A vulnerability has been discovered in GLib, which can lead to privilege escalation.
Package | dev-libs/glib on all architectures |
---|---|
Affected versions | < 2.78.6 |
Unaffected versions | >= 2.78.6 |
GLib is a library providing a number of GNOME's core objects and functions.
A vulnerability has been discovered in GLib. Please review the CVE identifier referenced below for details.
When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager or logind on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact.
There is no known workaround at this time.
All GLib users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/glib-2.78.6"
Release date
June 22, 2024
Latest revision
June 22, 2024: 1
Severity
high
Exploitable
local
Bugzilla entries