Important: glib2

Issue Overview:

In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmarkup.c has a NULL pointer dereference. (CVE-2018-16428)

GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c, related to utf8_str(). (CVE-2018-16429)

Affected Packages:

glib2

Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update glib2 to update your system.

New Packages:

aarch64:  
    glib2-2.56.1-9.amzn2.0.3.aarch64  
    glib2-devel-2.56.1-9.amzn2.0.3.aarch64  
    glib2-fam-2.56.1-9.amzn2.0.3.aarch64  
    glib2-static-2.56.1-9.amzn2.0.3.aarch64  
    glib2-tests-2.56.1-9.amzn2.0.3.aarch64  
    glib2-debuginfo-2.56.1-9.amzn2.0.3.aarch64  
  
i686:  
    glib2-2.56.1-9.amzn2.0.3.i686  
    glib2-devel-2.56.1-9.amzn2.0.3.i686  
    glib2-fam-2.56.1-9.amzn2.0.3.i686  
    glib2-static-2.56.1-9.amzn2.0.3.i686  
    glib2-tests-2.56.1-9.amzn2.0.3.i686  
    glib2-debuginfo-2.56.1-9.amzn2.0.3.i686  
  
noarch:  
    glib2-doc-2.56.1-9.amzn2.0.3.noarch  
  
src:  
    glib2-2.56.1-9.amzn2.0.3.src  
  
x86_64:  
    glib2-2.56.1-9.amzn2.0.3.x86_64  
    glib2-devel-2.56.1-9.amzn2.0.3.x86_64  
    glib2-fam-2.56.1-9.amzn2.0.3.x86_64  
    glib2-static-2.56.1-9.amzn2.0.3.x86_64  
    glib2-tests-2.56.1-9.amzn2.0.3.x86_64  
    glib2-debuginfo-2.56.1-9.amzn2.0.3.x86_64  

Additional References

Red Hat: CVE-2018-16428, CVE-2018-16429

Mitre: CVE-2018-16428, CVE-2018-16429