glib-2.60.4 (CVE-2019-12450)

[Bruce Dubbs]

New point version.

[Bruce Dubbs]

Overview of changes in GLib 2.60.3

• Various fixes to small key/value support in GHashTable

• Bugs fixed:
  • #1747 Critical in g_socket_client_async_connect_complete
  • #1749 New GHashTable implementation confuses valgrind
  • #1759 test_month_names: assertion failed
  • #1771 GNetworkAddressAddressEnumerator unsafely modifies cache in GNetworkAddress
  • #1774 Leaks in gsocketclient.c connection code
  • #1776 glib/date test fails
  • #1780 GDB pretty-printer for GHashTable no longer works
  • !815 Merge branch 'wip/tingping/socketclient-cancel-2' into 'master'
  • !816 Backport !814 “gschema.dtd: Add target attribute to alias” to glib-2-60
  • !826 Backport !824 “gsocketclient: Fix a leak in the connection code” to glib-2-60
  • !829 Backport !828 “build: Fix a typo in the test whether _NL_ABALTMON_n is supported” to glib-2-60
  • !834 Backport !823 "gnetworkaddress: Fix parallel enumerations interfering with eachother" to glib-2-60
  • !838 Backport !835 “Fix typo in German translation” to glib-2-60
  • !841 Backport !839 “tests: Update month name check for Greek locale” to glib-2-60
  • !844 Backport !840 “ghash: Disable small-arrays under valgrind” to glib-2-60
  • !846 Backport !845 “Fixing g_format_size_full() on Windows-x64” to glib-2-60
  • !855 Backport !848 (more GHashTable fixes) to glib-2-60
  • !858 Backport !852 “Update gdb pretty-printer for GHashTable” to glib-2-60

• Translation updates

[Douglas R. Reno]

Heads up, this was just upgraded to 2.60.4

News
====

* Fixes to improved network status detection with NetworkManager (#1788)

* Leak fixes to some `glib-genmarshal` generated code (#1793)

* Further fixes to the Happy Eyeballs (RFC 8305) implementation (!865)

* File system permissions fix to clamp down permissions in a small time window
  when copying files (CVE-2019-12450, !876)

* Bugs fixed:
 - #1755 Please revert #535 gmacros: Try to use the standard __func__ first in G_STRFUNC
 - #1788 GNetworkMonitor claims I am offline
 - #1792 glib-genmarshal generated valist marshal does not respect static scope for some types
 - #1793 glib-genmarshal generates wrong code for va marshaler for VARIANT type
 - #1795 Fix mingw32 CI on older branches
 - !865 gnetworkaddress: fix "happy eyeballs" logic
 - !878 Backport !876 “gfile: Limit access to files when copying” to glib-2-60

From the United States National Vulnerability Database:

Current Description

file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used.

Source:  MITRE
Description Last Modified:  05/29/2019
View Analysis Description
Impact
CVSS v3.0 Severity and Metrics:

Base Score: 9.8 CRITICAL
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (V3 legend)
Impact Score: 5.9
Exploitability Score: 3.9

Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): High
Integrity (I): High
Availability (A): High
CVSS v2.0 Severity and Metrics:

Base Score: 7.5 HIGH
Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) (V2 legend)
Impact Subscore: 6.4
Exploitability Subscore: 10.0

Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (AU): None
Confidentiality (C): Partial
Integrity (I): Partial
Availability (A): Partial

Additional Information:
Allows unauthorized disclosure of information
Allows unauthorized modification
Allows disruption of service

Under CVSSv3, it's marked as 9.8 CRITICAL. That's out of 10.

As a result, I'm promoting this to Highest priority.

[Douglas R. Reno]

Fixed at r21674

[Bruce Dubbs]

Milestone renamed