Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 819522 (CVE-2021-42762)

Summary: <net-libs/webkit-gtk-2.34.1: limited sandbox escape (CVE-2021-42762)
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: gnome
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://bugs.webkit.org/show_bug.cgi?id=231479
See Also: https://bugs.gentoo.org/show_bug.cgi?id=816951
Whiteboard: A4 [glsa+]
Package list:
Runtime testing required: ---
Bug Depends on: 820434, 829723, 830597    
Bug Blocks:    

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-10-22 20:03:39 UTC 
CVE-2021-42762:

BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace. The impact is limited to host services that create UNIX sockets that WebKit mounts inside its sandbox, and the sandboxed process remains otherwise confined. NOTE: this is similar to CVE-2021-41133.


Please file a stablereq when ready.
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-02-01 03:40:48 UTC 
commit d2418b0a913a694a55e21440268b44301931867c
Author: John Helmert III <ajak@gentoo.org>
Date:   Mon Jan 31 21:31:04 2022 -0600

    [ GLSA 202202-01 ] WebkitGTK+: Multiple vulnerabilities

    Signed-off-by: John Helmert III <ajak@gentoo.org>

All done!