Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 801400 (CVE-2021-1817, CVE-2021-1820, CVE-2021-1825, CVE-2021-1826, CVE-2021-21775, CVE-2021-21779, CVE-2021-21806, CVE-2021-30661, CVE-2021-30663, CVE-2021-30665, CVE-2021-30666, CVE-2021-30682, CVE-2021-30689, CVE-2021-30720, CVE-2021-30734, CVE-2021-30744, CVE-2021-30749, CVE-2021-30758, CVE-2021-30761, CVE-2021-30762, CVE-2021-30795, CVE-2021-30797, CVE-2021-30799, WSA-2021-0004) - <net-libs/webkit-gtk-2.32.3: multiple vulnerabilities (CVE-2021-{1817,1820,1825,1826,21775,21779,21806,30661,30663,30665,30666,30682,30689,30720,30734,30744,30749,30758,30761,30762,30795,30797,30799})
Summary: <net-libs/webkit-gtk-2.32.3: multiple vulnerabilities (CVE-2021-{1817,1820,18...
Status: RESOLVED FIXED
Alias: CVE-2021-1817, CVE-2021-1820, CVE-2021-1825, CVE-2021-1826, CVE-2021-21775, CVE-2021-21779, CVE-2021-21806, CVE-2021-30661, CVE-2021-30663, CVE-2021-30665, CVE-2021-30666, CVE-2021-30682, CVE-2021-30689, CVE-2021-30720, CVE-2021-30734, CVE-2021-30744, CVE-2021-30749, CVE-2021-30758, CVE-2021-30761, CVE-2021-30762, CVE-2021-30795, CVE-2021-30797, CVE-2021-30799, WSA-2021-0004
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major
Assignee: Gentoo Security
URL: https://webkitgtk.org/security/WSA-20...
Whiteboard: A2 [glsa+]
Keywords:
Depends on:
Blocks:
 
Reported: 2021-07-09 21:14 UTC by John Helmert III
Modified: 2022-02-01 03:39 UTC (History)
1 user (show)

See Also:
Package list:
net-libs/webkit-gtk-2.32.3
Runtime testing required: ---
nattka: sanity-check-

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-07-09 21:14:17 UTC 
From URL (2.32.2 release announcement):

Fix several crashes and rendering issues.


Please bump.
Comment 1 Larry the Git Cow gentoo-dev 2021-07-23 01:11:22 UTC 
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=63ff9992d1901baf5a3bb65c01f1885381522a48

commit 63ff9992d1901baf5a3bb65c01f1885381522a48
Author:     Matt Turner <mattst88@gentoo.org>
AuthorDate: 2021-07-23 00:45:36 +0000
Commit:     Matt Turner <mattst88@gentoo.org>
CommitDate: 2021-07-23 01:10:58 +0000

    net-libs/webkit-gtk: Version bump to 2.32.2
    
    Closes: https://bugs.gentoo.org/801400
    Signed-off-by: Matt Turner <mattst88@gentoo.org>

 net-libs/webkit-gtk/Manifest                 |   1 +
 net-libs/webkit-gtk/webkit-gtk-2.32.2.ebuild | 300 +++++++++++++++++++++++++++
 2 files changed, 301 insertions(+)
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-07-23 15:30:55 UTC 
Advisory finally released:

