USN-7942-1: GLib vulnerabilities
Ubuntu DesktopCanonical
USN-7942-1: GLib vulnerabilities
Publication date: 6 January 2026
Overview: Several security issues were fixed in GLib.
Packages
glib2.0 - GLib library of C routines
Details
It was discovered that GLib incorrectly handled escaping URI strings. An
attacker could use this issue to cause GLib to crash, resulting in a
denial of service, or possibly execute arbitrary code. (CVE-2025-13601)
It was discovered that GLib incorrectly parsed certain GVariants. An
attacker could use this issue to cause GLib to crash, resulting in a
denial of service, or possibly execute arbitrary code. (CVE-2025-14087)
It was discovered that GLib incorrectly parsed certain long invalid ISO
8601 timestamps. An attacker could possibly use this issue to cause GLib to
crash, resulting in a denial of service. This issue only affected Ubuntu
22.04 LTS and Ubuntu 24.04 LTS. (CVE-2025-3360)
It was discovered that GLib incorrectly handled GString memory operations.
An attacker could use this issue to cause GLib to crash, resulting in a
denial of service, or possibly execute arbitrary code. This issue only
affected Ubuntu 24.04 LTS and Ubuntu 25.04. (CVE-2025-6052)
It was discovered that GLib incorrectly handled creating temporary files.
An attacker could possibly use this issue to access unauthorized data. This
issue only affected Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 25.04.
(CVE-2025-7039)
Update instructions
The problem can be corrected by updating your system to the following package versions:
25.10 questing
- libglib2.0-0t64 – 2.86.0-2ubuntu0.1
- libglib2.0-bin – 2.86.0-2ubuntu0.1
25.04 plucky - libglib2.0-0t64 – 2.84.1-1ubuntu0.2
- libglib2.0-bin – 2.84.1-1ubuntu0.2
24.04 LTS noble - libglib2.0-0t64 – 2.80.0-6ubuntu3.6
- libglib2.0-bin – 2.80.0-6ubuntu3.6
22.04 LTS jammy - libglib2.0-0 – 2.72.4-0ubuntu2.7
- libglib2.0-bin – 2.72.4-0ubuntu2.7
