HCE3-SA-2025-0041 Moderate HCE 3.0 Security Fix(es): A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function. (CVE-2025-3360) A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations. (CVE-2025-7039) A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn’t. As a result, data may be written past the end of the allocated memory, leading to crashes or memory corruption. (CVE-2025-6052) A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite. (CVE-2025-4373) A vulnerability was found in GNU GLib up to 2.84.0 on Windows (Software Library). It has been rated as problematic. Affected by this issue is some unknown processing of the component Command Line Handler. Upgrading to version 2.84.1 eliminates this vulnerability. (CVE-2025-4056) HCE 3.0 glib2-2.78.3-6.r7.hce3.x86_64.rpm glib2-devel-2.78.3-6.r7.hce3.x86_64.rpm glib2-help-2.78.3-6.r7.hce3.noarch.rpm glib2-2.78.3-6.r7.hce3.aarch64.rpm glib2-devel-2.78.3-6.r7.hce3.aarch64.rpm