Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
centosCentOS ProjectCESA-2020:3978
HistoryOct 20, 2020 - 6:07 p.m.

glib2, ibus security update

2020-10-2018:07:15
CentOS Project
lists.centos.org
318

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.014 Low

EPSS

Percentile

86.1%

JSON

CentOS Errata and Security Advisory CESA-2020:3978

GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures.

The Intelligent Input Bus (IBus) is an input method framework for multilingual input in Unix-like operating systems.

Security Fix(es):

  • glib2: file_copy_fallback in gio/gfile.c in GNOME GLib does not properly restrict file permissions while a copy operation is in progress (CVE-2019-12450)

  • ibus: missing authorization allows local attacker to access the input bus of another user (CVE-2019-14822)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-cr-announce/2020-October/032782.html
https://lists.centos.org/pipermail/centos-cr-announce/2020-October/032801.html

Affected packages:
glib2
glib2-devel
glib2-doc
glib2-fam
glib2-static
glib2-tests
ibus
ibus-devel
ibus-devel-docs
ibus-gtk2
ibus-gtk3
ibus-libs
ibus-pygtk2
ibus-setup

Upstream details at:
https://access.redhat.com/errata/RHSA-2020:3978

Related

nessus 64
oraclelinux 3
redhat 8
redhatcve 3
openvas 38
fedora 4
suse 3
mageia 2
almalinux 1
debian 4
ubuntu 4
prion 3
osv 6
cve 3
debiancve 3
ubuntucve 3
cbl_mariner 2
veracode 2
f5 2
amazon 5
cloudfoundry 1
ibm 5
alpinelinux 1
photon 6
oracle 1
nessus
nessus
Oracle Linux 7 : glib2 / and / ibus (ELSA-2020-3978)
2020-10-07 00:00:00
CentOS 7 : glib2 and ibus (CESA-2020:3978)
2020-10-20 00:00:00
Scientific Linux Security Update : glib2 and ibus on SL7.x x86_64 (20201001)
2020-10-21 00:00:00
oraclelinux
oraclelinux
glib2 and ibus security and bug fix update
2020-10-06 00:00:00
glib2 security, bug fix, and enhancement update
2019-11-14 00:00:00
ibus and glib2 security and bug fix update
2020-05-05 00:00:00
redhat
redhat
(RHSA-2020:3978) Moderate: glib2 and ibus security and bug fix update
2020-09-29 07:48:16
(RHSA-2020:1880) Moderate: ibus and glib2 security and bug fix update
2020-04-28 09:26:53
(RHSA-2019:3530) Moderate: glib2 security, bug fix, and enhancement update
2019-11-05 17:56:44
redhatcve
redhatcve
CVE-2019-14822
2019-09-13 07:51:28
CVE-2019-12450
2019-12-29 21:44:45
CVE-2019-13012
2019-07-10 10:51:48
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2019:2389-1)
2021-04-19 00:00:00
Huawei EulerOS: Security Advisory for ibus (EulerOS-SA-2020-1855)
2020-08-31 00:00:00
Huawei EulerOS: Security Advisory for ibus (EulerOS-SA-2021-1483)
2021-03-05 00:00:00
fedora
fedora
[SECURITY] Fedora 30 Update: ibus-1.5.20-5.fc30
2019-09-25 01:08:28
[SECURITY] Fedora 29 Update: ibus-1.5.19-17.fc29
2019-09-29 02:22:59
[SECURITY] Fedora 31 Update: ibus-1.5.21-2.fc31
2019-09-18 00:07:07
suse
suse
Security update for ibus (important)
2019-09-26 00:00:00
Security update for ibus (important)
2019-09-24 00:00:00
Security update for glib2 (important)
2019-06-27 00:00:00
mageia
mageia
Updated ibus packages fix security vulnerability
2019-09-21 14:07:28
Updated glib2.0 packages fix security vulnerability
2019-11-30 16:06:06
almalinux
almalinux
Moderate: ibus and glib2 security and bug fix update
2020-04-28 09:26:53
debian
debian
[SECURITY] [DSA 4525-1] ibus security update
2019-09-18 21:02:42
[SECURITY] [DLA 1826-1] glib2.0 security update
2019-06-18 20:47:44
[SECURITY] [DSA 4525-1] ibus security update
2019-09-18 21:02:42
ubuntu
ubuntu
IBus vulnerability
2019-09-16 00:00:00
IBus vulnerability
2020-03-24 00:00:00
GLib vulnerability
2019-06-10 00:00:00
prion
prion
Input validation
2019-11-25 12:15:00
Default credentials
2019-05-29 17:29:00
Null pointer dereference
2019-06-28 15:15:00
osv
osv
ibus - security update
2019-09-18 00:00:00
CVE-2019-14822
2019-11-25 12:15:11
CVE-2019-12450
2019-05-29 17:29:00
cve
cve
CVE-2019-14822
2019-11-25 12:15:00
CVE-2019-12450
2019-05-29 17:29:00
CVE-2019-13012
2019-06-28 15:15:00
debiancve
debiancve
CVE-2019-14822
2019-11-25 12:15:00
CVE-2019-12450
2019-05-29 17:29:00
CVE-2019-13012
2019-06-28 15:15:00
ubuntucve
ubuntucve
CVE-2019-12450
2019-05-29 00:00:00
CVE-2019-14822
2019-09-13 00:00:00
CVE-2019-13012
2019-06-28 00:00:00
cbl_mariner
cbl_mariner
CVE-2019-12450 affecting package glib 2.58.0-10
2020-09-09 06:09:08
CVE-2019-12450 affecting package glib 2.60.1-5
2022-04-09 06:51:45
veracode
veracode
Insecure Access Controls
2020-10-01 03:51:33
Insecure File Permissions
2019-11-06 00:21:01
f5
f5
K70949911 : Glib vulnerability CVE-2019-14822
2022-08-26 00:00:00
K18407453 : Glib vulnerabilities CVE-2018-10767, CVE-2019-12450, and CVE-2019-19126
2022-04-25 00:00:00
amazon
amazon
Medium: ibus
2020-11-09 17:10:00
Medium: glib2
2020-11-09 17:10:00
Medium: glib2
2019-09-13 23:17:00
cloudfoundry
cloudfoundry
USN-4014-1: GLib vulnerability | Cloud Foundry
2019-06-18 00:00:00
ibm
ibm
Security Bulletin: IBM Security Privileged Identity Manager is affected by security vulnerabilities (CVE-2019-12450)
2021-08-04 17:37:31
Security Bulletin: IBM Security Privileged Identity Manager is affected by security vulnerabilities (CVE-2019-12450)
2021-08-04 17:56:39
Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
2021-02-02 22:11:04
alpinelinux
alpinelinux
CVE-2019-12450
2019-05-29 17:29:00
photon
photon
Critical Photon OS Security Update - PHSA-2019-0018
2019-06-12 00:00:00
Critical Photon OS Security Update - PHSA-2019-3.0-0018
2019-06-12 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-1.0-0237
2019-06-12 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - April 2022
2022-04-19 00:00:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.014 Low

EPSS

Percentile

86.1%

JSON
Related for CESA-2020:3978
nessus64oraclelinux3redhat8redhatcve3openvas38fedora4suse3mageia2almalinux1debian4ubuntu4prion3osv6cve3debiancve3ubuntucve3cbl_mariner2veracode2f52amazon5cloudfoundry1ibm5alpinelinux1photon6oracle1