{ "threat_severity" : "Moderate", "public_date" : "2024-05-07T00:00:00Z", "bugzilla" : { "description" : "glib2: Signal subscription vulnerabilities", "id" : "2279632", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2279632" }, "cvss3" : { "cvss3_base_score" : "3.8", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", "status" : "verified" }, "cwe" : "CWE-940", "details" : [ "An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact.", "A flaw was found in GNOME GLib. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This issue could lead to the GDBus-based client behaving incorrectly with an application-dependent impact." ], "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2025-07-16T00:00:00Z", "advisory" : "RHSA-2025:11327", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "glib2-0:2.56.4-166.el8_10" }, { "product_name" : "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date" : "2025-09-02T00:00:00Z", "advisory" : "RHSA-2025:14991", "cpe" : "cpe:/o:redhat:rhel_aus:8.2", "package" : "glib2-0:2.56.4-8.el8_2.2" }, { "product_name" : "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date" : "2025-09-02T00:00:00Z", "advisory" : "RHSA-2025:14990", "cpe" : "cpe:/o:redhat:rhel_aus:8.4", "package" : "glib2-0:2.56.4-10.el8_4.2" }, { "product_name" : "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On", "release_date" : "2025-09-02T00:00:00Z", "advisory" : "RHSA-2025:14990", "cpe" : "cpe:/o:redhat:rhel_eus_long_life:8.4", "package" : "glib2-0:2.56.4-10.el8_4.2" }, { "product_name" : "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date" : "2025-09-02T00:00:00Z", "advisory" : "RHSA-2025:14988", "cpe" : "cpe:/o:redhat:rhel_aus:8.6", "package" : "glib2-0:2.56.4-158.el8_6.2" }, { "product_name" : "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date" : "2025-09-02T00:00:00Z", "advisory" : "RHSA-2025:14988", "cpe" : "cpe:/o:redhat:rhel_tus:8.6", "package" : "glib2-0:2.56.4-158.el8_6.2" }, { "product_name" : "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date" : "2025-09-02T00:00:00Z", "advisory" : "RHSA-2025:14988", "cpe" : "cpe:/o:redhat:rhel_e4s:8.6", "package" : "glib2-0:2.56.4-158.el8_6.2" }, { "product_name" : "Red Hat Enterprise Linux 8.8 Telecommunications Update Service", "release_date" : "2025-09-02T00:00:00Z", "advisory" : "RHSA-2025:14989", "cpe" : "cpe:/o:redhat:rhel_tus:8.8", "package" : "glib2-0:2.56.4-162.el8_8" }, { "product_name" : "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions", "release_date" : "2025-09-02T00:00:00Z", "advisory" : "RHSA-2025:14989", "cpe" : "cpe:/o:redhat:rhel_e4s:8.8", "package" : "glib2-0:2.56.4-162.el8_8" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-09-11T00:00:00Z", "advisory" : "RHBA-2024:6585", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "rhel9/toolbox:9.4-12.1725906880" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-09-11T00:00:00Z", "advisory" : "RHBA-2024:6585", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "ubi9/toolbox:9.4-12.1725906880" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-09-09T00:00:00Z", "advisory" : "RHSA-2024:6464", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "glib2-0:2.68.4-14.el9_4.1" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-11-12T00:00:00Z", "advisory" : "RHSA-2024:9442", "cpe" : "cpe:/a:redhat:enterprise_linux:9::crb", "package" : "mingw-glib2-0:2.78.6-1.el9" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-09-09T00:00:00Z", "advisory" : "RHSA-2024:6464", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "glib2-0:2.68.4-14.el9_4.1" }, { "product_name" : "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions", "release_date" : "2025-07-10T00:00:00Z", "advisory" : "RHSA-2025:10780", "cpe" : "cpe:/a:redhat:rhel_e4s:9.2", "package" : "glib2-0:2.68.4-7.el9_2" }, { "product_name" : "Service