SUSE-SU-2026:20032-1

CVE-2025-14512: integer overflow in the GIO escape_byte_string() function when processing malicious files or remote filesystem attribute values can lead to denial-of-service (bsc#1254878).
CVE-2025-14087: buffer underflow in the GVariant parser bytestring_parse() and string_parse() functions when processing attacker-influenced data may lead to crash or code execution (bsc#1254662).
CVE-2025-13601: heap-based buffer overflow in the g_escape_uri_string() function when processing strings with a large number of unacceptable characters may lead to crash or code execution (bsc#1254297).
CVE-2025-7039: integer overflow when creating temporary files may lead to an out-of-bounds memory access that can be used for path traversal or exposure of sensitive content in a temporary file (bsc#1249055).

Other issues fixed and changes:

Fix GFile leak in g_local_file_set_display_name during error handling.
Fix incorrect output parameter handling in closure helper of g_settings_bind_with_mapping_closures.
gfileutils: fix computation of temporary file name.
Fix GFile leak in g_local_file_set_display_name().
gthreadpool: catch pool_spawner creation failure.
gio/filenamecompleter: fix leaks.
gfilenamecompleter: fix g_object_unref() of undefined value.

References

Affected packages

SUSE:Linux Enterprise Server 16.0

glib2

Package

Name: glib2
Purl: pkg:rpm/suse/glib2&distro=SUSE%20Linux%20Enterprise%20Server%2016.0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.84.4-160000.1.1

Ecosystem specific

{
    "binaries": [
        {
            "glib2-lang": "2.84.4-160000.1.1",
            "libglib-2_0-0": "2.84.4-160000.1.1",
            "glib2-doc": "2.84.4-160000.1.1",
            "typelib-1_0-GIRepository-3_0": "2.84.4-160000.1.1",
            "libgirepository-2_0-0": "2.84.4-160000.1.1",
            "glib2-tools": "2.84.4-160000.1.1",
            "typelib-1_0-GLib-2_0": "2.84.4-160000.1.1",
            "typelib-1_0-GModule-2_0": "2.84.4-160000.1.1",
            "libgmodule-2_0-0": "2.84.4-160000.1.1",
            "glib2-devel": "2.84.4-160000.1.1",
            "typelib-1_0-Gio-2_0": "2.84.4-160000.1.1",
            "libgio-2_0-0": "2.84.4-160000.1.1",
            "typelib-1_0-GLibUnix-2_0": "2.84.4-160000.1.1",
            "glib2-devel-static": "2.84.4-160000.1.1",
            "gio-branding-SLE": "16-160000.2.2",
            "typelib-1_0-GObject-2_0": "2.84.4-160000.1.1",
            "libgobject-2_0-0": "2.84.4-160000.1.1",
            "libgthread-2_0-0": "2.84.4-160000.1.1"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:20032-1.json"

glib2-branding-SLE

Package

Name: glib2-branding-SLE
Purl: pkg:rpm/suse/glib2-branding-SLE&distro=SUSE%20Linux%20Enterprise%20Server%2016.0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

16-160000.2.2

Ecosystem specific

{
    "binaries": [
        {
            "glib2-lang": "2.84.4-160000.1.1",
            "libglib-2_0-0": "2.84.4-160000.1.1",
            "glib2-doc": "2.84.4-160000.1.1",
            "typelib-1_0-GIRepository-3_0": "2.84.4-160000.1.1",
            "libgirepository-2_0-0": "2.84.4-160000.1.1",
            "glib2-tools": "2.84.4-160000.1.1",
            "typelib-1_0-GLib-2_0": "2.84.4-160000.1.1",
            "typelib-1_0-GModule-2_0": "2.84.4-160000.1.1",
            "libgmodule-2_0-0": "2.84.4-160000.1.1",
            "glib2-devel": "2.84.4-160000.1.1",
            "typelib-1_0-Gio-2_0": "2.84.4-160000.1.1",
            "libgio-2_0-0": "2.84.4-160000.1.1",
            "typelib-1_0-GLibUnix-2_0": "2.84.4-160000.1.1",
            "glib2-devel-static": "2.84.4-160000.1.1",
            "gio-branding-SLE": "16-160000.2.2",
            "typelib-1_0-GObject-2_0": "2.84.4-160000.1.1",
            "libgobject-2_0-0": "2.84.4-160000.1.1",
            "libgthread-2_0-0": "2.84.4-160000.1.1"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:20032-1.json"

glib2-doc

Package

Name: glib2-doc
Purl: pkg:rpm/suse/glib2-doc&distro=SUSE%20Linux%20Enterprise%20Server%2016.0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.84.4-160000.1.1

