Main Vulnerability Database SB2024052943

SB2024052943 - SUSE update for glib2

Published: May 29, 2024

Security Bulletin ID SB2024052943

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Insufficient verification of data authenticity (CVE-ID: CVE-2024-34397)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to missing authorization for D-Bus signals. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service.

Remediation

Install update from vendor's website.

References

https://www.suse.com/support/update/announcement/2024/suse-su-20241830-1/

Vulnerable Software

SUSE Linux Enterprise Micro: 5.3 - 5.5
openSUSE Leap Micro: 5.3 - 5.4
Basesystem Module: 15-SP5
SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise Real Time 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
SUSE Linux Enterprise Desktop 15: SP5
openSUSE Leap: 15.4 - 15.5
glib2-tools-64bit-debuginfo: before 2.70.5-150400.3.11.1
glib2-devel-64bit: before 2.70.5-150400.3.11.1
libgthread-2_0-0-64bit: before 2.70.5-150400.3.11.1
libgthread-2_0-0-64bit-debuginfo: before 2.70.5-150400.3.11.1
libglib-2_0-0-64bit-debuginfo: before 2.70.5-150400.3.11.1
libgobject-2_0-0-64bit: before 2.70.5-150400.3.11.1
libglib-2_0-0-64bit: before 2.70.5-150400.3.11.1
libgio-2_0-0-64bit: before 2.70.5-150400.3.11.1
libgobject-2_0-0-64bit-debuginfo: before 2.70.5-150400.3.11.1
glib2-devel-64bit-debuginfo: before 2.70.5-150400.3.11.1
libgmodule-2_0-0-64bit-debuginfo: before 2.70.5-150400.3.11.1
libgio-2_0-0-64bit-debuginfo: before 2.70.5-150400.3.11.1
libgmodule-2_0-0-64bit: before 2.70.5-150400.3.11.1
glib2-tools-64bit: before 2.70.5-150400.3.11.1
libgmodule-2_0-0-32bit: before 2.70.5-150400.3.11.1
libgthread-2_0-0-32bit: before 2.70.5-150400.3.11.1
libglib-2_0-0-32bit: before 2.70.5-150400.3.11.1
libgmodule-2_0-0-32bit-debuginfo: before 2.70.5-150400.3.11.1
glib2-tools-32bit-debuginfo: before 2.70.5-150400.3.11.1
libgthread-2_0-0-32bit-debuginfo: before 2.70.5-150400.3.11.1
libgio-2_0-0-32bit: before 2.70.5-150400.3.11.1
glib2-devel-32bit-debuginfo: before 2.70.5-150400.3.11.1
glib2-tools-32bit: before 2.70.5-150400.3.11.1
libgio-2_0-0-32bit-debuginfo: before 2.70.5-150400.3.11.1
libgobject-2_0-0-32bit-debuginfo: before 2.70.5-150400.3.11.1
glib2-devel-32bit: before 2.70.5-150400.3.11.1
libgobject-2_0-0-32bit: before 2.70.5-150400.3.11.1
libglib-2_0-0-32bit-debuginfo: before 2.70.5-150400.3.11.1
glib2-debugsource: before 2.70.5-150400.3.11.1
libgmodule-2_0-0-debuginfo: before 2.70.5-150400.3.11.1
libgio-2_0-0-debuginfo: before 2.70.5-150400.3.11.1
glib2-doc: before 2.70.5-150400.3.11.1
glib2-devel: before 2.70.5-150400.3.11.1
libgobject-2_0-0-debuginfo: before 2.70.5-150400.3.11.1
glib2-devel-static: before 2.70.5-150400.3.11.1
libgthread-2_0-0-debuginfo: before 2.70.5-150400.3.11.1
libgthread-2_0-0: before 2.70.5-150400.3.11.1
glib2-tests-devel-debuginfo: before 2.70.5-150400.3.11.1
glib2-devel-debuginfo: before 2.70.5-150400.3.11.1
libglib-2_0-0-debuginfo: before 2.70.5-150400.3.11.1
libglib-2_0-0: before 2.70.5-150400.3.11.1
glib2-tools: before 2.70.5-150400.3.11.1
glib2-tools-debuginfo: before 2.70.5-150400.3.11.1
glib2-tests-devel: before 2.70.5-150400.3.11.1
libgmodule-2_0-0: before 2.70.5-150400.3.11.1
libgobject-2_0-0: before 2.70.5-150400.3.11.1
libgio-2_0-0: before 2.70.5-150400.3.11.1
gio-branding-upstream: before 2.70.5-150400.3.11.1
glib2-lang: before 2.70.5-150400.3.11.1