Summary: | <net-libs/webkit-gtk-2.32.3: multiple vulnerabilities (CVE-2021-{1817,1820,1825,1826,21775,21779,21806,30661,30663,30665,30666,30682,30689,30720,30734,30744,30749,30758,30761,30762,30795,30797,30799}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | joakim.tjernlund |
Priority: | Normal | Flags: | nattka:
sanity-check-
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://webkitgtk.org/security/WSA-2021-0004.html | ||
Whiteboard: | A2 [glsa+] | ||
Package list: |
net-libs/webkit-gtk-2.32.3
|
Runtime testing required: | --- |
Description
John Helmert III
2021-07-09 21:14:17 UTC
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=63ff9992d1901baf5a3bb65c01f1885381522a48 commit 63ff9992d1901baf5a3bb65c01f1885381522a48 Author: Matt Turner <mattst88@gentoo.org> AuthorDate: 2021-07-23 00:45:36 +0000 Commit: Matt Turner <mattst88@gentoo.org> CommitDate: 2021-07-23 01:10:58 +0000 net-libs/webkit-gtk: Version bump to 2.32.2 Closes: https://bugs.gentoo.org/801400 Signed-off-by: Matt Turner <mattst88@gentoo.org> net-libs/webkit-gtk/Manifest | 1 + net-libs/webkit-gtk/webkit-gtk-2.32.2.ebuild | 300 +++++++++++++++++++++++++++ 2 files changed, 301 insertions(+) Advisory finally released: CVE-2021-1817 Versions affected: WebKitGTK and WPE WebKit before 2.30.0. Credit to zhunki. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: A memory corruption issue was addressed with improved state management. CVE-2021-1820 Versions affected: WebKitGTK and WPE WebKit before 2.30.0. Credit to André Bargull. Impact: Processing maliciously crafted web content may result in the disclosure of process memory. Description: A memory initialization issue was addressed with improved memory handling. CVE-2021-1825 Versions affected: WebKitGTK and WPE WebKit before 2.30.0. Credit to Alex Camboe of Aon’s Cyber Solutions. Impact: Processing maliciously crafted web content may lead to a cross site scripting attack. Description: An input validation issue was addressed with improved input validation. CVE-2021-1826 Versions affected: WebKitGTK and WPE WebKit before 2.30.0. Credit to an anonymous researcher. Impact: Processing maliciously crafted web content may lead to universal cross site scripting. Description: A logic issue was addressed with improved restrictions. CVE-2021-21775 Versions affected: WebKitGTK and WPE WebKit before 2.32.3. Credit to Marcin Towalski of Cisco Talos. A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of WebKit. A specially crafted web page can lead to a potential information leak and further memory corruption. In order to trigger the vulnerability, a victim must be tricked into visiting a malicious webpage. CVE-2021-21779 Versions affected: WebKitGTK and WPE WebKit before 2.32.3. Credit to Marcin Towalski of Cisco Talos. A use-after-free vulnerability exists in the way that WebKit GraphicsContext handles certain events. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability. CVE-2021-21806 Versions affected: WebKitGTK and WPE WebKit before 2.30.6. Credit to Marcin ‘Icewall’ Noga of Cisco Talos. An exploitable use-after-free vulnerability exists in WebKit. A specially crafted HTML web page can cause a use-after-free condition, resulting in remote code execution. The victim needs to visit a malicious web site to trigger the vulnerability. CVE-2021-30661 Versions affected: WebKitGTK and WPE WebKit before 2.30.0. Credit to yangkang(@dnpushme) of 360 ATA. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Description: A use after free issue was addressed with improved memory management. CVE-2021-30663 Versions affected: WebKitGTK and WPE WebKit before 2.32.3. Credit to an anonymous researcher. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: An integer overflow was addressed with improved input validation. CVE-2021-30665 Versions affected: WebKitGTK and WPE WebKit before 2.32.3. Credit to yangkang (@dnpushme)&zerokeeper&bianliang of 360 ATA. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Description: A memory corruption issue was addressed with improved state management. CVE-2021-30666 Versions affected: WebKitGTK and WPE WebKit before 2.26.0. Credit to yangkang (@dnpushme)&zerokeeper&bianliang of 360 ATA. