Some vulnerabilities have been reported in GLib, which can potentially be exploited by malicious people to compromise an application using the library.
------------------------------------------------------------------------
Pardus Linux Security Advisory 2009-40 security@pardus.org.tr
------------------------------------------------------------------------
Date: 2009-03-25
Severity: 3
Type: Remote
------------------------------------------------------------------------
Summary
=======
Some vulnerabilities have been reported in GLib, which can potentially
be exploited by malicious people to compromise an application using the
library.
Description
===========
The vulnerabilities are caused due to integer overflows within the
"g_base64_encode()" and "g_base64_decode()" functions in glib/base64.c.
This can be exploited to cause a heap-based buffer overflow by e.g.
tricking an application using the library into encoding or decoding
specially crafted input.
Affected packages:
Pardus 2008:
glib2, all before 2.16.5-30-12
Resolution
==========
There are update(s) for glib2. You can update them via Package Manager
or with a single command from console:
pisi up glib2
References
==========
* http://bugs.pardus.org.tr/show_bug.cgi?id=9391
* http://www.ocert.org/advisories/ocert-2008-015.html
* http://secunia.com/advisories/34267