ALAS2-2020-1553

Affecting glib2 package, versions <2.56.1-7.amzn2.0.1

Report new vulnerabilities
medium severity
Do your applications use this vulnerable package? Test your applications

Overview

Affected versions of this package are vulnerable to ALAS2-2020-1553. Package updates are available for Amazon Linux 2 that fix the following vulnerabilities: CVE-2019-12450: file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used. 1719141: CVE-2019-12450 glib2: file_copy_fallback in gio/gfile.c in GNOME GLib does not properly restrict file permissions while a copy operation is in progress 1719141: CVE-2019-12450 glib2: file_copy_fallback in gio/gfile.c in GNOME GLib does not properly restrict file permissions while a copy operation is in progress

Remediation

Upgrade glib2 to version or higher.

References

CVE
ALAS2-2020-1553
Snyk ID
SNYK-AMZN2-GLIB2-1039280
Published
11 Nov, 2020