Name of the Vulnerable Software and Affected Versions GLib versions prior to 2.66.7 GLib versions prior to 2.70

Description The issue concerns several problems in GLib, including silent integer truncation and heap overflow in g memdup(), issues with handling over-long input when parsing for GDate, and the unsafe use of GIO in privileged processes. These changes harden GLib against potential attacks. Additionally, there were regressions caused by rushed security fixes and a silent integer truncation when calling g byte array new take() for large byte arrays.

Recommendations For GLib versions prior to 2.66.7, update to version 2.66.7 to fix several issues, including regressions and silent integer truncation. For GLib versions prior to 2.70, consider disabling the use of GIO modules or parsing GIO environment variables when AT SECURE is set as a temporary workaround until the loophole is closed in version 2.70. Avoid using g memdup() and g byte array new take() with large inputs until the issue is resolved. Restrict access to DBUS SESSION BUS ADDRESS for setuid processes to minimize the risk of exploitation.