SUSE update for glib2



Risk High
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2024-52533
CWE-ID CWE-193
Exploitation vector Network
Public exploit N/A
Vulnerable software
SUSE Linux Enterprise Server 12 SP5 LTSS Extended
Operating systems & Components / Operating system

SUSE Linux Enterprise Server 12 SP5
Operating systems & Components / Operating system

SUSE Linux Enterprise Server for SAP Applications 12
Operating systems & Components / Operating system

SUSE Linux Enterprise Server 12
Operating systems & Components / Operating system

SUSE Linux Enterprise High Performance Computing 12
Operating systems & Components / Operating system

glib2-devel
Operating systems & Components / Operating system package or component

glib2-devel-debuginfo
Operating systems & Components / Operating system package or component

libgobject-2_0-0-debuginfo-32bit
Operating systems & Components / Operating system package or component

libgio-2_0-0-debuginfo-32bit
Operating systems & Components / Operating system package or component

libgmodule-2_0-0-32bit
Operating systems & Components / Operating system package or component

libgthread-2_0-0-32bit
Operating systems & Components / Operating system package or component

libgobject-2_0-0-32bit
Operating systems & Components / Operating system package or component

libgthread-2_0-0-debuginfo-32bit
Operating systems & Components / Operating system package or component

libgmodule-2_0-0-debuginfo-32bit
Operating systems & Components / Operating system package or component

libglib-2_0-0-32bit
Operating systems & Components / Operating system package or component

libglib-2_0-0-debuginfo-32bit
Operating systems & Components / Operating system package or component

libgio-2_0-0-32bit
Operating systems & Components / Operating system package or component

glib2-lang
Operating systems & Components / Operating system package or component

libgthread-2_0-0-debuginfo
Operating systems & Components / Operating system package or component

libglib-2_0-0-debuginfo
Operating systems & Components / Operating system package or component

libglib-2_0-0
Operating systems & Components / Operating system package or component

glib2-debugsource
Operating systems & Components / Operating system package or component

libgmodule-2_0-0-debuginfo
Operating systems & Components / Operating system package or component

glib2-tools-debuginfo
Operating systems & Components / Operating system package or component

libgmodule-2_0-0
Operating systems & Components / Operating system package or component

libgio-2_0-0-debuginfo
Operating systems & Components / Operating system package or component

libgobject-2_0-0
Operating systems & Components / Operating system package or component

libgio-2_0-0
Operating systems & Components / Operating system package or component

glib2-tools
Operating systems & Components / Operating system package or component

libgthread-2_0-0
Operating systems & Components / Operating system package or component

libgobject-2_0-0-debuginfo
Operating systems & Components / Operating system package or component

Vendor SUSE

Security Bulletin

This security bulletin contains one high risk vulnerability.

1) Off-by-one

EUVDB-ID: #VU100566

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-52533

CWE-ID: CWE-193 - Off-by-one Error

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to an off-by-one error in gio/gsocks4aproxy.c when handling responses from SOCKS4 proxy. A remote attacker can trick the victim into connecting to a malicious SOCKS4 proxy server, trigger an off-by-one error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected package glib2 to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

glib2-devel: before 2.48.2-12.43.1

glib2-devel-debuginfo: before 2.48.2-12.43.1

libgobject-2_0-0-debuginfo-32bit: before 2.48.2-12.43.1

libgio-2_0-0-debuginfo-32bit: before 2.48.2-12.43.1

libgmodule-2_0-0-32bit: before 2.48.2-12.43.1

libgthread-2_0-0-32bit: before 2.48.2-12.43.1

libgobject-2_0-0-32bit: before 2.48.2-12.43.1

libgthread-2_0-0-debuginfo-32bit: before 2.48.2-12.43.1

libgmodule-2_0-0-debuginfo-32bit: before 2.48.2-12.43.1

libglib-2_0-0-32bit: before 2.48.2-12.43.1

libglib-2_0-0-debuginfo-32bit: before 2.48.2-12.43.1

libgio-2_0-0-32bit: before 2.48.2-12.43.1

glib2-lang: before 2.48.2-12.43.1

libgthread-2_0-0-debuginfo: before 2.48.2-12.43.1

libglib-2_0-0-debuginfo: before 2.48.2-12.43.1

libglib-2_0-0: before 2.48.2-12.43.1

glib2-debugsource: before 2.48.2-12.43.1

libgmodule-2_0-0-debuginfo: before 2.48.2-12.43.1

glib2-tools-debuginfo: before 2.48.2-12.43.1

libgmodule-2_0-0: before 2.48.2-12.43.1

libgio-2_0-0-debuginfo: before 2.48.2-12.43.1

libgobject-2_0-0: before 2.48.2-12.43.1

libgio-2_0-0: before 2.48.2-12.43.1

glib2-tools: before 2.48.2-12.43.1

libgthread-2_0-0: before 2.48.2-12.43.1

libgobject-2_0-0-debuginfo: before 2.48.2-12.43.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20244051-2/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###