[CLSA-2026:1783339922] Fix CVE(s): CVE-2026-58014, CVE-2026-58015, CVE-2026-58016
Type:
security
Severity:
Critical
Release date:
2026-07-06 12:12:22 UTC
Description:
* SECURITY UPDATE: state confusion in the D-Bus introspection XML parser - debian/patches/CVE-2026-58016.patch: reject a element nested inside a non- parent in g_dbus_node_info_new_for_xml() - CVE-2026-58016 * SECURITY UPDATE: one-byte heap under-read on an empty key-file value - debian/patches/CVE-2026-58014.patch: skip the trailing-separator check when the value length is 0 in g_key_file_get_locale_string_list() - CVE-2026-58014 * SECURITY UPDATE: DBUS_COOKIE_SHA1 client-side path traversal - debian/patches/CVE-2026-58015.patch: validate the server-supplied cookie_context before building the keyring path - CVE-2026-58015
Updated packages:
  • libglib2.0-0_2.56.4-0ubuntu0.18.04.9+tuxcare.els5_amd64.deb
    sha:df31537adcdce62bf4ab61f3b1083b63c6027bf9
  • libglib2.0-bin_2.56.4-0ubuntu0.18.04.9+tuxcare.els5_amd64.deb
    sha:896c4c2adc0ffbb3b1f974eca81a7c9892133163
  • libglib2.0-data_2.56.4-0ubuntu0.18.04.9+tuxcare.els5_all.deb
    sha:3460ada378d6d657998b1a90190be28fcaa073e9
  • libglib2.0-dev_2.56.4-0ubuntu0.18.04.9+tuxcare.els5_amd64.deb
    sha:ebb6953d7538df536ec2fb6c0b49ba3cc6e18858
  • libglib2.0-dev-bin_2.56.4-0ubuntu0.18.04.9+tuxcare.els5_amd64.deb
    sha:49501645348aa6769c5dc8ea7fcf5e9134a9db1b
  • libglib2.0-doc_2.56.4-0ubuntu0.18.04.9+tuxcare.els5_all.deb
    sha:239c228ec2e0d912159e4345d06322dfe1c11ad2
  • libglib2.0-tests_2.56.4-0ubuntu0.18.04.9+tuxcare.els5_amd64.deb
    sha:f1a31f88380ea78e280ee11b39be28897c6d84db
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.