Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: John Helmert III <ajak@g.o>
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 202202-01 ] WebkitGTK+: Multiple vulnerabilities
Date: Tue, 01 Feb 2022 03:36:48
Message-Id: YfiqULcxnBvccxVz@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 202202-01
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: High
8 Title: WebkitGTK+: Multiple vulnerabilities
9 Date: February 01, 2022
10 Bugs: #779175, #801400, #813489, #819522, #820434, #829723,
11 #831739
12 ID: 202202-01
13
14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
15
16 Synopsis
17 ========
18
19 Multiple vulnerabilities have been found in WebkitGTK+, the worst of
20 which could result in the arbitrary execution of code.
21
22 Background
23 ==========
24
25 WebKitGTK+ is a full-featured port of the WebKit rendering engine,
26 suitable for projects requiring any kind of web integration, from hybrid
27 HTML/CSS applications to full-fledged web browsers.
28
29 Affected packages
30 =================
31
32 -------------------------------------------------------------------
33 Package / Vulnerable / Unaffected
34 -------------------------------------------------------------------
35 1 net-libs/webkit-gtk < 2.34.4 >= 2.34.4
36
37 Description
38 ===========
39
40 Multiple vulnerabilities have been discovered in WebkitGTK+. Please
41 review the CVE identifiers referenced below for details.
42
43 Impact
44 ======
45
46 An attacker, by enticing a user to visit maliciously crafted web
47 content, may be able to execute arbitrary code, violate iframe
48 sandboxing policy, access restricted ports on arbitrary servers, cause
49 memory corruption, or could cause a Denial of Service condition.
50
51 Workaround
52 ==========
53
54 There is no known workaround at this time.
55
56 Resolution
57 ==========
58
59 All WebkitGTK+ users should upgrade to the latest version:
60
61 # emerge --sync
62 # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.34.4"
63
64 References
65 ==========
66
67 [ 1 ] CVE-2021-30848
68 https://nvd.nist.gov/vuln/detail/CVE-2021-30848
69 [ 2 ] CVE-2021-30888
70 https://nvd.nist.gov/vuln/detail/CVE-2021-30888
71 [ 3 ] CVE-2021-30682
72 https://nvd.nist.gov/vuln/detail/CVE-2021-30682
73 [ 4 ] CVE-2021-30889
74 https://nvd.nist.gov/vuln/detail/CVE-2021-30889
75 [ 5 ] CVE-2021-30666
76 https://nvd.nist.gov/vuln/detail/CVE-2021-30666
77 [ 6 ] CVE-2021-30665
78 https://nvd.nist.gov/vuln/detail/CVE-2021-30665
79 [ 7 ] CVE-2021-30890
80 https://nvd.nist.gov/vuln/detail/CVE-2021-30890
81 [ 8 ] CVE-2021-30661
82 https://nvd.nist.gov/vuln/detail/CVE-2021-30661
83 [ 9 ] WSA-2021-0005
84 https://webkitgtk.org/security/WSA-2021-0005.html
85 [ 10 ] CVE-2021-30761
86 https://nvd.nist.gov/vuln/detail/CVE-2021-30761
87 [ 11 ] CVE-2021-30897
88 https://nvd.nist.gov/vuln/detail/CVE-2021-30897
89 [ 12 ] CVE-2021-30823
90 https://nvd.nist.gov/vuln/detail/CVE-2021-30823
91 [ 13 ] CVE-2021-30734
92 https://nvd.nist.gov/vuln/detail/CVE-2021-30734
93 [ 14 ] CVE-2021-30934
94 https://nvd.nist.gov/vuln/detail/CVE-2021-30934
95 [ 15 ] CVE-2021-1871
96 https://nvd.nist.gov/vuln/detail/CVE-2021-1871
97 [ 16 ] CVE-2021-30762
98 https://nvd.nist.gov/vuln/detail/CVE-2021-30762
99 [ 17 ] WSA-2021-0006
100 https://webkitgtk.org/security/WSA-2021-0006.html
101 [ 18 ] CVE-2021-30797
102 https://nvd.nist.gov/vuln/detail/CVE-2021-30797
103 [ 19 ] CVE-2021-30936
104 https://nvd.nist.gov/vuln/detail/CVE-2021-30936
