Security update for glib2
This update for glib2 fixes the following issues:
- CVE-2021-27218: g_byte_array_new_take takes a gsize as length but stores in a guint, this patch will refuse if
the length is larger than guint. (bsc#1182328)
- CVE-2021-27219: g_memdup takes a guint as parameter and sometimes leads into an integer overflow, so add a g_memdup2 function which uses gsize to replace it. (bsc#1182362)
This update was imported from the SUSE:SLE-15-SP2:Update update project.
-
Submitted by
Alynx Zhou (AZhou)
Fixed bugs
bnc#1182328
VUL-0: CVE-2021-27218: glib2: length truncation when g_byte_array_new_take() is called with a buffer of 4GB or more on 64-bit
bnc#1182362
VUL-0: CVE-2021-27219: glib2: integer overflow in g_bytes_new due to an implicit cast from 64 bits to 32 bits