Interconnect 1.4 for RHEL 9", "release_date" : "2024-11-21T00:00:00Z", "advisory" : "RHSA-2024:10135", "cpe" : "cpe:/a:redhat:service_interconnect:1.4::el9", "package" : "service-interconnect/skupper-config-sync-rhel9:1.4.7-3" }, { "product_name" : "Service Interconnect 1.4 for RHEL 9", "release_date" : "2024-11-21T00:00:00Z", "advisory" : "RHSA-2024:10135", "cpe" : "cpe:/a:redhat:service_interconnect:1.4::el9", "package" : "service-interconnect/skupper-flow-collector-rhel9:1.4.7-3" }, { "product_name" : "Service Interconnect 1.4 for RHEL 9", "release_date" : "2024-11-21T00:00:00Z", "advisory" : "RHSA-2024:10135", "cpe" : "cpe:/a:redhat:service_interconnect:1.4::el9", "package" : "service-interconnect/skupper-operator-bundle:1.4.7-4" }, { "product_name" : "Service Interconnect 1.4 for RHEL 9", "release_date" : "2024-11-21T00:00:00Z", "advisory" : "RHSA-2024:10135", "cpe" : "cpe:/a:redhat:service_interconnect:1.4::el9", "package" : "service-interconnect/skupper-router-rhel9:2.4.3-7" }, { "product_name" : "Service Interconnect 1.4 for RHEL 9", "release_date" : "2024-11-21T00:00:00Z", "advisory" : "RHSA-2024:10135", "cpe" : "cpe:/a:redhat:service_interconnect:1.4::el9", "package" : "service-interconnect/skupper-service-controller-rhel9:1.4.7-3" }, { "product_name" : "Service Interconnect 1.4 for RHEL 9", "release_date" : "2024-11-21T00:00:00Z", "advisory" : "RHSA-2024:10135", "cpe" : "cpe:/a:redhat:service_interconnect:1.4::el9", "package" : "service-interconnect/skupper-site-controller-rhel9:1.4.7-3" }, { "product_name" : "Service Interconnect 1.4 for RHEL 9", "release_date" : "2024-09-26T00:00:00Z", "advisory" : "RHSA-2024:7213", "cpe" : "cpe:/a:redhat:service_interconnect:1.4::el9", "package" : "service-interconnect/skupper-config-sync-rhel9:1.4.7-2" }, { "product_name" : "Service Interconnect 1.4 for RHEL 9", "release_date" : "2024-09-26T00:00:00Z", "advisory" : "RHSA-2024:7213", "cpe" : "cpe:/a:redhat:service_interconnect:1.4::el9", "package" : "service-interconnect/skupper-flow-collector-rhel9:1.4.7-2" }, { "product_name" : "Service Interconnect 1.4 for RHEL 9", "release_date" : "2024-09-26T00:00:00Z", "advisory" : "RHSA-2024:7213", "cpe" : "cpe:/a:redhat:service_interconnect:1.4::el9", "package" : "service-interconnect/skupper-operator-bundle:1.4.7-2" }, { "product_name" : "Service Interconnect 1.4 for RHEL 9", "release_date" : "2024-09-26T00:00:00Z", "advisory" : "RHSA-2024:7213", "cpe" : "cpe:/a:redhat:service_interconnect:1.4::el9", "package" : "service-interconnect/skupper-router-rhel9:2.4.3-6" }, { "product_name" : "Service Interconnect 1.4 for RHEL 9", "release_date" : "2024-09-26T00:00:00Z", "advisory" : "RHSA-2024:7213", "cpe" : "cpe:/a:redhat:service_interconnect:1.4::el9", "package" : "service-interconnect/skupper-service-controller-rhel9:1.4.7-2" }, { "product_name" : "Service Interconnect 1.4 for RHEL 9", "release_date" : "2024-09-26T00:00:00Z", "advisory" : "RHSA-2024:7213", "cpe" : "cpe:/a:redhat:service_interconnect:1.4::el9", "package" : "service-interconnect/skupper-site-controller-rhel9:1.4.7-2" }, { "product_name" : "Service Interconnect 1 for RHEL 9", "release_date" : "2024-12-16T00:00:00Z", "advisory" : "RHSA-2024:11109", "cpe" : "cpe:/a:redhat:service_interconnect:1::el9", "package" : "service-interconnect/skupper-config-sync-rhel9:1.5.5-4" }, { "product_name" : "Service Interconnect 1 for RHEL 