Bug 2279632 (CVE-2024-34397) - CVE-2024-34397 glib2: Signal subscription vulnerabilities
Summary: CVE-2024-34397 glib2: Signal subscription vulnerabilities
Keywords:
Status: NEW
Alias: CVE-2024-34397
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2279637 2279638 2279639 2279640 2279641 2279642
Blocks: 2279633
TreeView+ depends on / blocked
 
Reported: 2024-05-07 19:59 UTC by Zack Miele
Modified: 2025-09-15 08:29 UTC (History)
47 users (show)

Fixed In Version: glib 2.78.5, glib 2.80.1, glib 2.81.0
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2024:6472 0 None None None 2024-09-09 05:47:33 UTC
Red Hat Product Errata RHBA-2024:6475 0 None None None 2024-09-09 06:21:57 UTC
Red Hat Product Errata RHBA-2024:6504 0 None None None 2024-09-09 16:06:32 UTC
Red Hat Product Errata RHBA-2024:6513 0 None None None 2024-09-09 18:41:56 UTC
Red Hat Product Errata RHBA-2024:6539 0 None None None 2024-09-10 15:34:36 UTC
Red Hat Product Errata RHBA-2024:6541 0 None None None 2024-09-10 14:41:37 UTC
Red Hat Product Errata RHBA-2024:6542 0 None None None 2024-09-10 14:42:01 UTC
Red Hat Product Errata RHBA-2024:6543 0 None None None 2024-09-10 14:42:44 UTC
Red Hat Product Errata RHBA-2024:6544 0 None None None 2024-09-10 14:44:55 UTC
Red Hat Product Errata RHBA-2024:6546 0 None None None 2024-09-10 14:44:21 UTC
Red Hat Product Errata RHBA-2024:6605 0 None None None 2024-09-11 14:45:31 UTC
Red Hat Product Errata RHBA-2024:6651 0 None None None 2024-09-12 14:37:57 UTC
Red Hat Product Errata RHBA-2024:6696 0 None None None 2024-09-16 14:05:34 UTC
Red Hat Product Errata RHBA-2024:6724 0 None None None 2024-09-17 11:26:59 UTC
Red Hat Product Errata RHBA-2024:6750 0 None None None 2024-09-18 06:51:37 UTC
Red Hat Product Errata RHBA-2024:6828 0 None None None 2024-09-19 07:45:49 UTC
Red Hat Product Errata RHBA-2024:6856 0 None None None 2024-09-19 14:04:40 UTC
Red Hat Product Errata RHBA-2024:6858 0 None None None 2024-09-19 14:13:40 UTC
Red Hat Product Errata RHBA-2024:6859 0 None None None 2024-09-19 14:12:21 UTC
Red Hat Product Errata RHBA-2024:6860 0 None None None 2024-09-19 14:19:29 UTC
Red Hat Product Errata RHBA-2024:6861 0 None None None 2024-09-19 14:26:16 UTC
Red Hat Product Errata RHBA-2024:6863 0 None None None 2024-09-19 14:20:04 UTC
Red Hat Product Errata RHBA-2024:7048 0 None None None 2024-09-24 11:59:38 UTC
Red Hat Product Errata RHBA-2024:7080 0 None None None 2024-09-24 19:44:17 UTC
Red Hat Product Errata RHBA-2025:11601 0 None None None 2025-07-23 11:54:36 UTC
Red Hat Product Errata RHBA-2025:11604 0 None None None 2025-07-23 10:40:35 UTC
Red Hat Product Errata RHBA-2025:12069 0 None None None 2025-07-29 10:29:00 UTC
Red Hat Product Errata RHBA-2025:12287 0 None None None 2025-07-30 10:03:47 UTC
Red Hat Product Errata RHBA-2025:12321 0 None None None 2025-07-30 21:06:37 UTC
Red Hat Product Errata RHBA-2025:12357 0 None None None 2025-07-31 09:59:49 UTC
Red Hat Product Errata RHSA-2024:6464 0 None None None 2024-09-09 02:18:15 UTC
Red Hat Product Errata RHSA-2024:7213 0 None None None 2024-09-26 13:28:47 UTC
Red Hat Product Errata RHSA-2024:7374 0 None None None 2024-09-30 10:26:12 UTC
Red Hat Product Errata RHSA-2024:9442 0 None None None 2024-11-12 11:10:27 UTC
Red Hat Product Errata RHSA-2025:10780 0 None None None 2025-07-10 09:53:35 UTC
Red Hat Product Errata RHSA-2025:11327 0 None None None 2025-07-16 14:05:54 UTC
Red Hat Product Errata RHSA-2025:13276 0 None None None 2025-08-07 06:31:37 UTC
Red Hat Product Errata RHSA-2025:14988 0 None None None 2025-09-02 02:46:54 UTC
Red Hat Product Errata RHSA-2025:14989 0 None None None 2025-09-02 02:05:49 UTC
Red Hat Product Errata RHSA-2025:14990 0 None None None 2025-09-02 01:39:46 UTC
Red Hat Product Errata RHSA-2025:14991 0 None None None 2025-09-02 02:07:58 UTC

