[CLSA-2026:1783340282] Fix CVE(s): CVE-2026-58014, CVE-2026-58015, CVE-2026-58016
Type:
security
Severity:
Critical
Release date:
2026-07-06 12:18:22 UTC
Description:
* SECURITY UPDATE: state confusion in the D-Bus introspection XML parser - debian/patches/CVE-2026-58016.patch: reject a element nested inside a non- parent in g_dbus_node_info_new_for_xml() - CVE-2026-58016 * SECURITY UPDATE: one-byte heap under-read on an empty key-file value - debian/patches/CVE-2026-58014.patch: skip the trailing-separator check when the value length is 0 in g_key_file_get_locale_string_list() - CVE-2026-58014 * SECURITY UPDATE: DBUS_COOKIE_SHA1 client-side path traversal - debian/patches/CVE-2026-58015.patch: validate the server-supplied cookie_context before building the keyring path - CVE-2026-58015
Updated packages:
  • libglib2.0-0_2.48.2-0ubuntu4.8+tuxcare.els6_amd64.deb
    sha:1281173168711e291bb0cde476831ff75954479f
  • libglib2.0-0-refdbg_2.48.2-0ubuntu4.8+tuxcare.els6_amd64.deb
    sha:126a691cf7a71c9392c932efceb66aab7d0f446a
  • libglib2.0-bin_2.48.2-0ubuntu4.8+tuxcare.els6_amd64.deb
    sha:37d44f234c418d578fc0567eae8c6835f36f7c2d
  • libglib2.0-data_2.48.2-0ubuntu4.8+tuxcare.els6_all.deb
    sha:80499f001d5cb4d2a65844d5fa094f2ef3c13df2
  • libglib2.0-dev_2.48.2-0ubuntu4.8+tuxcare.els6_amd64.deb
    sha:6f569a3049c19074da3cc06f918ae92acdb9b1aa
  • libglib2.0-doc_2.48.2-0ubuntu4.8+tuxcare.els6_all.deb
    sha:cba41938e346920b1ad650b1a1bfa5f6481a1788
  • libglib2.0-tests_2.48.2-0ubuntu4.8+tuxcare.els6_amd64.deb
    sha:d8d476fb99eacc1f182d38d648cd7d51880b7260
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.