105 [ 20 ] CVE-2021-30663
106 https://nvd.nist.gov/vuln/detail/CVE-2021-30663
107 [ 21 ] CVE-2021-1825
108 https://nvd.nist.gov/vuln/detail/CVE-2021-1825
109 [ 22 ] CVE-2021-30951
110 https://nvd.nist.gov/vuln/detail/CVE-2021-30951
111 [ 23 ] CVE-2021-30952
112 https://nvd.nist.gov/vuln/detail/CVE-2021-30952
113 [ 24 ] CVE-2021-1788
114 https://nvd.nist.gov/vuln/detail/CVE-2021-1788
115 [ 25 ] CVE-2021-1820
116 https://nvd.nist.gov/vuln/detail/CVE-2021-1820
117 [ 26 ] CVE-2021-30953
118 https://nvd.nist.gov/vuln/detail/CVE-2021-30953
119 [ 27 ] CVE-2021-30749
120 https://nvd.nist.gov/vuln/detail/CVE-2021-30749
121 [ 28 ] CVE-2021-30849
122 https://nvd.nist.gov/vuln/detail/CVE-2021-30849
123 [ 29 ] CVE-2021-1826
124 https://nvd.nist.gov/vuln/detail/CVE-2021-1826
125 [ 30 ] CVE-2021-30836
126 https://nvd.nist.gov/vuln/detail/CVE-2021-30836
127 [ 31 ] CVE-2021-30954
128 https://nvd.nist.gov/vuln/detail/CVE-2021-30954
129 [ 32 ] CVE-2021-30984
130 https://nvd.nist.gov/vuln/detail/CVE-2021-30984
131 [ 33 ] CVE-2021-30851
132 https://nvd.nist.gov/vuln/detail/CVE-2021-30851
133 [ 34 ] CVE-2021-30758
134 https://nvd.nist.gov/vuln/detail/CVE-2021-30758
135 [ 35 ] CVE-2021-42762
136 https://nvd.nist.gov/vuln/detail/CVE-2021-42762
137 [ 36 ] CVE-2021-1844
138 https://nvd.nist.gov/vuln/detail/CVE-2021-1844
139 [ 37 ] CVE-2021-30689
140 https://nvd.nist.gov/vuln/detail/CVE-2021-30689
141 [ 38 ] CVE-2021-45482
142 https://nvd.nist.gov/vuln/detail/CVE-2021-45482
143 [ 39 ] CVE-2021-30858
144 https://nvd.nist.gov/vuln/detail/CVE-2021-30858
145 [ 40 ] CVE-2021-21779
146 https://nvd.nist.gov/vuln/detail/CVE-2021-21779
147 [ 41 ] WSA-2021-0004
148 https://webkitgtk.org/security/WSA-2021-0004.html
149 [ 42 ] CVE-2021-30846
150 https://nvd.nist.gov/vuln/detail/CVE-2021-30846
151 [ 43 ] CVE-2021-30744
152 https://nvd.nist.gov/vuln/detail/CVE-2021-30744
153 [ 44 ] CVE-2021-30809
154 https://nvd.nist.gov/vuln/detail/CVE-2021-30809
155 [ 45 ] CVE-2021-30884
156 https://nvd.nist.gov/vuln/detail/CVE-2021-30884
157 [ 46 ] CVE-2021-30720
158 https://nvd.nist.gov/vuln/detail/CVE-2021-30720
159 [ 47 ] CVE-2021-30799
160 https://nvd.nist.gov/vuln/detail/CVE-2021-30799
161 [ 48 ] CVE-2021-30795
162 https://nvd.nist.gov/vuln/detail/CVE-2021-30795
163 [ 49 ] CVE-2021-1817
164 https://nvd.nist.gov/vuln/detail/CVE-2021-1817
165 [ 50 ] CVE-2021-21775
166 https://nvd.nist.gov/vuln/detail/CVE-2021-21775
167 [ 51 ] CVE-2021-30887
168 https://nvd.nist.gov/vuln/detail/CVE-2021-30887
169 [ 52 ] CVE-2021-21806
170 https://nvd.nist.gov/vuln/detail/CVE-2021-21806
171 [ 53 ] CVE-2021-30818
172 https://nvd.nist.gov/vuln/detail/CVE-2021-30818
173
174 Availability
175 ============
176
177 This GLSA and any updates to it are available for viewing at
178 the Gentoo Security Website:
179
180 https://security.gentoo.org/glsa/202202-01
181
182 Concerns?
183 =========
184
185 Security is a primary focus of Gentoo Linux and ensuring the
186 confidentiality and security of our users' machines is of utmost
187 importance to us. Any security concerns should be addressed to
188 security@g.o or alternatively, you may file a bug at
189 https://bugs.gentoo.org.
190
191 License
192 =======
193
194 Copyright 2022 Gentoo Foundation, Inc; referenced text
195 belongs to its owner(s).
196
197 The contents of this document are licensed under the
198 Creative Commons - Attribution / Share Alike license.
199
200 https://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups