CVE-2021-28153

An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is attacker-controlled. (If the path is a symlink to a file that already exists, then the contents of that file correctly remain unchanged.)
Link Following
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 73%
Affected Products (NVD)
VendorProductVersion
gnomeglib
𝑥
< 2.66.8
broadcombrocade_fabric_operating_system_firmware
-
debiandebian_linux
9.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
glib2.0
bookworm
2.74.6-2+deb12u3
fixed
bookworm (security)
2.74.6-2+deb12u2
fixed
bullseye
2.66.8-1+deb11u4
fixed
bullseye (security)
2.66.8-1+deb11u3
fixed
sid
2.82.2-2
fixed
trixie
2.82.2-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
glib2.0
bionic
Fixed 2.56.4-0ubuntu0.18.04.8
released
focal
Fixed 2.64.6-1~ubuntu20.04.3
released
groovy
Fixed 2.66.1-2ubuntu0.2
released
hirsute
not-affected
impish
not-affected
jammy
not-affected
kinetic
not-affected
lunar
not-affected
mantic
not-affected
noble
not-affected
trusty
needed
xenial
Fixed 2.48.2-0ubuntu4.8
released
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
glib2-devel
suse enterprise desktop 15 SP3
2.62.6-150200.3.9.1
fixed
suse enterprise sap 15 SP2
2.62.6-150200.3.10.1
fixed
suse enterprise sap 15 SP3
2.62.6-150200.3.10.1
fixed
suse enterprise server 15 SP1
2.54.3-150000.4.29.1
fixed
suse enterprise server 15 SP2
2.62.6-150200.3.10.1
fixed
suse enterprise server 15 SP3
2.62.6-150200.3.10.1
fixed
glib2-lang
suse enterprise desktop 15 SP3
2.62.6-150200.3.9.1
fixed
suse enterprise sap 12 SP5
2.48.2-12.28.1
fixed
suse enterprise sap 15 SP2
2.62.6-150200.3.10.1
fixed
suse enterprise sap 15 SP3
2.62.6-150200.3.10.1
fixed
suse enterprise server 12 SP2
2.48.2-12.28.1
fixed
suse enterprise server 12 SP3
2.48.2-12.28.1
fixed
suse enterprise server 12 SP4
2.48.2-12.28.1
fixed
suse enterprise server 12 SP5
2.48.2-12.28.1
fixed
suse enterprise server 15 SP1
2.54.3-150000.4.29.1
fixed
suse enterprise server 15 SP2
2.62.6-150200.3.10.1
fixed
suse enterprise server 15 SP3
2.62.6-150200.3.10.1
fixed
glib2-tools
suse enterprise desktop 15 SP3
2.62.6-150200.3.9.1
fixed
suse enterprise sap 12 SP5
2.48.2-12.28.1
fixed
suse enterprise sap 15 SP2
2.62.6-150200.3.10.1
fixed
suse enterprise sap 15 SP3
2.62.6-150200.3.10.1
fixed
suse enterprise server 12 SP2
2.48.2-12.28.1
fixed
suse enterprise server 12 SP3
2.48.2-12.28.1
fixed
suse enterprise server 12 SP4
2.48.2-12.28.1
fixed
suse enterprise server 12 SP5
2.48.2-12.28.1
fixed
suse enterprise server 15 SP1
2.54.3-150000.4.29.1
fixed
suse enterprise server 15 SP2
2.62.6-150200.3.10.1
fixed
suse enterprise server 15 SP3
2.62.6-150200.3.10.1
fixed
libgio-2_0-0
suse enterprise desktop 15 SP3
2.62.6-150200.3.9.1
fixed
suse enterprise sap 12 SP5
2.48.2-12.28.1
fixed
suse enterprise sap 15 SP2
2.62.6-150200.3.10.1
fixed
suse enterprise sap 15 SP3
2.62.6-150200.3.10.1
fixed
suse enterprise server 12 SP2
2.48.2-12.28.1
fixed
suse enterprise server 12 SP3
2.48.2-12.28.1
fixed
suse enterprise server 12 SP4
2.48.2-12.28.1
fixed
suse enterprise server 12 SP5
2.48.2-12.28.1
fixed
suse enterprise server 15 SP1
2.54.3-150000.4.29.1
fixed
suse enterprise server 15 SP2
2.62.6-150200.3.10.1
fixed
suse enterprise server 15 SP3
