SuSE Security Advisory SUSE-SA:2009:026 (glib2) Network Vulnerability

Summary

The remote host is missing updates announced in advisory SUSE-SA:2009:026.

Solution

Update your system with the packages as indicated in the referenced security advisory. https://secure1.securityspace.com/smysecure/catid.html?in=SUSE-SA:2009:026

Insight

The advisory was resent because the previous one contained the wrong Announcement ID. The code library glib2 provides base64 encoding and decoding functions that are vulnerable to integer overflows when processing very large strings. Processes using this library functions for processing data from the network can be exploited remotely to execute arbitrary code with the privileges of the user running this process.

Severity

Classification

CVE CVE-2008-4316
CVSS Base Score: 4.6
AV:L/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

SLES10: Security update for gstreamer
SLES10: Security update for compat-openssl097g
SLES10: Security update for Emacs
SLES10: Security update for curl
SLES10: Security update for libpng

Take action and discover your vulnerabilities