CVE-2021-28153
Summary
| CVE | CVE-2021-28153 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2021-03-11 22:15:00 UTC |
|---|
| Updated | 2023-11-07 03:32:00 UTC |
|---|
| Description | An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is attacker-controlled. (If the path is a symlink to a file that already exists, then the contents of that file correctly remain unchanged.) |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| [SECURITY] Fedora 33 Update: glib2-2.66.8-1.fc33 - package-announce - Fedora Mailing-Lists |
FEDORA |
lists.fedoraproject.org |
Mailing List, Third Party Advisory |
| CVE-2021-28153 GNOME GLib Vulnerability in NetApp Products | NetApp Product Security |
CONFIRM |
security.netapp.com |
|
| file-roller symlink attack (#2325) · Issues · GNOME / GLib · GitLab |
MISC |
gitlab.gnome.org |
Exploit, Issue Tracking, Patch, Vendor Advisory |
| GLib: Multiple vulnerabilities (GLSA 202107-13) — Gentoo security |
GENTOO |
security.gentoo.org |
|
| [SECURITY] Fedora 33 Update: mingw-glib2-2.66.8-1.fc33 - package-announce - Fedora Mailing-Lists |
FEDORA |
lists.fedoraproject.org |
|
| [SECURITY] [DLA 3044-1] glib2.0 security update |
MLIST |
lists.debian.org |
|
| [SECURITY] Fedora 33 Update: glib2-2.66.8-1.fc33 - package-announce - Fedora Mailing-Lists |
|
lists.fedoraproject.org |
|
| [SECURITY] Fedora 33 Update: mingw-glib2-2.66.8-1.fc33 - package-announce - Fedora Mailing-Lists |
|
lists.fedoraproject.org |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 159502 Oracle Enterprise Linux Security Update for glib2 (ELSA-2021-4385)
- 160284 Oracle Enterprise Linux Security Update for mingw-glib2 (ELSA-2022-8418)
- 179358 Debian Security Update for glib2.0 (DLA 3044-1)
- 180373 Debian Security Update for glib2.0 (CVE-2021-28153)
- 198294 Ubuntu Security Notification for Glib2.0 Vulnerability (USN-4764-1)
- 239790 Red Hat Update for glib2 (RHSA-2021:4385)
- 281326 Fedora Security Update for mingw (FEDORA-2021-5c81cb03d0)
- 281450 Fedora Security Update for glib2 (FEDORA-2021-a1f51fc418)
- 296067 Oracle Solaris 11.4 Support Repository Update (SRU) 33.94.0 Missing (CPUAPR2021)
- 354922 Amazon Linux Security Advisory for glib2 : ALAS-2023-1742
- 357268 Amazon Linux Security Advisory for glib2 : ALAS2-2024-2487
- 501413 Alpine Linux Security Update for glib
- 670287 EulerOS Security Update for glib2 (EulerOS-SA-2021-1789)
- 670353 EulerOS Security Update for glib2 (EulerOS-SA-2021-1871)
- 670380 EulerOS Security Update for glib2 (EulerOS-SA-2021-1945)
- 670401 EulerOS Security Update for glib2 (EulerOS-SA-2021-1924)
- 670457 EulerOS Security Update for glib2 (EulerOS-SA-2021-2215)
- 670615 EulerOS Security Update for glib2 (EulerOS-SA-2021-2373)
- 710063 Gentoo Linux GLib Multiple vulnerabilities (GLSA 202107-13)
- 752084 SUSE Enterprise Linux Security Update for glib2 (SUSE-SU-2022:1455-1)
- 752154 SUSE Enterprise Linux Security Update for glib2 (SUSE-SU-2022:1758-1)
- 752950 SUSE Enterprise Linux Security Update for glib2 (SUSE-SU-2022:1758-2)
- 753582 SUSE Enterprise Linux Security Update for glib2 (SUSE-SU-2022:1455-2)
- 755903 SUSE Enterprise Linux Security Update for glib2 (SUSE-SU-2023:0174-1)
- 900256 CBL-Mariner Linux Security Update for glib 2.58.0
- 901042 Common Base Linux Mariner (CBL-Mariner) Security Update for glib (6439-1)
- 903707 Common Base Linux Mariner (CBL-Mariner) Security Update for glib (3976)
- 940270 AlmaLinux Security Update for glib2 (ALSA-2021:4385)
- 940841 AlmaLinux Security Update for mingw-glib2 (ALSA-2022:8418)
- 960672 Rocky Linux Security Update for glib2 (RLSA-2021:4385)
