[CLSA-2026:1783340548] glib2: Fix of 3 CVEs
Type:
security
Severity:
Critical
Release date:
2026-07-06 12:22:47 UTC
Description:
- CVE-2026-58014: fix off-by-one heap under-read in g_key_file_get_locale_string_list() on empty key values - CVE-2026-58015: validate cookie_context in the DBUS_COOKIE_SHA1 client to prevent path-traversal arbitrary file reads - CVE-2026-58016: fix inverted nesting guard in the D-Bus introspection XML parser (out-of-bounds read)
Updated packages:
  • glib2-2.56.1-9.amzn2.0.13.tuxcare.els2.i686.rpm
    sha:2d7aab0c6146d04873cbd53eefd1734b56615eabaceba9bbe82b1d3d4da727cc
  • glib2-2.56.1-9.amzn2.0.13.tuxcare.els2.x86_64.rpm
    sha:0d7220313d53e7ef9d51e075def59869981fdaf6a0a0958663cfba85fff07634
  • glib2-devel-2.56.1-9.amzn2.0.13.tuxcare.els2.x86_64.rpm
    sha:81f718d4b2a9b33e57e3d6682f47f1b5dc4cbb0e6f60940eb437aa9940442831
  • glib2-doc-2.56.1-9.amzn2.0.13.tuxcare.els2.noarch.rpm
    sha:a1496e9844497ea69adc017d198a685ce30670a15628aebad8ac8f193759cc69
  • glib2-fam-2.56.1-9.amzn2.0.13.tuxcare.els2.x86_64.rpm
    sha:f0a9e3c0e0aadd1e7f06c64b91d0fa2a2ce3ac83b3465d27bbd2eaebac93aaea
  • glib2-static-2.56.1-9.amzn2.0.13.tuxcare.els2.x86_64.rpm
    sha:f920fbc5d2ebf82543a9f3c18dc7ce16b020ad63c6e94a2e019b045e2d07fd22
  • glib2-tests-2.56.1-9.amzn2.0.13.tuxcare.els2.x86_64.rpm
    sha:9114fafd048b142d0373080bb3547dda62f1c8e5c272b687558002acc85f3698
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.