{"schema_version":"1.7.2","id":"OESA-2024-1789","modified":"2024-07-05T11:08:24Z","published":"2024-07-05T11:08:24Z","upstream":["CVE-2024-34397"],"summary":"glib2 security update","details":"GLib is a bundle of three (formerly five) low-level system libraries written in C and developed mainly by GNOME. GLib\u0026apos;s code was separated from GTK, so it can be used by software other than GNOME and has been developed in parallel ever since.\r\n\r\nSecurity Fix(es):\r\n\r\nAn issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact.(CVE-2024-34397)","affected":[{"package":{"ecosystem":"openEuler:20.03-LTS-SP4","name":"glib2","purl":"pkg:rpm/openEuler/glib2\u0026distro=openEuler-20.03-LTS-SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.66.8-14.oe2003sp4"}]}],"ecosystem_specific":{"aarch64":["glib2-2.66.8-14.oe2003sp4.aarch64.rpm","glib2-debuginfo-2.66.8-14.oe2003sp4.aarch64.rpm","glib2-debugsource-2.66.8-14.oe2003sp4.aarch64.rpm","glib2-devel-2.66.8-14.oe2003sp4.aarch64.rpm"],"noarch":["glib2-help-2.66.8-14.oe2003sp4.noarch.rpm"],"src":["glib2-2.66.8-14.oe2003sp4.src.rpm"],"x86_64":["glib2-2.66.8-14.oe2003sp4.x86_64.rpm","glib2-debuginfo-2.66.8-14.oe2003sp4.x86_64.rpm","glib2-debugsource-2.66.8-14.oe2003sp4.x86_64.rpm","glib2-devel-2.66.8-14.oe2003sp4.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1789"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-34397"}],"database_specific":{"severity":"Low"}}