    CVE-2021-1817
        Versions affected: WebKitGTK and WPE WebKit before 2.30.0.
        Credit to zhunki.
        Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: A memory corruption issue was addressed with improved state management.
    CVE-2021-1820
        Versions affected: WebKitGTK and WPE WebKit before 2.30.0.
        Credit to André Bargull.
        Impact: Processing maliciously crafted web content may result in the disclosure of process memory. Description: A memory initialization issue was addressed with improved memory handling.
    CVE-2021-1825
        Versions affected: WebKitGTK and WPE WebKit before 2.30.0.
        Credit to Alex Camboe of Aon’s Cyber Solutions.
        Impact: Processing maliciously crafted web content may lead to a cross site scripting attack. Description: An input validation issue was addressed with improved input validation.
    CVE-2021-1826
        Versions affected: WebKitGTK and WPE WebKit before 2.30.0.
        Credit to an anonymous researcher.
        Impact: Processing maliciously crafted web content may lead to universal cross site scripting. Description: A logic issue was addressed with improved restrictions.
    CVE-2021-21775
        Versions affected: WebKitGTK and WPE WebKit before 2.32.3.
        Credit to Marcin Towalski of Cisco Talos.
        A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of WebKit. A specially crafted web page can lead to a potential information leak and further memory corruption. In order to trigger the vulnerability, a victim must be tricked into visiting a malicious webpage.
    CVE-2021-21779
        Versions affected: WebKitGTK and WPE WebKit before 2.32.3.
        Credit to Marcin Towalski of Cisco Talos.
        A use-after-free vulnerability exists in the way that WebKit GraphicsContext handles certain events. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability.
    CVE-2021-21806
        Versions affected: WebKitGTK and WPE WebKit before 2.30.6.
        Credit to Marcin ‘Icewall’ Noga of Cisco Talos.
        An exploitable use-after-free vulnerability exists in WebKit. A specially crafted HTML web page can cause a use-after-free condition, resulting in remote code execution. The victim needs to visit a malicious web site to trigger the vulnerability.
    CVE-2021-30661
        Versions affected: WebKitGTK and WPE WebKit before 2.30.0.
        Credit to yangkang(@dnpushme) of 360 ATA.
        Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Description: A use after free issue was addressed with improved memory management.
    CVE-2021-30663
        Versions affected: WebKitGTK and WPE WebKit before 2.32.3.
        Credit to an anonymous researcher.
        Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: An integer overflow was addressed with improved input validation.
    CVE-2021-30665
        Versions affected: WebKitGTK and WPE WebKit before 2.32.3.
        Credit to yangkang (@dnpushme)&zerokeeper&bianliang of 360 ATA.
        Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Description: A memory corruption issue was addressed with improved state management.
    CVE-2021-30666
        Versions affected: WebKitGTK and WPE WebKit before 2.26.0.
        Credit to yangkang (@dnpushme)&zerokeeper&bianliang of 360 ATA.
        Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Description: A buffer overflow issue was addressed with improved memory handling.
    CVE-2021-30682
        Versions affected: WebKitGTK and WPE WebKit before 2.32.0.
        Credit to an anonymous researcher and 1lastBr3ath.
        Impact: A malicious application may be able to leak sensitive user information. Description: A logic issue was addressed with improved restrictions.
    CVE-2021-30689
        Versions affected: WebKitGTK and WPE WebKit before 2.32.3.
        Credit to an anonymous researcher.
        Impact: Processing maliciously crafted web content may lead to universal cross site scripting. Description: A logic issue was addressed with improved state management.
    CVE-2021-30720
        Versions affected: WebKitGTK and WPE WebKit before 2.32.3.
        Credit to David Schütz (@xdavidhu).
        Impact: A malicious website may be able to access restricted ports on arbitrary servers. Description: A logic issue was addressed with improved restrictions.
    CVE-2021-30734
        Versions affected: WebKitGTK and WPE WebKit before 2.32.3.
        Credit to Jack Dates of RET2 Systems, Inc. (@ret2systems) working with Trend Micro Zero Day Initiative.
        Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling.
    CVE-2021-30744
        Versions affected: WebKitGTK and WPE WebKit before 2.32.3.
        Credit to Dan Hite of jsontop.
        Impact: Processing maliciously crafted web content may lead to universal cross site scripting. Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins.
    CVE-2021-30749
        Versions affected: WebKitGTK and WPE WebKit before 2.32.3.
        Credit to an anonymous researcher and mipu94 of SEFCOM lab, ASU. working with Trend Micro Zero Day Initiative.
        Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling.
    CVE-2021-30758
        Versions affected: WebKitGTK and WPE WebKit before 2.32.2.
        Credit to Christoph Guttandin of Media Codings.
        Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: A type confusion issue was addressed with improved state handling.
    CVE-2021-30761
        Versions affected: WebKitGTK and WPE WebKit before 2.26.0.
        Credit to an anonymous researcher.
        Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Description: A memory corruption issue was addressed with improved state management.
    CVE-2021-30762
        Versions affected: WebKitGTK and WPE WebKit before 2.28.0.
        Credit to an anonymous researcher.
        Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Description: A use after free issue was addressed with improved memory management.
    CVE-2021-30795
        Versions affected: WebKitGTK and WPE WebKit before 2.32.3.
        Credit to Sergei Glazunov of Google Project Zero.
        Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: A use after free issue was addressed with improved memory management.
    CVE-2021-30797
        Versions affected: WebKitGTK and WPE WebKit before 2.32.3.
        Credit to Ivan Fratric of Google Project Zero.
        Impact: Processing maliciously crafted web content may lead to code execution. Description: This issue was addressed with improved checks.
    CVE-2021-30799
        Versions affected: WebKitGTK and WPE WebKit before 2.32.3.
        Credit to Sergei Glazunov of Google Project Zero.
        Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling.


