RHBA-2015:2116

Affecting glib2 package, versions <0:2.42.2-5.el7

Report new vulnerabilities
medium severity
Do your applications use this vulnerable package? Test your applications

Overview

The GTK+ packages contain the GIMP ToolKit (GTK+), a library for creating graphical user interfaces for the X Window System. This update contains a number of rebases to the latest upstream stable versions, which provides a number of bug fixes and enhancements over the previous versions. For more information on the changes, see the GNOME release notes and Red Hat Enterprise Linux 7.2 Release Notes. The orc packages have been upgraded to version 0.4.22. (BZ#1174391) The atk packages have been upgraded to version 2.14.0. (BZ#1174433) The cairo packages have been upgraded to version 1.14.2. (BZ#1174435) The pango packages have been upgraded to version 1.36.8. (BZ#1174436) The gdk-pixbuf2 packages have been upgraded to version 2.31.1. (BZ#1174438) The gobject-introspection packages have been upgraded to version 1.42.0. (BZ#1174439) The glib-networking packages have been upgraded to version 2.42.2. (BZ#1174447) The dconf packages have been upgraded to version 0.22.0. (BZ#1174448) The gtksourceview3 packages have been upgraded to version 3.14.2. (BZ#1174500) The json-glib packages have been upgraded to version 1.0.2. (BZ#1174501) The webkitgtk3 packages have been upgraded to version 2.4.9. (BZ#1174556) The glibmm24 packages have been upgraded to version 2.42.0. (BZ#1174565) The harfbuzz packages have been upgraded to version 0.9.36. (BZ#1201148) The libxklavier packages have been upgraded to version 5.4. (BZ#1202874) The glib2 packages have been upgraded to version 2.42.2. (BZ#1203755) The gtk2 packages have been upgraded to version 2.24.28. (BZ#1221171) This update also fixes the following bugs: * Previously, GTK+ was treating frame times from _NET_WM_FRAME_DRAWN and _NET_WM_FRAME_TIMINGS as local monotonic times, but they are actually extended-precision versions of the server time. This was causing rendering stalls when using GTK+ applications remotely. With this update, frame times are converted to monotonic times when the X server and client are not running on the same system, and GTK+ applications can be used remotely without rendering stalls. (BZ#1243646) * Previously, the glib2 packages were rebased to a version that deprecated the g_memmove() function. As a consequence, libgsf failed to build from source. This update replaces g_memmove() with memmove(), thus fixing this bug. (BZ#1132679) * Prior to this update, the Python plug-in for GDB did not work with the version of GDB in Red Hat Enterprise Linux 7.1. As a consequence, GDB returned error messages when debugging glib2 applications. This update applies an upstream fix to use newer GDB APIs, and the Python GDB debugging aid for glib2 applications now works as expected. (BZ#1055733) * The glib2 utility previously returned confusing warning messages when programs added GObject properties after the class was initialized. The functionality of adding a property after the class was initialized has been added back due to backward compatibility concerns, and error messages on properties thus no longer appear. (BZ#1168600) * When selecting a file in the "Add attachment" window, Evolution previously terminated unexpectedly with a segmentation fault. This update fixes the gtk_tree_row_ref_deleted() function causing this bug, and attaching a file no longer leads to a crash. (BZ#1175941) * Previously, the CUPS back end checked an incorrect port to connect to remote printers. Consequently, fetching printer information failed and the "Print" button became insensitive. This update makes sure CUPS checks the correct port, thus fixing this bug. (BZ#1221157, BZ#1154038) Users of GTK+ are advised to upgrade to these updated packages, which fix these bugs and add these enhancements.

References

CVE
RHBA-2015:2116
Snyk ID
SNYK-CENTOS7-GLIB2-556002
Published
25 Feb, 2020