Summary: | <net-libs/webkit-gtk-2.30.6: multiple vulnerabilities (CVE-2020-{9947,27918,29623}, CVE-2021-{1765,1789,1799,1801,1870}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | gnome |
Priority: | Normal | Flags: | nattka:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://webkitgtk.org/security/WSA-2021-0002.html | ||
Whiteboard: | A2 [glsa+ cve] | ||
Package list: |
net-libs/webkit-gtk-2.30.6
|
Runtime testing required: | --- |
Description
John Helmert III
2021-02-27 00:12:29 UTC
No, I'm not bumping to alpha/beta releases. (In reply to Mart Raudsepp from comment #1) > No, I'm not bumping to alpha/beta releases. Ok, didn't realize! We'll wait. I suppose 2.30.6 is suitable for packaging in Gentoo? Same changelog message here. https://mail.gnome.org/archives/gnome-announce-list/2021-March/msg00005.html A proper advisory for <2.30.6 was released, with several code execution bugs: CVE-2020-27918 Versions affected: WebKitGTK before 2.30.6 and WPE WebKit before 2.30.6. Credit to Liu Long of Ant Security Light-Year Lab. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: A use after free issue was addressed with improved memory management. CVE-2020-29623 Versions affected: WebKitGTK before 2.30.6 and WPE WebKit before 2.30.6. Credit to Simon Hunt of OvalTwo LTD. Impact: A user may be unable to fully delete browsing history. Description: “Clear History and Website Data” did not clear the history in some circumstances. The issue was addressed with improved data deletion. CVE-2020-9947 Versions affected: WebKitGTK before 2.30.0 and WPE WebKit before 2.30.0. Credit to cc working with Trend Micro Zero Day Initiative. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: A use after free issue was addressed with improved memory management. CVE-2021-1765 Versions affected: WebKitGTK before 2.30.6 and WPE WebKit before 2.30.6. Credit to Eliya Stein of Confiant. Impact: Maliciously crafted web content may violate iframe sandboxing policy. Description: This issue was addressed with improved iframe sandbox enforcement. CVE-2021-1789 Versions affected: WebKitGTK before 2.30.6 and WPE WebKit before 2.30.6. Credit to @S0rryMybad of 360 Vulcan Team. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: A type confusion issue was addressed with improved state handling. CVE-2021-1799 Versions affected: WebKitGTK before 2.30.6 and WPE WebKit before 2.30.6. Credit to Gregory Vishnepolsky & Ben Seri of Armis Security, and Samy Kamkar. Impact: A malicious website may be able to access restricted ports on arbitrary servers, Description: A port redirection issue was addressed with additional port validation. CVE-2021-1801 Versions affected: WebKitGTK before 2.30.6 and WPE WebKit before 2.30.6. Credit to Eliya Stein of Confiant. Impact: Maliciously crafted web content may violate iframe sandboxing policy. Description: This issue was addressed with improved iframe sandbox enforcement. CVE-2021-1870 Versions affected: WebKitGTK before 2.30.6 and WPE WebKit before 2.30.6. Credit to an anonymous researcher. Impact: A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Description: A logic issue was addressed with improved restrictions. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f5e8511b02c9fb2006d34ce299af13f2069ca8d7 commit f5e8511b02c9fb2006d34ce299af13f2069ca8d7 Author: Mart Raudsepp <leio@gentoo.org> AuthorDate: 2021-04-23 10:17:18 +0000 Commit: Mart Raudsepp <leio@gentoo.org> CommitDate: 2021-04-23 10:17:28 +0000 net-libs/webkit-gtk: security bump to 2.30.6 Bug: https://bugs.gentoo.org/773193 Package-Manager: Portage-3.0.12, Repoman-3.0.2 Signed-off-by: Mart Raudsepp <leio@gentoo.org> net-libs/webkit-gtk/Manifest | 1 + net-libs/webkit-gtk/webkit-gtk-2.30.6.ebuild | 300 +++++++++++++++++++++++++++ 2 files changed, 301 insertions(+) arm64 done amd64 done arm done arm done x86 done ppc64 done all arches done Please cleanup. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7a8d3a6ed37d6d4870c91ba9691286e671092089 commit 7a8d3a6ed37d6d4870c91ba9691286e671092089 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2021-04-30 22:05:44 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2021-04-30 22:06:14 +0000 net-libs/webkit-gtk: security cleanup Bug: https://bugs.gentoo.org/773193 Package-Manager: Portage-3.0.18, Repoman-3.0.3 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> net-libs/webkit-gtk/Manifest | 1 - net-libs/webkit-gtk/webkit-gtk-2.30.5.ebuild | 300 --------------------------- 2 files changed, 301 deletions(-) New GLSA request filed. This issue was resolved and addressed in GLSA 202104-03 at https://security.gentoo.org/glsa/202104-03 by GLSA coordinator Thomas Deutschmann (whissi). |