OESA-2021-1164
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2021-1164
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2021-1164.json
- JSON Data
- https://api.osv.dev/v1/vulns/OESA-2021-1164
- Upstream
- Published
- 2021-05-06T11:02:51Z
- Modified
- 2025-09-03T06:17:20.702846Z
- Summary
- glib2 security update
- Details
-
GLib is a bundle of three (formerly five) low-level system libraries written in C and developed mainly by GNOME. GLib's code was separated from GTK, so it can be used by software other than GNOME and has been developed in parallel ever since.
Security Fix(es):
An issue was discovered in GNOME GLib before 2.66.8. When gfilereplace() is used with GFILECREATEREPLACEDESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is attacker-controlled. (If the path is a symlink to a file that already exists, then the contents of that file correctly remain unchanged.)(CVE-2021-28153)
- Database specific
{ "severity": "Medium" }- References
Affected packages
openEuler:20.03-LTS-SP1 / glib2
Package
- Name
- glib2
- Purl
- pkg:rpm/openEuler/glib2&distro=openEuler-20.03-LTS-SP1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.62.5-7.oe1
Ecosystem specific
{
"src": [
"glib2-2.62.5-7.oe1.src.rpm"
],
"aarch64": [
"glib2-debuginfo-2.62.5-7.oe1.aarch64.rpm",
"glib2-debugsource-2.62.5-7.oe1.aarch64.rpm",
"glib2-devel-2.62.5-7.oe1.aarch64.rpm",
"glib2-2.62.5-7.oe1.aarch64.rpm"
],
"noarch": [
"glib2-help-2.62.5-7.oe1.noarch.rpm"
],
"x86_64": [
"glib2-debuginfo-2.62.5-7.oe1.x86_64.rpm",
"glib2-devel-2.62.5-7.oe1.x86_64.rpm",
"glib2-2.62.5-7.oe1.x86_64.rpm",
"glib2-debugsource-2.62.5-7.oe1.x86_64.rpm"
]
}