Bug 2056087

Summary: Fix for CVE-2021-27219 missing on RHEL 7.9
Product: Red Hat Enterprise Linux 7 Reporter: Wesley Philip <wesley.philip>
Component: glib2Assignee: Michael Catanzaro <mcatanza>
Status: CLOSED NOTABUG QA Contact: Desktop QE <desktop-qa-list>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 7.9CC: saroy
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-02-18 19:16:26 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Wesley Philip 2022-02-18 18:41:44 UTC 
Description of problem:

https://nvd.nist.gov/vuln/detail/CVE-2021-27219 seems to indicate that there was an issue discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. 

RHEL 7.9 seems to be using Glib2 2.56, so I'm wondering why there is not fix for it at that level, even though it's marked as important:

https://access.redhat.com/security/cve/cve-2021-27219


Version-Release number of selected component (if applicable):

RHEL 7.9


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 3 Michael Catanzaro 2022-02-18 19:16:26 UTC 
Hi, this CVE was fixed by https://access.redhat.com/errata/RHSA-2021:2147.

RHEL 7.9 is not listed separately on https://access.redhat.com/security/cve/CVE-2021-27219 because it's the last stable branch of RHEL 7.
Comment 4 Sandipan Roy 2022-02-22 12:26:47 UTC 
RHEL 7.9.z Bug 1960596

That is already fixed.