2.62.6-150200.3.10.1
fixed
libgio-2_0-0-32bit
suse enterprise desktop 15 SP3
2.62.6-150200.3.9.1
fixed
suse enterprise sap 12 SP5
2.48.2-12.28.1
fixed
suse enterprise sap 15 SP2
2.62.6-150200.3.10.1
fixed
suse enterprise sap 15 SP3
2.62.6-150200.3.10.1
fixed
suse enterprise server 12 SP2
2.48.2-12.28.1
fixed
suse enterprise server 12 SP3
2.48.2-12.28.1
fixed
suse enterprise server 12 SP4
2.48.2-12.28.1
fixed
suse enterprise server 12 SP5
2.48.2-12.28.1
fixed
suse enterprise server 15 SP1
2.54.3-150000.4.29.1
fixed
suse enterprise server 15 SP2
2.62.6-150200.3.10.1
fixed
suse enterprise server 15 SP3
2.62.6-150200.3.10.1
fixed
libglib-2_0-0
suse enterprise desktop 15 SP3
2.62.6-150200.3.9.1
fixed
suse enterprise sap 12 SP5
2.48.2-12.28.1
fixed
suse enterprise sap 15 SP2
2.62.6-150200.3.10.1
fixed
suse enterprise sap 15 SP3
2.62.6-150200.3.10.1
fixed
suse enterprise server 12 SP2
2.48.2-12.28.1
fixed
suse enterprise server 12 SP3
2.48.2-12.28.1
fixed
suse enterprise server 12 SP4
2.48.2-12.28.1
fixed
suse enterprise server 12 SP5
2.48.2-12.28.1
fixed
suse enterprise server 15 SP1
2.54.3-150000.4.29.1
fixed
suse enterprise server 15 SP2
2.62.6-150200.3.10.1
fixed
suse enterprise server 15 SP3
2.62.6-150200.3.10.1
fixed
libglib-2_0-0-32bit
suse enterprise desktop 15 SP3
2.62.6-150200.3.9.1
fixed
suse enterprise sap 12 SP5
2.48.2-12.28.1
fixed
suse enterprise sap 15 SP2
2.62.6-150200.3.10.1
fixed
suse enterprise sap 15 SP3
2.62.6-150200.3.10.1
fixed
suse enterprise server 12 SP2
2.48.2-12.28.1
fixed
suse enterprise server 12 SP3
2.48.2-12.28.1
fixed
suse enterprise server 12 SP4
2.48.2-12.28.1
fixed
suse enterprise server 12 SP5
2.48.2-12.28.1
fixed
suse enterprise server 15 SP1
2.54.3-150000.4.29.1
fixed
suse enterprise server 15 SP2
2.62.6-150200.3.10.1
fixed
suse enterprise server 15 SP3
2.62.6-150200.3.10.1
fixed
libgmodule-2_0-0
suse enterprise desktop 15 SP3
2.62.6-150200.3.9.1
fixed
suse enterprise sap 12 SP5
2.48.2-12.28.1
fixed
suse enterprise sap 15 SP2
2.62.6-150200.3.10.1
fixed
suse enterprise sap 15 SP3
2.62.6-150200.3.10.1
fixed
suse enterprise server 12 SP2
2.48.2-12.28.1
fixed
suse enterprise server 12 SP3
2.48.2-12.28.1
fixed
suse enterprise server 12 SP4
2.48.2-12.28.1
fixed
suse enterprise server 12 SP5
2.48.2-12.28.1
fixed
suse enterprise server 15 SP1
2.54.3-150000.4.29.1
fixed
suse enterprise server 15 SP2
2.62.6-150200.3.10.1
fixed
suse enterprise server 15 SP3
2.62.6-150200.3.10.1
fixed
libgmodule-2_0-0-32bit
suse enterprise desktop 15 SP3
2.62.6-150200.3.9.1
fixed
suse enterprise sap 12 SP5
2.48.2-12.28.1
fixed
suse enterprise sap 15 SP2
2.62.6-150200.3.10.1
fixed
suse enterprise sap 15 SP3
2.62.6-150200.3.10.1
fixed
suse enterprise server 12 SP2
2.48.2-12.28.1
fixed
suse enterprise server 12 SP3
2.48.2-12.28.1
fixed
suse enterprise server 12 SP4
2.48.2-12.28.1
fixed
suse enterprise server 12 SP5
2.48.2-12.28.1
fixed
suse enterprise server 15 SP1
2.54.3-150000.4.29.1
fixed
suse enterprise server 15 SP2
2.62.6-150200.3.10.1
fixed
suse enterprise server 15 SP3
2.62.6-150200.3.10.1
fixed
libgobject-2_0-0
suse enterprise desktop 15 SP3
2.62.6-150200.3.9.1
fixed
suse enterprise sap 12 SP5
2.48.2-12.28.1
fixed
suse enterprise sap 15 SP2
