Oracle Linux: CVE-2021-27219: ELSA-2021-2170: glib2 security and bug fix update (IMPORTANT) (Multiple Advisories)
Description
An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption. An integer wraparound was discovered in glib due to passing a 64 bit sized value to function g_memdup() which accepts a 32 bits number as argument. An attacker may abuse this flaw when an application linked against the glib library uses g_bytes_new() function or possibly other functions that use g_memdup() underneath and accept a 64 bits argument as size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Solution(s)
- oracle-linux-upgrade-glib2
- oracle-linux-upgrade-glib2-devel
- oracle-linux-upgrade-glib2-doc
- oracle-linux-upgrade-glib2-fam
- oracle-linux-upgrade-glib2-static
- oracle-linux-upgrade-glib2-tests
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center