Mageia alert MGASA-2026-0023 (glib2.0)
| From: | Mageia Updates <updates-announce@ml.mageia.org> | |
| To: | updates-announce@ml.mageia.org | |
| Subject: | [updates-announce] MGASA-2026-0023: Updated glib2.0 packages fix security vulnerabilities | |
| Date: | Wed, 28 Jan 2026 23:42:54 +0100 | |
| Message-ID: | <20260128224254.9ACC99F8BE@duvel.mageia.org> | |
| Archive-link: | Article |
MGASA-2026-0023 - Updated glib2.0 packages fix security vulnerabilities Publication date: 28 Jan 2026 URL: https://advisories.mageia.org/MGASA-2026-0023.html Type: security Affected Mageia releases: 9 CVE: CVE-2025-3360, CVE-2025-7039, CVE-2025-13601, CVE-2025-14087, CVE-2025-14512, CVE-2026-0988 Description: Glib prior to 2.82.5 is vulnerable to integer overflow and buffer under-read when parsing a very long invalid iso 8601 timestamp with g_date_time_new_from_iso8601(). (CVE-2025-3360) Buffer under-read on glib through glib/gfileutils.c via get_tmp_file(). (CVE-2025-7039) Integer overflow in in g_escape_uri_string(). (CVE-2025-13601) Buffer underflow in gvariant parser leads to heap corruption. (CVE-2025-14087) Integer overflow in glib gio attribute escaping causes heap buffer overflow. (CVE-2025-14512) Denial of service via integer overflow in g_buffered_input_stream_peek(). (CVE-2026-0988) References: - https://bugs.mageia.org/show_bug.cgi?id=35052 - https://ubuntu.com/security/notices/USN-7971-1 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7039 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988 SRPMS: - 9/core/glib2.0-2.76.3-1.6.mga9