Huawei EulerOS: Security Advisory for glib2 (EulerOS-SA-2020-1654)

The remote host is missing an update for the Huawei EulerOS 'glib2' package(s) announced via the EulerOS-SA-2020-1654 advisory.

PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by /^(?:(?(1)\\.<pipe>([^\\\\W_])?)+)+$/.(CVE-2015-3217) Heap-based buffer overflow in the find_fixedlength function in pcre_compile.c in PCRE before 8.38 allows remote attackers to cause a denial of service (crash) or obtain sensitive information from heap memory and possibly bypass the ASLR protection mechanism via a crafted regular expression with an excess closing parenthesis.(CVE-2015-5073) The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parents (kfsb-dir, NULL, NULL) and files using g_file_replace_contents (kfsb-file, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, NULL, NULL). Consequently, it does not properly restrict directory (and file) permissions. Instead, for directories, 0777 permissions are used, for files, default file permissions are used. This is similar to CVE-2019-12450.(CVE-2019-13012) file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used.(CVE-2019-12450)

'glib2' package(s) on Huawei EulerOS V2.0SP2.

Checks if a vulnerable package version is present on the target host.

Please install the updated package(s).