|
|
Log in / Subscribe / Register

Ubuntu alert USN-7971-1 (glib2.0)



From:
              noreply+usn-bot@canonical.com


To:
              ubuntu-security-announce@lists.ubuntu.com


Subject:
              [USN-7971-1] GLib vulnerability


Date:
              Wed, 21 Jan 2026 17:24:12 +0000


Message-ID:
              <E1vibwC-0003Ka-K4@lists.ubuntu.com>


==========================================================================
Ubuntu Security Notice USN-7971-1
January 21, 2026

glib2.0 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS

Summary:

GLib could be made to crash or run programs if it received specially
crafted input.

Software Description:
- glib2.0: GLib library of C routines

Details:

It was discovered that GLib incorrectly handled the buffered input stream
API. An attacker could use this issue to cause GLib to crash, resulting in
a denial of service, or possibly execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
  libglib2.0-0t64                 2.86.0-2ubuntu0.2
  libglib2.0-bin                  2.86.0-2ubuntu0.2

Ubuntu 24.04 LTS
  libglib2.0-0t64                 2.80.0-6ubuntu3.7
  libglib2.0-bin                  2.80.0-6ubuntu3.7

Ubuntu 22.04 LTS
  libglib2.0-0                    2.72.4-0ubuntu2.8
  libglib2.0-bin                  2.72.4-0ubuntu2.8

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7971-1
  CVE-2026-0988

Package Information:
  https://launchpad.net/ubuntu/+source/glib2.0/2.86.0-2ubun...
  https://launchpad.net/ubuntu/+source/glib2.0/2.80.0-6ubun...
  https://launchpad.net/ubuntu/+source/glib2.0/2.72.4-0ubun...




Attachment: signature.asc (type=application/pgp-signature)

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmlxC6wACgkQcpJm3tlz
hgGonA/8C41XcU8/Rh1Fs6x5MkhojbwazqBFefhs4Ds+vM0G41ts+ryF+detm5xY
auNAyitK8GbLTsiiJ5VX/xTrXzGfITSymIGM6TApZFMjnZkoMo9vR6woOGRzQJZF
CS6WvlGm2fjLtI73Xg9moOFvWAolOQGcRqwYdPoxAnhzlvMWy68aTNzPEEi9TWru
Ek+uvpQFDwkndh/8oO2UbUbJVsXFo7S8kJOg8iuwUOdWM58Wlw8kysbtYhlCe/8b
GxMmrKewVMsrszU6eAAsJd9DlcB7Xq9lblYBcd6U+l7DqRN6PQCUgsh//YOGWgZk
F3CPd3w8musN+G1rrqxS52IA7v+LYw+/uNpZucA2u2OVk8xXo9sWRNMUUaGuxlp4
2ez6syc6OkleRwkzyPxKaxfxTMbJtbq0UFIl9ORzqAynvIJvXwESlooss4bqJAKQ
gBxUGx/SRiAzylLUNcWWbwR04Y3AeNQ3UeUTVbIgG4SCACQBcdmcW9gUPCY10BWc
9SEnxp/vtfpw8kF41hgf9CQQypEIOa0ONZAxVqDjBATmJoIBxKVmvHG/1JERs0nB
3Q4UGO6peumHRRqSwTLi+enSbGskzkz7dntlNL5lWq82YQW/+EDQOw+oawLy3yaa
qT3br7ZSZmOMhLhbrKpljtM2ehCsxSuxLd4pa8396bhTD6JzUXE=
=qgz7
-----END PGP SIGNATURE-----
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds