An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact.
Created glib2 tracking bugs for this issue: Affects: fedora-38 [bug 2279638] Affects: fedora-39 [bug 2279640] Affects: fedora-40 [bug 2279637] Created mingw-glib2 tracking bugs for this issue: Affects: fedora-38 [bug 2279639] Affects: fedora-39 [bug 2279641] Affects: fedora-40 [bug 2279642]
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:6464 https://access.redhat.com/errata/RHSA-2024:6464
This issue has been addressed in the following products: Service Interconnect 1.4 for RHEL 9 Via RHSA-2024:7213 https://access.redhat.com/errata/RHSA-2024:7213
This issue has been addressed in the following products: Service Interconnect 1 for RHEL 9 Via RHSA-2024:7374 https://access.redhat.com/errata/RHSA-2024:7374