9", "release_date" : "2024-12-16T00:00:00Z", "advisory" : "RHSA-2024:11109", "cpe" : "cpe:/a:redhat:service_interconnect:1::el9", "package" : "service-interconnect/skupper-controller-podman-container-rhel9:1.5.5-4" }, { "product_name" : "Service Interconnect 1 for RHEL 9", "release_date" : "2024-12-16T00:00:00Z", "advisory" : "RHSA-2024:11109", "cpe" : "cpe:/a:redhat:service_interconnect:1::el9", "package" : "service-interconnect/skupper-controller-podman-rhel9:1.5.5-4" }, { "product_name" : "Service Interconnect 1 for RHEL 9", "release_date" : "2024-12-16T00:00:00Z", "advisory" : "RHSA-2024:11109", "cpe" : "cpe:/a:redhat:service_interconnect:1::el9", "package" : "service-interconnect/skupper-flow-collector-rhel9:1.5.5-4" }, { "product_name" : "Service Interconnect 1 for RHEL 9", "release_date" : "2024-12-16T00:00:00Z", "advisory" : "RHSA-2024:11109", "cpe" : "cpe:/a:redhat:service_interconnect:1::el9", "package" : "service-interconnect/skupper-operator-bundle:1.5.5-4" }, { "product_name" : "Service Interconnect 1 for RHEL 9", "release_date" : "2024-12-16T00:00:00Z", "advisory" : "RHSA-2024:11109", "cpe" : "cpe:/a:redhat:service_interconnect:1::el9", "package" : "service-interconnect/skupper-router-rhel9:2.5.3-6" }, { "product_name" : "Service Interconnect 1 for RHEL 9", "release_date" : "2024-12-16T00:00:00Z", "advisory" : "RHSA-2024:11109", "cpe" : "cpe:/a:redhat:service_interconnect:1::el9", "package" : "service-interconnect/skupper-service-controller-rhel9:1.5.5-4" }, { "product_name" : "Service Interconnect 1 for RHEL 9", "release_date" : "2024-12-16T00:00:00Z", "advisory" : "RHSA-2024:11109", "cpe" : "cpe:/a:redhat:service_interconnect:1::el9", "package" : "service-interconnect/skupper-site-controller-rhel9:1.5.5-4" }, { "product_name" : "Service Interconnect 1 for RHEL 9", "release_date" : "2024-09-30T00:00:00Z", "advisory" : "RHSA-2024:7374", "cpe" : "cpe:/a:redhat:service_interconnect:1::el9", "package" : "service-interconnect/skupper-config-sync-rhel9:1.5.5-3" }, { "product_name" : "Service Interconnect 1 for RHEL 9", "release_date" : "2024-09-30T00:00:00Z", "advisory" : "RHSA-2024:7374", "cpe" : "cpe:/a:redhat:service_interconnect:1::el9", "package" : "service-interconnect/skupper-controller-podman-container-rhel9:1.5.5-3" }, { "product_name" : "Service Interconnect 1 for RHEL 9", "release_date" : "2024-09-30T00:00:00Z", "advisory" : "RHSA-2024:7374", "cpe" : "cpe:/a:redhat:service_interconnect:1::el9", "package" : "service-interconnect/skupper-controller-podman-rhel9:1.5.5-3" }, { "product_name" : "Service Interconnect 1 for RHEL 9", "release_date" : "2024-09-30T00:00:00Z", "advisory" : "RHSA-2024:7374", "cpe" : "cpe:/a:redhat:service_interconnect:1::el9", "package" : "service-interconnect/skupper-flow-collector-rhel9:1.5.5-3" }, { "product_name" : "Service Interconnect 1 for RHEL 9", "release_date" : "2024-09-30T00:00:00Z", "advisory" : "RHSA-2024:7374", "cpe" : "cpe:/a:redhat:service_interconnect:1::el9", "package" : "service-interconnect/skupper-operator-bundle:1.5.5-3" }, { "product_name" : "Service Interconnect 1 for RHEL 9", "release_date" : "2024-09-30T00:00:00Z", "advisory" : "RHSA-2024:7374", "cpe" : "cpe:/a:redhat:service_interconnect:1::el9", "package" : "service-interconnect/skupper-router-rhel9:2.5.3-5" }, { "product_name" : "Service Interconnect 1 for RHEL 9", "release_date" : "2024-09-30T00:00:00Z", "advisory" : "RHSA-2024:7374", "cpe" : "cpe:/a:redhat:service_interconnect:1::el9", "package" : "service-interconnect/skupper-service-controller-rhel9:1.5.5-3" }, { "product_name" : "Service Interconnect 1 for RHEL 9", "release_date" : "2024-09-30T00:00:00Z", "advisory" : "RHSA-2024:7374", "cpe" : "cpe:/a:redhat:service_interconnect:1::el9", "package" : "service-interconnect/skupper-site-controller-rhel9:1.5.5-3" }, { "product_name" : "Red