Bug 1220059 (CVE-2020-36774) - VUL-0: CVE-2020-36774: glade: widget mishandle rebuilding for GladeGtkBox, leading to crash.
Summary: VUL-0: CVE-2020-36774: glade: widget mishandle rebuilding for GladeGtkBox, le...
Status: RESOLVED FIXED
Alias: CVE-2020-36774
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/394488/
Whiteboard: CVSSv3.1:SUSE:CVE-2020-36774:5.5:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2024-02-19 09:02 UTC by SMASH SMASH
Modified: 2024-07-05 15:17 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description SMASH SMASH 2024-02-19 09:02:28 UTC 
plugins/gtk+/glade-gtk-box.c in GNOME Glade before 3.38.1 and 3.39.x before 3.40.0 mishandles widget rebuilding for GladeGtkBox, leading to a denial of service 3.40.0 mishandles widget rebuilding for GladeGtkBox, leading(application crash).

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36774
https://www.cve.org/CVERecord?id=CVE-2020-36774
https://gitlab.gnome.org/GNOME/glade/-/commit/7acdd3c6f6934f47b8974ebc2190a59ea5d2ed17
https://gitlab.gnome.org/GNOME/glade/-/issues/479
Comment 1 Thomas Leroy 2024-02-19 09:03:57 UTC 
Affected:

- SUSE:SLE-12-SP2:Update
- SUSE:SLE-15-SP2:Update
- SUSE:SLE-15:Update

openSUSE:Factory and SLE-15-SP4 already fixed.
Comment 6 Maintenance Automation 2024-03-25 16:30:04 UTC 
SUSE-SU-2024:0983-1: An update that solves one vulnerability can now be installed.

Category: security (moderate)
Bug References: 1220059
CVE References: CVE-2020-36774
Maintenance Incident: [SUSE:Maintenance:32833](https://smelt.suse.de/incident/32833/)
Sources used:
SUSE Linux Enterprise Software Development Kit 12 SP5 (src):
 glade-3.20.0-7.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 8 Thomas Leroy 2024-07-05 15:17:11 UTC 
All done, closing.
Comment 9 Thomas Leroy 2024-07-05 15:17:31 UTC 
All done, closing.