Please bump to 2.32.3.
Comment 3 NATTkA bot gentoo-dev 2021-07-23 15:32:20 UTC Comment hidden (obsolete)
Comment 4 Matt Turner gentoo-dev 2021-07-23 20:11:25 UTC 
2.32.3 in tree.
Comment 5 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-07-23 21:10:25 UTC 
Let us know when ready to stable, thanks!
Comment 6 Matt Turner gentoo-dev 2021-07-26 19:12:33 UTC 
Let's do it.
Comment 7 Agostino Sarubbo gentoo-dev 2021-07-28 06:42:16 UTC 
amd64 stable
Comment 8 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-07-28 16:43:46 UTC 
arm64 done
Comment 9 Agostino Sarubbo gentoo-dev 2021-07-30 15:18:02 UTC 
ppc64 stable
Comment 10 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-07-30 22:35:46 UTC 
x86 done
Comment 11 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-07-30 22:35:54 UTC 
arm done

all arches done
Comment 12 Larry the Git Cow gentoo-dev 2021-08-04 22:36:17 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=682fc608631b55c0247b14599b024a7b3aa8ef09

commit 682fc608631b55c0247b14599b024a7b3aa8ef09
Author:     Matt Turner <mattst88@gentoo.org>
AuthorDate: 2021-08-04 22:34:01 +0000
Commit:     Matt Turner <mattst88@gentoo.org>
CommitDate: 2021-08-04 22:36:04 +0000

    net-libs/webkit-gtk: Drop old versions
    
    Bug: https://bugs.gentoo.org/801400
    Signed-off-by: Matt Turner <mattst88@gentoo.org>

 net-libs/webkit-gtk/Manifest                       |   2 -
 ...e-CompletionHandler-when-USE_OPENGL_OR_ES.patch |  36 ---
 net-libs/webkit-gtk/webkit-gtk-2.32.1.ebuild       | 301 ---------------------
 net-libs/webkit-gtk/webkit-gtk-2.32.2.ebuild       | 300 --------------------
 4 files changed, 639 deletions(-)
Comment 13 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-08-06 22:01:21 UTC 
Thanks Matt!
Comment 14 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-08-07 00:10:18 UTC 
GLSA request filed.
Comment 15 NATTkA bot gentoo-dev 2021-10-09 10:20:35 UTC 
Unable to check for sanity:

> no match for package: net-libs/webkit-gtk-2.32.3
Comment 16 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-02-01 03:39:31 UTC 
commit d2418b0a913a694a55e21440268b44301931867c
Author: John Helmert III <ajak@gentoo.org>
Date:   Mon Jan 31 21:31:04 2022 -0600

    [ GLSA 202202-01 ] WebkitGTK+: Multiple vulnerabilities

    Signed-off-by: John Helmert III <ajak@gentoo.org>

All done!