1. Forum
  2. Usenet
  3. LINUX.GENTOO.ANNOUNCE

  • [gentoo-announce] [ GLSA 202402-27 ] Glade: Denial of Service

    From glsamaker@gentoo.org@21:1/5 to All on Mon Feb 19 07:20:01 2024
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Gentoo Linux Security Advisory GLSA 202402-27
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    https://security.gentoo.org/
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    Severity: Normal
    Title: Glade: Denial of Service
    Date: February 19, 2024
    Bugs: #747451
    ID: 202402-27

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    Synopsis
    ========

    A vulnerability has been discovered in Glade which can lead to a denial
    of service.

    Background
    ==========

    Glade is a RAD tool to enable quick & easy development of user
    interfaces for the GTK+ toolkit (Version 3 only) and the GNOME desktop environment.

    Affected packages
    =================

    Package Vulnerable Unaffected
    -------------- ------------ ------------
    dev-util/glade < 3.38.2 >= 3.38.2

    Description
    ===========

    A vulnerability has been found in Glade which can lead to a denial of
    service when working with specific glade files.

    Impact
    ======

    A crafted file may lead to crashes in Glade.

    Workaround
    ==========

    There is no known workaround at this time.

    Resolution
    ==========

    All Glade users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=dev-util/glade-3.38.2"

    References
    ==========

    [ 1 ] CVE-2020-36774
    https://nvd.nist.gov/vuln/detail/CVE-2020-36774

    Availability
    ============

    This GLSA and any updates to it are available for viewing at
    the Gentoo Security Website:

    https://security.gentoo.org/glsa/202402-27

    Concerns?
    =========

    Security is a primary focus of Gentoo Linux and ensuring the
    confidentiality and security of our users' machines is of utmost
    importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

    License
    =======

    Copyright 2024 Gentoo Foundation, Inc; referenced text
    belongs to its owner(s).

    The contents of this document are licensed under the
    Creative Commons - Attribution / Share Alike license.

    https://creativecommons.org/licenses/by-sa/2.5
    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEpqTA6ABLMxh/aChGFMQkOaVy+9kFAmXS7uYACgkQFMQkOaVy +9kKDRAAzc/ayFYifF9K7Y5hkdTpaP2ou1AH7rMLWsNiC+ohpzXnRv4hBnXXrM6Z Zvc+Q1bliq6UID5jdKPCjjeG2z88L7b+gT6EW5rb8/E75zxOfGfWgC9aE4eeYxFA rksInW1bAv1mhB7M4NZyjj253BOly7XXmSv0++Mzi1e5oy6DhdqwjEUFFfC0Ey5g ZlvnZkPctN11BVh2BRpuQnQeINEAz9XpvP+TnS/XaExtA4qM0kzQP8xwTKE6KlMz LD6B3bSS41JF54qhh2wDHLU4g16QpzQSqesMjOB5EakQKjhZFkTHTh0LZ01vSoLI OGzD+Dcx8yX6+vcfKpKvBJSgOPtxobaKBLJH9Gm0xtB//qZuRVRoCCUQwT0Z+a/B juNRrZuRdEbKPrmkQrd5JHY8ho1+4t05lTGOSQ/GTZXQLWicEOUA5+PFPPga6xCH 9q9zXsE3Avs0ujaIAxP7pHvYtqLGAxZjKkTxVUeVkT76BBJUkKpHgPKzzK8SlIxa fHeXzETVzbkUloiM1e8cVUpFBnYJWG8nFh9PfYrAqD7ve5A1IvpgQru8BJmKFuer sNJaAOhZqT2xEg5ZJ5ou1Sk35y6imwRAo/G4c+KwpwVgM4hJaeP8f7VEDcArNjXc lBHpxJKF1GOKy1HXkM6PoIaei4TlO9Wo/HcheGgeV9O5MP6mtL0=
    =NKpM
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)