Security update for glib2

Announcement ID:	SUSE-SU-2024:1950-1
Rating:	moderate
References:	bsc#1224044
Cross-References:	CVE-2024-34397
CVSS scores:	CVE-2024-34397 ( SUSE ): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
Affected Products:	Basesystem Module 15-SP6 openSUSE Leap 15.6 SUSE Linux Enterprise Desktop 15 SP6 SUSE Linux Enterprise Real Time 15 SP6 SUSE Linux Enterprise Server 15 SP6 SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves one vulnerability can now be installed.

Description:

This update for glib2 fixes the following issues:

Update to version 2.78.6:

Fix a regression with IBus caused by the fix for CVE-2024-34397

Changes in version 2.78.5:

Fix CVE-2024-34397: GDBus signal subscriptions for well-known names are vulnerable to unicast spoofing. (bsc#1224044)
Bugs fixed:
gvfs-udisks2-volume-monitor SIGSEGV in g_content_type_guess_for_tree() due to filename with bad encoding
gcontenttype: Make filename valid utf-8 string before processing.
gdbusconnection: Don't deliver signals if the sender doesn't match.

Changes in version 2.78.4:

Bugs fixed:
Fix generated RST anchors for methods, signals and properties.
docs/reference: depend on a native gtk-doc.
gobject_gdb.py: Do not break bt on optimized build.
gregex: clean up usage of _GRegex.jit_status.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

openSUSE Leap 15.6
zypper in -t patch SUSE-2024-1950=1 openSUSE-SLE-15.6-2024-1950=1
Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-1950=1

Package List:

openSUSE Leap 15.6 (noarch)
- gio-branding-upstream-2.78.6-150600.4.3.1
- gio-branding-SLE-15-150600.35.2.1
- glib2-lang-2.78.6-150600.4.3.1
openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
- glib2-devel-debuginfo-2.78.6-150600.4.3.1
- glib2-tools-2.78.6-150600.4.3.1
- libgobject-2_0-0-debuginfo-2.78.6-150600.4.3.1
- libgthread-2_0-0-debuginfo-2.78.6-150600.4.3.1
- libgio-2_0-0-2.78.6-150600.4.3.1
- libgmodule-2_0-0-2.78.6-150600.4.3.1
- libglib-2_0-0-debuginfo-2.78.6-150600.4.3.1
- libgobject-2_0-0-2.78.6-150600.4.3.1
- glib2-tests-devel-debuginfo-2.78.6-150600.4.3.1
- glib2-devel-2.78.6-150600.4.3.1
- libglib-2_0-0-2.78.6-150600.4.3.1
- libgthread-2_0-0-2.78.6-150600.4.3.1
- glib2-tests-devel-2.78.6-150600.4.3.1
- glib2-debugsource-2.78.6-150600.4.3.1
- libgio-2_0-0-debuginfo-2.78.6-150600.4.3.1
- glib2-tools-debuginfo-2.78.6-150600.4.3.1
- libgmodule-2_0-0-debuginfo-2.78.6-150600.4.3.1
- glib2-devel-static-2.78.6-150600.4.3.1
- glib2-doc-2.78.6-150600.4.3.1
openSUSE Leap 15.6 (x86_64)
- glib2-devel-32bit-2.78.6-150600.4.3.1
- libgio-2_0-0-32bit-2.78.6-150600.4.3.1
- libgthread-2_0-0-32bit-2.78.6-150600.4.3.1
- libgobject-2_0-0-32bit-2.78.6-150600.4.3.1
- libgio-2_0-0-32bit-debuginfo-2.78.6-150600.4.3.1
- libgobject-2_0-0-32bit-debuginfo-2.78.6-150600.4.3.1
- glib2-devel-32bit-debuginfo-2.78.6-150600.4.3.1
- glib2-tools-32bit-2.78.6-150600.4.3.1
- glib2-tools-32bit-debuginfo-2.78.6-150600.4.3.1
- libgmodule-2_0-0-32bit-2.78.6-150600.4.3.1
- libglib-2_0-0-32bit-2.78.6-150600.4.3.1
- libgthread-2_0-0-32bit-debuginfo-2.78.6-150600.4.3.1
- libglib-2_0-0-32bit-debuginfo-2.78.6-150600.4.3.1
- libgmodule-2_0-0-32bit-debuginfo-2.78.6-150600.4.3.1
openSUSE Leap 15.6 (aarch64_ilp32)
- glib2-devel-64bit-2.78.6-150600.4.3.1
- libgmodule-2_0-0-64bit-debuginfo-2.78.6-150600.4.3.1
- libglib-2_0-0-64bit-2.78.6-150600.4.3.1
- glib2-devel-64bit-debuginfo-2.78.6-150600.4.3.1
- libgio-2_0-0-64bit-2.78.6-150600.4.3.1
- libgthread-2_0-0-64bit-debuginfo-2.78.6-150600.4.3.1
- libglib-2_0-0-64bit-debuginfo-2.78.6-150600.4.3.1
- libgio-2_0-0-64bit-debuginfo-2.78.6-150600.4.3.1
- libgthread-2_0-0-64bit-2.78.6-150600.4.3.1
- glib2-tools-64bit-debuginfo-2.78.6-150600.4.3.1
- libgobject-2_0-0-64bit-2.78.6-150600.4.3.1
- libgobject-2_0-0-64bit-debuginfo-2.78.6-150600.4.3.1
- glib2-tools-64bit-2.78.6-150600.4.3.1
- libgmodule-2_0-0-64bit-2.78.6-150600.4.3.1
Basesystem Module 15-SP6 (noarch)
- gio-branding-SLE-15-150600.35.2.1
- glib2-lang-2.78.6-150600.4.3.1
Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
- glib2-devel-debuginfo-2.78.6-150600.4.3.1
- glib2-tools-2.78.6-150600.4.3.1
- libgobject-2_0-0-debuginfo-2.78.6-150600.4.3.1
- libgthread-2_0-0-debuginfo-2.78.6-150600.4.3.1
- libgio-2_0-0-2.78.6-150600.4.3.1
- libgmodule-2_0-0-2.78.6-150600.4.3.1
- libglib-2_0-0-debuginfo-2.78.6-150600.4.3.1
- libgobject-2_0-0-2.78.6-150600.4.3.1
- libglib-2_0-0-2.78.6-150600.4.3.1
- glib2-devel-2.78.6-150600.4.3.1
- libgthread-2_0-0-2.78.6-150600.4.3.1
- glib2-debugsource-2.78.6-150600.4.3.1
- libgio-2_0-0-debuginfo-2.78.6-150600.4.3.1
- glib2-tools-debuginfo-2.78.6-150600.4.3.1
- libgmodule-2_0-0-debuginfo-2.78.6-150600.4.3.1
Basesystem Module 15-SP6 (x86_64)
- libgio-2_0-0-32bit-2.78.6-150600.4.3.1
- libgobject-2_0-0-32bit-2.78.6-150600.4.3.1
- libgio-2_0-0-32bit-debuginfo-2.78.6-150600.4.3.1
- libgobject-2_0-0-32bit-debuginfo-2.78.6-150600.4.3.1
- libgmodule-2_0-0-32bit-2.78.6-150600.4.3.1
- libglib-2_0-0-32bit-2.78.6-150600.4.3.1
- libglib-2_0-0-32bit-debuginfo-2.78.6-150600.4.3.1
- libgmodule-2_0-0-32bit-debuginfo-2.78.6-150600.4.3.1

Security update for glib2

Description:

Patch Instructions:

Package List:

References: