Pardus: Glib2: Integer Overflow
Posted by Benjamin D. Thomas   
Some vulnerabilities have been reported in GLib, which can potentially be exploited by malicious people to compromise an application using the library.

------------------------------------------------------------------------
Pardus Linux Security Advisory 2009-40            security@pardus.org.tr
------------------------------------------------------------------------
      Date: 2009-03-25
  Severity: 3
      Type: Remote
------------------------------------------------------------------------

Summary
=======

Some vulnerabilities have been reported in GLib, which can  potentially
be exploited by malicious people to compromise an application using the
library.


Description
===========

The vulnerabilities are caused due  to  integer  overflows  within  the
"g_base64_encode()" and "g_base64_decode()" functions in glib/base64.c.
This can be exploited to cause a heap-based  buffer  overflow  by  e.g.
tricking an application using the library  into  encoding  or  decoding
specially crafted input.


Affected packages:

  Pardus 2008:
    glib2, all before 2.16.5-30-12


Resolution
==========

There are update(s) for glib2. You can update them via Package  Manager
or with a single command from console:

    pisi up glib2

References
==========

  * http://bugs.pardus.org.tr/show_bug.cgi?id=9391
  * http://www.ocert.org/advisories/ocert-2008-015.html
  * http://secunia.com/advisories/34267