It was discovered that glib-networking skipped hostname certificate verification if the application failed to specify the server identity. A remote attacker could use this to perform a person-in-the-middle attack and expose sensitive information.
{ "binaries": [ { "binary_version": "2.48.2-1~ubuntu16.04.2", "binary_name": "glib-networking" }, { "binary_version": "2.48.2-1~ubuntu16.04.2", "binary_name": "glib-networking-common" }, { "binary_version": "2.48.2-1~ubuntu16.04.2", "binary_name": "glib-networking-services" }, { "binary_version": "2.48.2-1~ubuntu16.04.2", "binary_name": "glib-networking-tests" } ], "availability": "No subscription required" }
{ "binaries": [ { "binary_version": "2.56.0-1ubuntu0.1", "binary_name": "glib-networking" }, { "binary_version": "2.56.0-1ubuntu0.1", "binary_name": "glib-networking-common" }, { "binary_version": "2.56.0-1ubuntu0.1", "binary_name": "glib-networking-services" }, { "binary_version": "2.56.0-1ubuntu0.1", "binary_name": "glib-networking-tests" } ], "availability": "No subscription required" }
{ "binaries": [ { "binary_version": "2.64.2-1ubuntu0.1", "binary_name": "glib-networking" }, { "binary_version": "2.64.2-1ubuntu0.1", "binary_name": "glib-networking-common" }, { "binary_version": "2.64.2-1ubuntu0.1", "binary_name": "glib-networking-services" }, { "binary_version": "2.64.2-1ubuntu0.1", "binary_name": "glib-networking-tests" } ], "availability": "No subscription required" }