Updated: 2023-11-07 19:24:56.474494
Description:
An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is attacker-controlled. (If the path is a symlink to a file that already exists, then the contents of that file correctly remain unchanged.)
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | MEDIUM | 5 |
| CVSS Version 3.x | MEDIUM | 5.3 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated |
|---|---|---|---|---|---|---|---|
| CentOS 6 ELS | glib2 | 2.28.8 | 5.3 | MEDIUM | Released | CLSA-2021:1623075923 | 2022-05-05 12:00:26 |
| CentOS 7 ELS | glib2 | 2.56.1 | 5.3 | MEDIUM | Ignored | 2023-09-19 09:30:31 | |
| CentOS 8.4 ELS | glib2 | 2.56.4-10 | 5.3 | MEDIUM | Released | CLSA-2022:1645466687 | 2022-02-21 17:54:42 |
| CentOS 8.5 ELS | glib2 | 2.56.4-156 | 5.3 | MEDIUM | Not Vulnerable | 2022-02-14 17:48:07 | |
| CloudLinux 6 ELS | glib2 | 2.28.8 | 5.3 | MEDIUM | Released | 2021-11-02 14:03:16 | |
| Oracle Linux 6 ELS | glib2 | 2.28.8 | 5.3 | MEDIUM | Released | CLSA-2021:1634922588 | 2021-11-02 14:03:16 |
| Ubuntu 16.04 ELS | glib2.0 | 2.48.2-0 | 5.3 | MEDIUM | Not Vulnerable | 2021-11-02 14:03:16 | |
| Ubuntu 18.04 ELS | glib2.0 | 2.56.4-0 | 5.3 | MEDIUM | Already Fixed | 2023-06-02 09:09:55 |