MGASA-2020-0118
- Source
- https://advisories.mageia.org/MGASA-2020-0118.html
- Import Source
- https://advisories.mageia.org/MGASA-2020-0118.json
- JSON Data
- https://api.osv.dev/v1/vulns/MGASA-2020-0118
- Related
- Published
- 2020-03-06T16:13:58Z
- Modified
- 2020-03-06T15:42:54Z
- Summary
- Updated glib2.0 packages fix security vulnerability
- Details
-
The updated packages fix a security vulnerability:
GSocketClient in GNOME GLib through 2.62.4 may occasionally connect directly to a target address instead of connecting via a proxy server when configured to do so, because the proxy_addr field is mishandled. This bug is timing-dependent and may occur only sporadically depending on network delays. The greatest security relevance is in use cases where a proxy is used to help with privacy/anonymity, even though there is no technical barrier to a direct connection. (CVE-2020-6750)
- References
-
- https://advisories.mageia.org/MGASA-2020-0118.html
- https://bugs.mageia.org/show_bug.cgi?id=26230
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/5RIFEDSRJ4P3WFCMDUOFQ2LEILZLMDW7/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/KJMLGW55HOQXHMTIPH2PWXFRBNBWVO4W/
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:7 / glib2.0
Package
- Name
- glib2.0
- Purl
- pkg:rpm/mageia/glib2.0?distro=mageia-7