Synopsis:          Moderate: glib2 and ibus security and bug fix update
Advisory ID:       SLSA-2020:3978-1
Issue Date:        2020-10-01
CVE Numbers:       CVE-2019-14822
                   CVE-2019-12450
--

Security Fix(es):

* glib2: file_copy_fallback in gio/gfile.c in GNOME GLib does not properly
restrict file permissions while a copy operation is in progress
(CVE-2019-12450)

* ibus: missing authorization allows local attacker to access the input bus
of another user (CVE-2019-14822)
--

SL7
  x86_64
    glib2-2.56.1-7.el7.i686.rpm
    ibus-libs-1.5.17-11.el7.x86_64.rpm
    ibus-libs-1.5.17-11.el7.i686.rpm
    ibus-gtk2-1.5.17-11.el7.x86_64.rpm
    ibus-gtk3-1.5.17-11.el7.i686.rpm
    ibus-gtk2-1.5.17-11.el7.i686.rpm
    ibus-gtk3-1.5.17-11.el7.x86_64.rpm
    glib2-2.56.1-7.el7.x86_64.rpm
    glib2-devel-2.56.1-7.el7.x86_64.rpm
    ibus-1.5.17-11.el7.x86_64.rpm
    glib2-devel-2.56.1-7.el7.i686.rpm
    ibus-1.5.17-11.el7.i686.rpm
    ibus-setup-1.5.17-11.el7.noarch.rpm
    glib2-debuginfo-2.56.1-7.el7.i686.rpm
    glib2-debuginfo-2.56.1-7.el7.x86_64.rpm
    ibus-debuginfo-1.5.17-11.el7.i686.rpm
    ibus-debuginfo-1.5.17-11.el7.x86_64.rpm
    glib2-fam-2.56.1-7.el7.x86_64.rpm
    glib2-static-2.56.1-7.el7.i686.rpm
    glib2-static-2.56.1-7.el7.x86_64.rpm
    glib2-tests-2.56.1-7.el7.x86_64.rpm
    ibus-devel-1.5.17-11.el7.i686.rpm
    ibus-devel-1.5.17-11.el7.x86_64.rpm
  noarch
    ibus-setup-1.5.17-11.el7.noarch.rpm
    glib2-doc-2.56.1-7.el7.noarch.rpm
    ibus-devel-docs-1.5.17-11.el7.noarch.rpm
    ibus-pygtk2-1.5.17-11.el7.noarch.rpm

- Scientific Linux Development Team