A new glib2 package with the fix for the CVE-2021-28153 and the CVE-2021-27219 within CentOS 6 extended lifecycle support has been scheduled for gradual rollout from our production repository.

Rollout slot: 3

Rolled out to: 1%

ETA for 100% rollout: June, 15

Changelog

• Fix creating empty target for dangling symlink in g_file_replace() with G_FILE_CREATE_REPLACE_DESTINATION (CVE-2021-28153)
• Fix integer overflow in g_bytes_new function on 64-bit platforms due to an implicit cast from 64 bits to 32 bits (CVE-2021-27219)

Update command

yum update glib2*

Immediate update (via bypass)

yum update glib2* --enablerepo=ELS6-rollout-3-bypass