Debian alert DLA-4491-1 (glib2.0)
| From: | Andreas Henriksson <andreas@fatal.se> | |
| To: | debian-lts-announce@lists.debian.org | |
| Subject: | [SECURITY] [DLA 4491-1] glib2.0 security update | |
| Date: | Mon, 23 Feb 2026 12:10:30 +0100 | |
| Message-ID: | <scfdkbutc2opqavzoalnyzzjwscatunq4lsmezxxhppxenghud@dbzwmi376cep> |
------------------------------------------------------------------------- Debian LTS Advisory DLA-4491-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Andreas Henriksson February 23, 2026 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : glib2.0 Version : 2.66.8-1+deb11u8 CVE ID : CVE-2026-0988 CVE-2026-1484 CVE-2026-1485 CVE-2026-1489 Debian Bug : 1125752 1126549 1126550 1126551 Multiple issues were found in GLib, a general-purpose, portable utility library, that could lead to denial of service, memory corruption or potentially arbitrary code execution if maliciously crafted data is processed. CVE-2026-0988 Codean Labs found missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS). CVE-2026-1484 treeplus with additional thanks to Sovereign Tech Resilience program of the Sovereign Tech Agency found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably. CVE-2026-1485 treeplus with additonal thanks to Sovereign Tech Resilience program of the Sovereign Tech Agency found a flaw in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability. CVE-2026-1489 treeplus with additional thanks to Sovereign Tech Resilience program of the Sovereign Tech Agency found a flaw n GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable. For Debian 11 bullseye, these problems have been fixed in version 2.66.8-1+deb11u8. We recommend that you upgrade your glib2.0 packages. For the detailed security status of glib2.0 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/glib2.0 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE+uHltkZSvnmOJ4zCC8R9xk0TUwYFAmmcNaMACgkQC8R9xk0T UwYBvQ/6AsnabZLL4VUVd+1/fhQAETm6Yytk4kNAoT7WkXAeOaLceudutsnmsWdl 5jMUnNucgPX+Vah6Valzh3ERiflZ3mDnAqw5kf4IgaMIShzJ2TbIN8pL+efPy0O2 fmtNgFU6iQMRAuBo+t2YpJ0TyaagF6p2CqJ0Xc6zaREwOOeQDPdRqRzk6igRoG4b /fmlB6hBIqu5yIv3ryODp4p+E+3wSEdw+uZebiHdnmzbigNc98LPuRgTkkThrRcw cmhLsLzkLpW6YRNLdm6l/VaCmoPIDAoHznw5Db3yHBgGVk7dfWOUe+mP8ySF0iQl sjj+VYs4c47o4UvBAFCCSmQCVB2KQ2IW8ysoTwQpUEOOUHIMZB0G0b5IxJiLLg26 X5KrjSE2af8mw0nOCC0DF0Xg286UoJtN2dcawRJ0LYDvWm51s/L3LdCsrP13zUye kwYV0DYpuV/p38ViCRZK1ZH9VEbN/03cL8iX+OURcd8xNj6qlRD/vwwR3e3jBWKR uNE65xaWLUIEKGFXAkMSO9YWTwdUD2qfTWDzdGuJ0KOsYbDviaE5+xeNGUOnAuUM nDPU+jE1XTLvED3LyPTNgjcuCCIe/Y6/gAa1/wt/EzhkMhOOUWFG8Nj4oSSTFKI9 /2gQAYtNaabW/mkTQDGnu1k7FgdSnDNBSLIgfyouHiH2Mgs0f3k= =/vae -----END PGP SIGNATURE-----