Ubuntu has released security update for glib2.0 package.
This release fixes vulnerability against glib2.0 package.
| Date Reported | 30-May-2019 |
| Fix Released On | 11-June-2019 |
| Severity Level | Medium |
| Affected Packages | glib2.0 |
Affected Operating System & Version:
| Operating System Name/Version/Code Name | Fixed Package Version |
| Ubuntu 12.04 ESM (Precise Pangolin) | 2.32.4-0ubuntu1.2 |
| Ubuntu 14.04 ESM (Trusty Tahr) | 2.40.2-0ubuntu1.1+esm1 |
| Ubuntu 16.04 LTS (Xenial Xerus) | 2.48.2-0ubuntu4.2 |
| Ubuntu 18.04 LTS (Bionic Beaver) | 2.56.4-0ubuntu0.18.04.3 |
| Ubuntu 18.10 (Cosmic Cuttlefish) | 2.58.1-2ubuntu0.1 |
| Ubuntu 19.04 (Disco Dingo) | 2.60.0-1ubuntu0.1 |
Details:
file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used.
It’s recommended to update the glib package ASAP.
For more details about the security issues, and other related information, refer to the CVE pages.
Ubuntu Security Advisory References:
Security Database References (CVE):
Solution:
- These issue has been fixed in all the supported Ubuntu versions.
Run the following command to install the above updates.
$ sudo apt install --only-upgrade glib2.0 or $ sudo apt install unattended-upgrades
The installed security fixes can be verified in the package change log using the following methods.
Using manual method.
$ zgrep -i "CVE-2019-12450" /usr/share/doc/package/changelog.Debian.gz
Using debsecan command.
$ debsecan | grep CVE-2019-12450