Ecosystem specific

{
    "binaries": [
        {
            "glib2-lang": "2.84.4-160000.1.1",
            "libglib-2_0-0": "2.84.4-160000.1.1",
            "glib2-doc": "2.84.4-160000.1.1",
            "typelib-1_0-GIRepository-3_0": "2.84.4-160000.1.1",
            "libgirepository-2_0-0": "2.84.4-160000.1.1",
            "glib2-tools": "2.84.4-160000.1.1",
            "typelib-1_0-GLib-2_0": "2.84.4-160000.1.1",
            "typelib-1_0-GModule-2_0": "2.84.4-160000.1.1",
            "libgmodule-2_0-0": "2.84.4-160000.1.1",
            "glib2-devel": "2.84.4-160000.1.1",
            "typelib-1_0-Gio-2_0": "2.84.4-160000.1.1",
            "libgio-2_0-0": "2.84.4-160000.1.1",
            "typelib-1_0-GLibUnix-2_0": "2.84.4-160000.1.1",
            "glib2-devel-static": "2.84.4-160000.1.1",
            "gio-branding-SLE": "16-160000.2.2",
            "typelib-1_0-GObject-2_0": "2.84.4-160000.1.1",
            "libgobject-2_0-0": "2.84.4-160000.1.1",
            "libgthread-2_0-0": "2.84.4-160000.1.1"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:20032-1.json"

SUSE:Linux Enterprise Server for SAP applications 16.0

glib2

Package

Name: glib2
Purl: pkg:rpm/suse/glib2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.84.4-160000.1.1

Ecosystem specific

{
    "binaries": [
        {
            "glib2-lang": "2.84.4-160000.1.1",
            "libglib-2_0-0": "2.84.4-160000.1.1",
            "glib2-doc": "2.84.4-160000.1.1",
            "typelib-1_0-GIRepository-3_0": "2.84.4-160000.1.1",
            "libgirepository-2_0-0": "2.84.4-160000.1.1",
            "glib2-tools": "2.84.4-160000.1.1",
            "typelib-1_0-GLib-2_0": "2.84.4-160000.1.1",
            "typelib-1_0-GModule-2_0": "2.84.4-160000.1.1",
            "libgmodule-2_0-0": "2.84.4-160000.1.1",
            "glib2-devel": "2.84.4-160000.1.1",
            "typelib-1_0-Gio-2_0": "2.84.4-160000.1.1",
            "libgio-2_0-0": "2.84.4-160000.1.1",
            "typelib-1_0-GLibUnix-2_0": "2.84.4-160000.1.1",
            "glib2-devel-static": "2.84.4-160000.1.1",
            "gio-branding-SLE": "16-160000.2.2",
            "typelib-1_0-GObject-2_0": "2.84.4-160000.1.1",
            "libgobject-2_0-0": "2.84.4-160000.1.1",
            "libgthread-2_0-0": "2.84.4-160000.1.1"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:20032-1.json"

glib2-branding-SLE

Package

Name: glib2-branding-SLE
Purl: pkg:rpm/suse/glib2-branding-SLE&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

16-160000.2.2

Ecosystem specific

{
    "binaries": [
        {
            "glib2-lang": "2.84.4-160000.1.1",
            "libglib-2_0-0": "2.84.4-160000.1.1",
            "glib2-doc": "2.84.4-160000.1.1",
            "typelib-1_0-GIRepository-3_0": "2.84.4-160000.1.1",
            "libgirepository-2_0-0": "2.84.4-160000.1.1",
            "glib2-tools": "2.84.4-160000.1.1",
            "typelib-1_0-GLib-2_0": "2.84.4-160000.1.1",
            "typelib-1_0-GModule-2_0": "2.84.4-160000.1.1",
            "libgmodule-2_0-0": "2.84.4-160000.1.1",
            "glib2-devel": "2.84.4-160000.1.1",
            "typelib-1_0-Gio-2_0": "2.84.4-160000.1.1",
            "libgio-2_0-0": "2.84.4-160000.1.1",
            "typelib-1_0-GLibUnix-2_0": "2.84.4-160000.1.1",
            "glib2-devel-static": "2.84.4-160000.1.1",
            "gio-branding-SLE": "16-160000.2.2",
            "typelib-1_0-GObject-2_0": "2.84.4-160000.1.1",
            "libgobject-2_0-0": "2.84.4-160000.1.1",
            "libgthread-2_0-0": "2.84.4-160000.1.1"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:20032-1.json"

glib2-doc

Package

Name: glib2-doc
Purl: pkg:rpm/suse/glib2-doc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.84.4-160000.1.1

Ecosystem specific

{
    "binaries": [
        {
            "glib2-lang": "2.84.4-160000.1.1",
            "libglib-2_0-0": "2.84.4-160000.1.1",
            "glib2-doc": "2.84.4-160000.1.1",
            "typelib-1_0-GIRepository-3_0": "2.84.4-160000.1.1",
            "libgirepository-2_0-0": "2.84.4-160000.1.1",
            "glib2-tools": "2.84.4-160000.1.1",
            "typelib-1_0-GLib-2_0": "2.84.4-160000.1.1",
            "typelib-1_0-GModule-2_0": "2.84.4-160000.1.1",
            "libgmodule-2_0-0": "2.84.4-160000.1.1",
            "glib2-devel": "2.84.4-160000.1.1",
            "typelib-1_0-Gio-2_0": "2.84.4-160000.1.1",
            "libgio-2_0-0": "2.84.4-160000.1.1",
            "typelib-1_0-GLibUnix-2_0": "2.84.4-160000.1.1",
            "glib2-devel-static": "2.84.4-160000.1.1",
            "gio-branding-SLE": "16-160000.2.2",
            "typelib-1_0-GObject-2_0": "2.84.4-160000.1.1",
            "libgobject-2_0-0": "2.84.4-160000.1.1",
            "libgthread-2_0-0": "2.84.4-160000.1.1"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:20032-1.json"