Bug 1129429 - (CVE-2019-9633) VUL-0: CVE-2019-9633: glib,glib2: g_socket_client_connected_callback in gio/gsocketclient.c allows to cause denial of service
VUL-0: CVE-2019-9633: glib,glib2: g_socket_client_connected_callback in gio/g...
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
Depends on:
  Show dependency treegraph
Reported: 2019-03-15 13:59 UTC by Robert Frohl
Modified: 2020-05-12 18:34 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

QA Reproducer (126.56 KB, text/html)
2019-03-18 10:00 UTC, Robert Frohl

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Frohl 2019-03-15 13:59:34 UTC

gio/gsocketclient.c in GNOME GLib 2.59.2 does not ensure that a parent GTask remains alive during the execution of a connection-attempting enumeration, which allows remote attackers to cause a denial of service (g_socket_client_connected_callback mishandling and application crash) via a crafted web site, as demonstrated by GNOME Web (aka Epiphany).

Upstream patch:

Upstream issue:

Comment 1 Robert Frohl 2019-03-15 14:30:44 UTC
looking at the patch only glib2 in these codestreams seems affected:
- SUSE:SLE-12:Update
- SUSE:SLE-12-SP2:Update
- SUSE:SLE-15:Update
Comment 2 Robert Frohl 2019-03-18 10:00:42 UTC
Created attachment 800368 [details]
QA Reproducer

# download spoof.html and open in Epiphany
-> url bar shows spoofed address: 'https://www.Gmail.com:8080' (but should be file://<path>)
Comment 3 Qiang Zheng 2019-03-19 08:29:42 UTC
After some research, the fix is based on some latest commits on upstream, our product code  do not use some structures and functions and are far behind it, upgrade is recommend.
Comment 4 Marcus Meissner 2019-04-09 15:19:49 UTC
how big of a jump would that be? from which to which version?
Comment 5 Qiang Zheng 2019-04-16 05:44:23 UTC
This was a bug in GLib 2.59.1 only, and SUSE:SLE-15:Update/glib2/glib-2.54.3, SUSE:SLE-12:Update/glib2/glib-2.38.2, SUSE:SLE-12-SP2:Update/glib2/glib-2.48.2 do not have.
Comment 6 Marcus Meissner 2019-04-16 06:03:06 UTC
thanks, marked it as such and closing :)