Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 820434 (CVE-2021-30818, CVE-2021-30823, CVE-2021-30846, CVE-2021-30848, CVE-2021-30849, CVE-2021-30851, CVE-2021-30884, CVE-2021-30888, CVE-2021-30889, CVE-2021-30897, WSA-2021-0006) - <net-libs/webkit-gtk-2.34.1: Multiple vulnerabilities
Summary: <net-libs/webkit-gtk-2.34.1: Multiple vulnerabilities
Status: IN_PROGRESS
Alias: CVE-2021-30818, CVE-2021-30823, CVE-2021-30846, CVE-2021-30848, CVE-2021-30849, CVE-2021-30851, CVE-2021-30884, CVE-2021-30888, CVE-2021-30889, CVE-2021-30897, WSA-2021-0006
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A2 [stable?]
Keywords:
Depends on: CVE-2021-30887, CVE-2021-30890 830597 819384 820437 820440 820443 822696
Blocks: CVE-2021-42762
  Show dependency tree
 
Reported: 2021-10-27 03:51 UTC by Sam James
Modified: 2022-01-04 13:11 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester gentoo-dev Security 2021-10-27 03:51:38 UTC
Advisory ID: WSA-2021-0006

    CVE identifiers: CVE-2021-30846, CVE-2021-30848, CVE-2021-30849, CVE-2021-30851, CVE-2021-30858, CVE-2021-42762.

Several vulnerabilities were discovered in WebKitGTK and WPE WebKit.

    CVE-2021-30846
        Versions affected: WebKitGTK and WPE WebKit before 2.34.0.
        Credit to Sergei Glazunov of Google Project Zero.
        Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: A memory corruption issue was addressed with improved memory handling.

    CVE-2021-30848
        Versions affected: WebKitGTK and WPE WebKit before 2.32.4.
        Credit to Sergei Glazunov of Google Project Zero.
        Impact: Processing maliciously crafted web content may lead to code execution. Description: A memory corruption issue was addressed with improved memory handling.

    CVE-2021-30849
        Versions affected: WebKitGTK and WPE WebKit before 2.32.4.
        Credit to Sergei Glazunov of Google Project Zero.
        Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling.

    CVE-2021-30851
        Versions affected: WebKitGTK and WPE WebKit before 2.34.0.
        Credit to Samuel Groß of Google Project Zero.
        Impact: Processing maliciously crafted web content may lead to code execution. Description: A memory corruption vulnerability was addressed with improved locking.

    CVE-2021-30858
        Versions affected: WebKitGTK and WPE WebKit before 2.32.4.
        Credit to an anonymous researcher.
        Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Description: A use after free issue was addressed with improved memory management.

    CVE-2021-42762
        Versions affected: WebKitGTK and WPE WebKit before 2.34.1.
        Credit to an anonymous reporter.
        BubblewrapLauncher.cpp allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace. The impact is limited to host services that create UNIX sockets that WebKit mounts inside its sandbox, and the sandboxed process remains otherwise confined. NOTE: this is similar to CVE-2021-41133.
Comment 1 Sam James archtester gentoo-dev Security 2021-10-27 03:53:28 UTC
Note that CVE-2021-30858 was in bug 813489 and CVE-2021-42762 was in bug 819522.
Comment 2 John Helmert III gentoo-dev Security 2021-12-20 19:51:11 UTC
More from https://webkitgtk.org/security/WSA-2021-0007.html.

CVE-2021-30818
    Versions affected: WebKitGTK and WPE WebKit before 2.34.0.
    Credit to Amar Menezes (@amarekano) of Zon8Research.
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: A type confusion issue was
    addressed with improved state handling.

CVE-2021-30823
    Versions affected: WebKitGTK and WPE WebKit before 2.34.0.
    Credit to David Gullasch of Recurity Labs.
    Impact: An attacker in a privileged network position may be able to
    bypass HSTS. Description: A logic issue was addressed with improved
    restrictions.

CVE-2021-30884
    Versions affected: WebKitGTK and WPE WebKit before 2.34.0.
    Credit to an anonymous researcher.
    Impact: Visiting a maliciously crafted website may reveal a user's
    browsing history. Description: The issue was resolved with
    additional restrictions on CSS compositing.

CVE-2021-30888
    Versions affected: WebKitGTK and WPE WebKit before 2.34.0.
    Credit to Prakash (@1lastBr3ath).
    Impact: A malicious website using Content Security Policy reports
    may be able to leak information via redirect behavior. Description:
    An information leakage issue was addressed.

CVE-2021-30889
    Versions affected: WebKitGTK and WPE WebKit before 2.34.0.
    Credit to Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher
    lab.
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution, Description: A buffer overflow issue was
    addressed with improved memory handling.

CVE-2021-30897
    Versions affected: WebKitGTK and WPE WebKit before 2.34.0.
    Credit to an anonymous researcher.
    Impact: A malicious website may exfiltrate data cross-origin.
    Description: An issue existed in the specification for the resource
    timing API. The specification was updated and the updated
    specification was implemented.