Description Zack Miele 2024-05-07 19:59:58 UTC 
An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact.
Comment 1 Zack Miele 2024-05-07 20:06:57 UTC 
Created glib2 tracking bugs for this issue:

Affects: fedora-38 [bug 2279638]
Affects: fedora-39 [bug 2279640]
Affects: fedora-40 [bug 2279637]


Created mingw-glib2 tracking bugs for this issue:

Affects: fedora-38 [bug 2279639]
Affects: fedora-39 [bug 2279641]
Affects: fedora-40 [bug 2279642]
Comment 5 errata-xmlrpc 2024-09-09 02:18:13 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:6464 https://access.redhat.com/errata/RHSA-2024:6464
Comment 6 errata-xmlrpc 2024-09-26 13:28:44 UTC 
This issue has been addressed in the following products:

  Service Interconnect 1.4 for RHEL 9

Via RHSA-2024:7213 https://access.redhat.com/errata/RHSA-2024:7213
Comment 7 errata-xmlrpc 2024-09-30 10:26:10 UTC 
This issue has been addressed in the following products:

  Service Interconnect 1 for RHEL 9

Via RHSA-2024:7374 https://access.redhat.com/errata/RHSA-2024:7374
Comment 9 errata-xmlrpc 2024-11-12 11:10:24 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:9442 https://access.redhat.com/errata/RHSA-2024:9442
Comment 11 errata-xmlrpc 2025-07-10 09:53:29 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2025:10780 https://access.redhat.com/errata/RHSA-2025:10780
Comment 12 errata-xmlrpc 2025-07-16 14:05:49 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2025:11327 https://access.redhat.com/errata/RHSA-2025:11327
Comment 16 errata-xmlrpc 2025-08-07 06:31:32 UTC 
This issue has been addressed in the following products:

  RHEL-8 based Middleware Containers

Via RHSA-2025:13276 https://access.redhat.com/errata/RHSA-2025:13276
Comment 28 errata-xmlrpc 2025-09-02 01:39:42 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On

Via RHSA-2025:14990 https://access.redhat.com/errata/RHSA-2025:14990
Comment 29 errata-xmlrpc 2025-09-02 02:05:44 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.8 Telecommunications Update Service

Via RHSA-2025:14989 https://access.redhat.com/errata/RHSA-2025:14989
Comment 30 errata-xmlrpc 2025-09-02 02:07:53 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support

Via RHSA-2025:14991 https://access.redhat.com/errata/RHSA-2025:14991
Comment 31 errata-xmlrpc 2025-09-02 02:46:50 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2025:14988 https://access.redhat.com/errata/RHSA-2025:14988
Note You need to log in before you can comment on or make changes to this bug.