2.62.6-150200.3.10.1
fixed
suse enterprise sap 15 SP3
2.62.6-150200.3.10.1
fixed
suse enterprise server 12 SP2
2.48.2-12.28.1
fixed
suse enterprise server 12 SP3
2.48.2-12.28.1
fixed
suse enterprise server 12 SP4
2.48.2-12.28.1
fixed
suse enterprise server 12 SP5
2.48.2-12.28.1
fixed
suse enterprise server 15 SP1
2.54.3-150000.4.29.1
fixed
suse enterprise server 15 SP2
2.62.6-150200.3.10.1
fixed
suse enterprise server 15 SP3
2.62.6-150200.3.10.1
fixed
libgobject-2_0-0-32bit
suse enterprise desktop 15 SP3
2.62.6-150200.3.9.1
fixed
suse enterprise sap 12 SP5
2.48.2-12.28.1
fixed
suse enterprise sap 15 SP2
2.62.6-150200.3.10.1
fixed
suse enterprise sap 15 SP3
2.62.6-150200.3.10.1
fixed
suse enterprise server 12 SP2
2.48.2-12.28.1
fixed
suse enterprise server 12 SP3
2.48.2-12.28.1
fixed
suse enterprise server 12 SP4
2.48.2-12.28.1
fixed
suse enterprise server 12 SP5
2.48.2-12.28.1
fixed
suse enterprise server 15 SP1
2.54.3-150000.4.29.1
fixed
suse enterprise server 15 SP2
2.62.6-150200.3.10.1
fixed
suse enterprise server 15 SP3
2.62.6-150200.3.10.1
fixed
libgthread-2_0-0
suse enterprise desktop 15 SP3
2.62.6-150200.3.9.1
fixed
suse enterprise sap 12 SP5
2.48.2-12.28.1
fixed
suse enterprise sap 15 SP2
2.62.6-150200.3.10.1
fixed
suse enterprise sap 15 SP3
2.62.6-150200.3.10.1
fixed
suse enterprise server 12 SP2
2.48.2-12.28.1
fixed
suse enterprise server 12 SP3
2.48.2-12.28.1
fixed
suse enterprise server 12 SP4
2.48.2-12.28.1
fixed
suse enterprise server 12 SP5
2.48.2-12.28.1
fixed
suse enterprise server 15 SP1
2.54.3-150000.4.29.1
fixed
suse enterprise server 15 SP2
2.62.6-150200.3.10.1
fixed
suse enterprise server 15 SP3
2.62.6-150200.3.10.1
fixed
libgthread-2_0-0-32bit
suse enterprise sap 12 SP5
2.48.2-12.28.1
fixed
suse enterprise server 12 SP2
2.48.2-12.28.1
fixed
suse enterprise server 12 SP3
2.48.2-12.28.1
fixed
suse enterprise server 12 SP4
2.48.2-12.28.1
fixed
suse enterprise server 12 SP5
2.48.2-12.28.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
glib2
RHEL 8
0:2.56.4-156.el8
fixed
glib2-devel
RHEL 8
0:2.56.4-156.el8
fixed
glib2-doc
RHEL 8
0:2.56.4-156.el8
fixed
glib2-fam
RHEL 8
0:2.56.4-156.el8
fixed
glib2-static
RHEL 8
0:2.56.4-156.el8
fixed
glib2-tests
RHEL 8
0:2.56.4-156.el8
fixed
mingw32-glib2
RHEL 9
0:2.70.1-2.el9
fixed
mingw32-glib2-static
RHEL 9
0:2.70.1-2.el9
fixed
mingw64-glib2
RHEL 9
0:2.70.1-2.el9
fixed
mingw64-glib2-static
RHEL 9
0:2.70.1-2.el9
fixed
Common Weakness Enumeration
References
https://gitlab.gnome.org/GNOME/glib/-/issues/2325
https://lists.debian.org/debian-lts-announce/2022/06/msg00006.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6RXTD5HCP2K4AAUSWWZTBKQNHRCTAEOF/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ICUTQPHZNZWX2DZR46QFLQZRHVMHIILJ/
https://security.gentoo.org/glsa/202107-13
https://security.netapp.com/advisory/ntap-20210416-0003/
https://gitlab.gnome.org/GNOME/glib/-/issues/2325
https://lists.debian.org/debian-lts-announce/2022/06/msg00006.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6RXTD5HCP2K4AAUSWWZTBKQNHRCTAEOF/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ICUTQPHZNZWX2DZR46QFLQZRHVMHIILJ/
https://security.gentoo.org/glsa/202107-13
https://security.netapp.com/advisory/ntap-20210416-0003/