e618accae90ac1ae1da818792b21fbde08670a1069ae9226193eb6b986acfe
glib2-devel-2.12.3-4.el5_3.1.ppc.rpm SHA-256: d1d7d310b94c0c1c733f1013c203ff8b5ac6f3f1a5a9156decbc37fdb9dbe9eb
glib2-devel-2.12.3-4.el5_3.1.ppc64.rpm SHA-256: 0710744243745c31cf87aa05340032534f5b20e37ebe735454ba82cce8fe7c44

Red Hat Enterprise Linux Server from RHUI 5

SRPM
glib2-2.12.3-4.el5_3.1.src.rpm SHA-256: f020fa43cb77915473ba242a4d7f50b7877dedcd83e20961315ddf434d334754
x86_64
glib2-2.12.3-4.el5_3.1.i386.rpm SHA-256: 8057aa742522d025bf3ba444694103e59645ffc6087088120c4e3f9e552b30bf
glib2-2.12.3-4.el5_3.1.x86_64.rpm SHA-256: c92ea745eee7386d7d5c722dec1971b116e2b97f8fe1e2ee227c41ffb3e9e1e0
glib2-devel-2.12.3-4.el5_3.1.i386.rpm SHA-256: 12b469c079c1924a7c9a877e437c209d3bb90eb4906eace483adb948399bbc25
glib2-devel-2.12.3-4.el5_3.1.x86_64.rpm SHA-256: 0f7068f113f43e636b3b319cdc9978b2f42888941d0f7efc34f51bcdc865166e
i386
glib2-2.12.3-4.el5_3.1.i386.rpm SHA-256: 8057aa742522d025bf3ba444694103e59645ffc6087088120c4e3f9e552b30bf
glib2-devel-2.12.3-4.el5_3.1.i386.rpm SHA-256: 12b469c079c1924a7c9a877e437c209d3bb90eb4906eace483adb948399bbc25

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.