Hat OpenShift distributed tracing 3.6.0", "release_date" : "2025-07-23T00:00:00Z", "advisory" : "RHSA-2025:11662", "cpe" : "cpe:/a:redhat:openshift_distributed_tracing:3.6::el8", "package" : "rhosdt/jaeger-agent-rhel8:sha256:31e117f467424af472a05c52c52397e949cf7838bce643a3d9d24c0f57a06458" }, { "product_name" : "Red Hat OpenShift distributed tracing 3.6.0", "release_date" : "2025-07-23T00:00:00Z", "advisory" : "RHSA-2025:11662", "cpe" : "cpe:/a:redhat:openshift_distributed_tracing:3.6::el8", "package" : "rhosdt/jaeger-all-in-one-rhel8:sha256:3b00e2fec645e140fa304e5823bcb1d0fcd1ddac7f4cbf6e9a9c0fbeaf29682d" }, { "product_name" : "Red Hat OpenShift distributed tracing 3.6.0", "release_date" : "2025-07-23T00:00:00Z", "advisory" : "RHSA-2025:11662", "cpe" : "cpe:/a:redhat:openshift_distributed_tracing:3.6::el8", "package" : "rhosdt/jaeger-collector-rhel8:sha256:3dc773cc4a48041bfe69b516db58d2a5060059725351fc1dbcece64778a35b3a" }, { "product_name" : "Red Hat OpenShift distributed tracing 3.6.0", "release_date" : "2025-07-23T00:00:00Z", "advisory" : "RHSA-2025:11662", "cpe" : "cpe:/a:redhat:openshift_distributed_tracing:3.6::el8", "package" : "rhosdt/jaeger-es-index-cleaner-rhel8:sha256:3d98512aaa924e0e1c9f3b5ab6b405cb4f4a3f3b5225aefa54f1b2abfbe3d769" }, { "product_name" : "Red Hat OpenShift distributed tracing 3.6.0", "release_date" : "2025-07-23T00:00:00Z", "advisory" : "RHSA-2025:11662", "cpe" : "cpe:/a:redhat:openshift_distributed_tracing:3.6::el8", "package" : "rhosdt/jaeger-es-rollover-rhel8:sha256:1c4617b035c66b6b34e9b19f618f72a19da5fce644d79e24eb262f14c848bc81" }, { "product_name" : "Red Hat OpenShift distributed tracing 3.6.0", "release_date" : "2025-07-23T00:00:00Z", "advisory" : "RHSA-2025:11662", "cpe" : "cpe:/a:redhat:openshift_distributed_tracing:3.6::el8", "package" : "rhosdt/jaeger-ingester-rhel8:sha256:03f466002ae14ef14dd0e82e0ab75c5287295f77598eed8aca6d1ac6aaa11928" }, { "product_name" : "Red Hat OpenShift distributed tracing 3.6.0", "release_date" : "2025-07-23T00:00:00Z", "advisory" : "RHSA-2025:11662", "cpe" : "cpe:/a:redhat:openshift_distributed_tracing:3.6::el8", "package" : "rhosdt/jaeger-operator-bundle:sha256:be3feca3b19ac609e5ef829887b6d03ca3c504163ed0f9e10b2410cdfb175b72" }, { "product_name" : "Red Hat OpenShift distributed tracing 3.6.0", "release_date" : "2025-07-23T00:00:00Z", "advisory" : "RHSA-2025:11662", "cpe" : "cpe:/a:redhat:openshift_distributed_tracing:3.6::el8", "package" : "rhosdt/jaeger-query-rhel8:sha256:03f040cf94f7d8125f2e68bde45faa956dc9e70fef6307313e42af5de9bbfda0" }, { "product_name" : "Red Hat OpenShift distributed tracing 3.6.0", "release_date" : "2025-07-23T00:00:00Z", "advisory" : "RHSA-2025:11662", "cpe" : "cpe:/a:redhat:openshift_distributed_tracing:3.6::el8", "package" : "rhosdt/jaeger-rhel8-operator:sha256:6f3b7f23a515ac140bdad844d60d96fecc79835a75b1d29a70f66df737f1b50c" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "glib2", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "mingw-glib2", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Out of support scope", "package_name" : "glib2", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "glib2", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Will not fix", "package_name" : "mingw-glib2", "cpe" : "cpe:/o:redhat:enterprise_linux:8" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-34397\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-34397\nhttps://gitlab.gnome.org/GNOME/glib/-/issues/3268\nhttps://www.openwall.com/lists/oss-security/2024/05/07/5" ], "name" : "CVE-2024-34397", "csaw" : false }