OESA-2023-1206

Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1206
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2023-1206.json
JSON Data
https://api.osv.dev/v1/vulns/OESA-2023-1206
Upstream
  • CVE-2023-24593
  • CVE-2023-25180
Published
2023-04-11T11:05:07Z
Modified
2025-09-03T06:19:00.264990Z
Summary
glib2 security update
Details

GLib is a bundle of three (formerly five) low-level system libraries written in C and developed mainly by GNOME. GLib's code was separated from GTK, so it can be used by software other than GNOME and has been developed in parallel ever since.

Security Fix(es):

glib: DoS caused by malicious serialised variant(CVE-2023-25180)

glib: DoS caused by handling a malicious text-form variant(CVE-2023-24593)

Database specific
{
    "severity": "Medium"
}
References

Affected packages

openEuler:20.03-LTS-SP1 / glib2

Package

Name
glib2
Purl
pkg:rpm/openEuler/glib2&distro=openEuler-20.03-LTS-SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.66.8-11.oe1

Ecosystem specific

{
    "x86_64": [
        "glib2-2.66.8-11.oe1.x86_64.rpm",
        "glib2-devel-2.66.8-11.oe1.x86_64.rpm",
        "glib2-debugsource-2.66.8-11.oe1.x86_64.rpm",
        "glib2-debuginfo-2.66.8-11.oe1.x86_64.rpm"
    ],
    "noarch": [
        "glib2-help-2.66.8-11.oe1.noarch.rpm"
    ],
    "src": [
        "glib2-2.66.8-11.oe1.src.rpm"
    ],
    "aarch64": [
        "glib2-devel-2.66.8-11.oe1.aarch64.rpm",
        "glib2-2.66.8-11.oe1.aarch64.rpm",
        "glib2-debuginfo-2.66.8-11.oe1.aarch64.rpm",
        "glib2-debugsource-2.66.8-11.oe1.aarch64.rpm"
    ]
}

Database specific

source
"https://repo.openeuler.org/security/data/osv/OESA-2023-1206.json"

openEuler:20.03-LTS-SP3 / glib2

Package

Name
glib2
Purl
pkg:rpm/openEuler/glib2&distro=openEuler-20.03-LTS-SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.66.8-12.oe1

Ecosystem specific

{
    "x86_64": [
        "glib2-debuginfo-2.66.8-12.oe1.x86_64.rpm",
        "glib2-2.66.8-12.oe1.x86_64.rpm",
        "glib2-debugsource-2.66.8-12.oe1.x86_64.rpm",
        "glib2-devel-2.66.8-12.oe1.x86_64.rpm"
    ],
    "noarch": [
        "glib2-help-2.66.8-12.oe1.noarch.rpm"
    ],
    "src": [
        "glib2-2.66.8-12.oe1.src.rpm"
    ],
    "aarch64": [
        "glib2-2.66.8-12.oe1.aarch64.rpm",
        "glib2-debugsource-2.66.8-12.oe1.aarch64.rpm",
        "glib2-debuginfo-2.66.8-12.oe1.aarch64.rpm",
        "glib2-devel-2.66.8-12.oe1.aarch64.rpm"
    ]
}

Database specific

source
"https://repo.openeuler.org/security/data/osv/OESA-2023-1206.json"

openEuler:22.03-LTS / glib2

Package

Name
glib2
Purl
pkg:rpm/openEuler/glib2&distro=openEuler-22.03-LTS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.72.2-10.oe2203sp1

Ecosystem specific

{
    "x86_64": [
        "glib2-2.68.1-17.oe2203.x86_64.rpm",
        "glib2-debugsource-2.68.1-17.oe2203.x86_64.rpm",
        "glib2-debuginfo-2.68.1-17.oe2203.x86_64.rpm",
        "glib2-devel-2.68.1-17.oe2203.x86_64.rpm",
        "glib2-debuginfo-2.72.2-10.oe2203sp1.x86_64.rpm",
        "glib2-2.72.2-10.oe2203sp1.x86_64.rpm",
        "glib2-tests-2.72.2-10.oe2203sp1.x86_64.rpm",
        "glib2-debugsource-2.72.2-10.oe2203sp1.x86_64.rpm",
        "glib2-devel-2.72.2-10.oe2203sp1.x86_64.rpm",
        "glib2-static-2.72.2-10.oe2203sp1.x86_64.rpm"
    ],
    "noarch": [
        "glib2-help-2.68.1-17.oe2203.noarch.rpm",
        "glib2-help-2.72.2-10.oe2203sp1.noarch.rpm"
    ],
    "src": [
        "glib2-2.68.1-17.oe2203.src.rpm",
        "glib2-2.72.2-10.oe2203sp1.src.rpm"
    ],
    "aarch64": [
        "glib2-2.68.1-17.oe2203.aarch64.rpm",
        "glib2-debugsource-2.68.1-17.oe2203.aarch64.rpm",
        "glib2-devel-2.68.1-17.oe2203.aarch64.rpm",
        "glib2-debuginfo-2.68.1-17.oe2203.aarch64.rpm",
        "glib2-debugsource-2.72.2-10.oe2203sp1.aarch64.rpm",
        "glib2-tests-2.72.2-10.oe2203sp1.aarch64.rpm",
        "glib2-static-2.72.2-10.oe2203sp1.aarch64.rpm",
        "glib2-2.72.2-10.oe2203sp1.aarch64.rpm",
        "glib2-debuginfo-2.72.2-10.oe2203sp1.aarch64.rpm",
        "glib2-devel-2.72.2-10.oe2203sp1.aarch64.rpm"
    ]
}

Database specific

source
"https://repo.openeuler.org/security/data/osv/OESA-2023-1206.json"

openEuler:22.03-LTS-SP1 / glib2

Package

Name
glib2
Purl
pkg:rpm/openEuler/glib2&distro=openEuler-22.03-LTS-SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.72.2-10.oe2203sp1

Ecosystem specific

{
    "x86_64": [
        "glib2-debuginfo-2.72.2-10.oe2203sp1.x86_64.rpm",
        "glib2-2.72.2-10.oe2203sp1.x86_64.rpm",
        "glib2-tests-2.72.2-10.oe2203sp1.x86_64.rpm",
        "glib2-debugsource-2.72.2-10.oe2203sp1.x86_64.rpm",
        "glib2-devel-2.72.2-10.oe2203sp1.x86_64.rpm",
        "glib2-static-2.72.2-10.oe2203sp1.x86_64.rpm"
    ],
    "noarch": [
        "glib2-help-2.72.2-10.oe2203sp1.noarch.rpm"
    ],
    "src": [
        "glib2-2.72.2-10.oe2203sp1.src.rpm"
    ],
    "aarch64": [
        "glib2-debugsource-2.72.2-10.oe2203sp1.aarch64.rpm",
        "glib2-tests-2.72.2-10.oe2203sp1.aarch64.rpm",
        "glib2-static-2.72.2-10.oe2203sp1.aarch64.rpm",
        "glib2-2.72.2-10.oe2203sp1.aarch64.rpm",
        "glib2-debuginfo-2.72.2-10.oe2203sp1.aarch64.rpm",
        "glib2-devel-2.72.2-10.oe2203sp1.aarch64.rpm"
    ]
}

Database specific

source
"https://repo.openeuler.org/security/data/osv/OESA-2023-1206.json"