An update for glib2 is now available for openEuler-20.03-LTS-SP1 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2021-1164 Final 1.0 1.0 2021-05-06 Initial 2021-05-06 2021-05-06 openEuler SA Tool V1.0 2021-05-06 glib2 security update An update for glib2 is now available for openEuler-20.03-LTS-SP1. GLib is a bundle of three (formerly five) low-level system libraries written in C and developed mainly by GNOME. GLib's code was separated from GTK, so it can be used by software other than GNOME and has been developed in parallel ever since. Security Fix(es): An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is attacker-controlled. (If the path is a symlink to a file that already exists, then the contents of that file correctly remain unchanged.)(CVE-2021-28153) An update for glib2 is now available for openEuler-20.03-LTS-SP1. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium glib2 https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1164 https://openeuler.org/en/security/cve/detail.html?id=CVE-2021-28153 https://nvd.nist.gov/vuln/detail/CVE-2021-28153 openEuler-20.03-LTS-SP1 glib2-debuginfo-2.62.5-7.oe1.aarch64.rpm glib2-debugsource-2.62.5-7.oe1.aarch64.rpm glib2-devel-2.62.5-7.oe1.aarch64.rpm glib2-2.62.5-7.oe1.aarch64.rpm glib2-help-2.62.5-7.oe1.noarch.rpm glib2-2.62.5-7.oe1.src.rpm glib2-debuginfo-2.62.5-7.oe1.x86_64.rpm glib2-devel-2.62.5-7.oe1.x86_64.rpm glib2-2.62.5-7.oe1.x86_64.rpm glib2-debugsource-2.62.5-7.oe1.x86_64.rpm An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is attacker-controlled. (If the path is a symlink to a file that already exists, then the contents of that file correctly remain unchanged.) 2021-05-06 CVE-2021-28153 openEuler-20.03-LTS-SP1 Medium 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N glib2 security update 2021-05-06 https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1164