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Description: A buffer overflow issue was addressed with improved memory handling. CVE-2021-30682 Versions affected: WebKitGTK and WPE WebKit before 2.32.0. Credit to an anonymous researcher and 1lastBr3ath. Impact: A malicious application may be able to leak sensitive user information. Description: A logic issue was addressed with improved restrictions. CVE-2021-30689 Versions affected: WebKitGTK and WPE WebKit before 2.32.3. Credit to an anonymous researcher. Impact: Processing maliciously crafted web content may lead to universal cross site scripting. Description: A logic issue was addressed with improved state management. CVE-2021-30720 Versions affected: WebKitGTK and WPE WebKit before 2.32.3. Credit to David Schütz (@xdavidhu). Impact: A malicious website may be able to access restricted ports on arbitrary servers. Description: A logic issue was addressed with improved restrictions. CVE-2021-30734 Versions affected: WebKitGTK and WPE WebKit before 2.32.3. Credit to Jack Dates of RET2 Systems, Inc. (@ret2systems) working with Trend Micro Zero Day Initiative. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2021-30744 Versions affected: WebKitGTK and WPE WebKit before 2.32.3. Credit to Dan Hite of jsontop. Impact: Processing maliciously crafted web content may lead to universal cross site scripting. Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. CVE-2021-30749 Versions affected: WebKitGTK and WPE WebKit before 2.32.3. Credit to an anonymous researcher and mipu94 of SEFCOM lab, ASU. working with Trend Micro Zero Day Initiative. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2021-30758 Versions affected: WebKitGTK and WPE WebKit before 2.32.2. Credit to Christoph Guttandin of Media Codings. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: A type confusion issue was addressed with improved state handling. CVE-2021-30761 Versions affected: WebKitGTK and WPE WebKit before 2.26.0. Credit to an anonymous researcher. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Description: A memory corruption issue was addressed with improved state management. CVE-2021-30762 Versions affected: WebKitGTK and WPE WebKit before 2.28.0. Credit to an anonymous researcher. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Description: A use after free issue was addressed with improved memory management. CVE-2021-30795 Versions affected: WebKitGTK and WPE WebKit before 2.32.3. Credit to Sergei Glazunov of Google Project Zero. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: A use after free issue was addressed with improved memory management. CVE-2021-30797 Versions affected: WebKitGTK and WPE WebKit before 2.32.3. Credit to Ivan Fratric of Google Project Zero. Impact: Processing maliciously crafted web content may lead to code execution. Description: This issue was addressed with improved checks. CVE-2021-30799 Versions affected: WebKitGTK and WPE WebKit before 2.32.3. Credit to Sergei Glazunov of Google Project Zero. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling. Please bump to 2.32.3. Resetting sanity check; package list is empty or all packages are done. 2.32.3 in tree. Let us know when ready to stable, thanks! Let's do it. amd64 stable arm64 done ppc64 stable x86 done arm done all arches done The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=682fc608631b55c0247b14599b024a7b3aa8ef09 commit 682fc608631b55c0247b14599b024a7b3aa8ef09 Author: Matt Turner <mattst88@gentoo.org> AuthorDate: 2021-08-04 22:34:01 +0000 Commit: Matt Turner <mattst88@gentoo.org> CommitDate: 2021-08-04 22:36:04 +0000 net-libs/webkit-gtk: Drop old versions Bug: https://bugs.gentoo.org/801400 Signed-off-by: Matt Turner <mattst88@gentoo.org> net-libs/webkit-gtk/Manifest | 2 - ...e-CompletionHandler-when-USE_OPENGL_OR_ES.patch | 36 --- net-libs/webkit-gtk/webkit-gtk-2.32.1.ebuild | 301 --------------------- net-libs/webkit-gtk/webkit-gtk-2.32.2.ebuild | 300 -------------------- 4 files changed, 639 deletions(-) Thanks Matt! GLSA request filed. Unable to check for sanity:
> no match for package: net-libs/webkit-gtk-2.32.3
commit d2418b0a913a694a55e21440268b44301931867c Author: John Helmert III <ajak@gentoo.org> Date: Mon Jan 31 21:31:04 2022 -0600 [ GLSA 202202-01 ] WebkitGTK+: Multiple vulnerabilities Signed-off-by: John Helmert III <ajak@gentoo.org> All done! |