Hi Guys,
Good day to all.
This is regarding patching. From Rapid7 below vulnerability is showing on Centos 7.9.2009
Vulnerable Package : glib2-debuginfo - version 2.56.1-5.el7 is installed
Vulnerability Description :
file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used.
I have tried do yum update but but all are up to date even repos as well.
Can you help with it.
ulnerable Package : glib2-debuginfo - version 2.56.1-5.el7
Re: ulnerable Package : glib2-debuginfo - version 2.56.1-5.el7
Well it's incredibly unlikely that the problem would be in the debuginfo package. However, the glib2 package is built from the same source and the debuginfo package is just a spin-off from that build. The rpm changelog says
And the first one there looks like the thing you are talking about.* Thu May 14 2020 Michael Catanzaro <mcatanzaro@redhat.com> - 2.56.1-7
- Backport patch to limit access to files when copying (CVE-2019-12450)
Resolves: #1722099
* Wed Apr 15 2020 Jens Petersen <petersen@redhat.com> - 2.56.1-6
- Backport patches for GDBus auth
Resolves: #1777221
CentOS 6 died in November 2020 - migrate to a new version!
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 is dead, do not use it.
Full time Geek, part time moderator. Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 is dead, do not use it.
Full time Geek, part time moderator. Use the FAQ Luke
Re: ulnerable Package : glib2-debuginfo - version 2.56.1-5.el7
Hello TrevorH,
Thanks for reply.
Can you please suggest how to remediate this vulnerability ?
Regards,
Suresh
Thanks for reply.
Can you please suggest how to remediate this vulnerability ?
Regards,
Suresh
TrevorH wrote: ↑2020/11/16 11:11:04Well it's incredibly unlikely that the problem would be in the debuginfo package. However, the glib2 package is built from the same source and the debuginfo package is just a spin-off from that build. The rpm changelog says
And the first one there looks like the thing you are talking about.* Thu May 14 2020 Michael Catanzaro <mcatanzaro@redhat.com> - 2.56.1-7
- Backport patch to limit access to files when copying (CVE-2019-12450)
Resolves: #1722099
* Wed Apr 15 2020 Jens Petersen <petersen@redhat.com> - 2.56.1-6
- Backport patches for GDBus auth
Resolves: #1777221
Re: ulnerable Package : glib2-debuginfo - version 2.56.1-5.el7
The changelog says it's already fixed as far as I can see so it's not a vulnerability, it's a false detection.
CentOS 6 died in November 2020 - migrate to a new version!
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 is dead, do not use it.
Full time Geek, part time moderator. Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 is dead, do not use it.
Full time Geek, part time moderator. Use the FAQ Luke