CVE-2019-12450 : Ubuntu has Released Security Update for glib2.0

Ubuntu has released security update for glib2.0 package.

This release fixes vulnerability against glib2.0 package.

Date Reported30-May-2019
Fix Released On11-June-2019
Severity LevelMedium
Affected Packagesglib2.0

Affected Operating System & Version:

Operating System Name/Version/Code NameFixed Package Version
Ubuntu 12.04 ESM (Precise Pangolin)2.32.4-0ubuntu1.2
Ubuntu 14.04 ESM (Trusty Tahr)2.40.2-0ubuntu1.1+esm1
Ubuntu 16.04 LTS (Xenial Xerus)2.48.2-0ubuntu4.2
Ubuntu 18.04 LTS (Bionic Beaver)2.56.4-0ubuntu0.18.04.3
Ubuntu 18.10 (Cosmic Cuttlefish)2.58.1-2ubuntu0.1
Ubuntu 19.04 (Disco Dingo)2.60.0-1ubuntu0.1

Details:

file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used.

It’s recommended to update the glib package ASAP.

For more details about the security issues, and other related information, refer to the CVE pages.

Ubuntu Security Advisory References:

Security Database References (CVE):

Solution:

  • These issue has been fixed in all the supported Ubuntu versions.

Run the following command to install the above updates.

$ sudo apt install --only-upgrade glib2.0
or
$ sudo apt install unattended-upgrades

The installed security fixes can be verified in the package change log using the following methods.

Using manual method.

$ zgrep -i "CVE-2019-12450" /usr/share/doc/package/changelog.Debian.gz

Using debsecan command.

$ debsecan | grep CVE-2019-12450

Leave a Reply

Your email address will not be published. Required fields are marked *