[gentoo-announce] [ GLSA 202202-01 ] WebkitGTK+: Multiple vulnerabilities

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – Gentoo Linux Security Advisory GLSA 202202-01 – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – security.gentoo.org/ – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Severity: High Title: WebkitGTK+: Multiple vulnerabilities Date: February 01, 2022 Bugs: #779175, #801400, #813489, #819522, #820434, #829723, #831739 ID: 202202-01
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Synopsis ========
Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in the arbitrary execution of code.
Background ==========
WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers.
Affected packages =================
——————————————————————- Package / Vulnerable / Unaffected ——————————————————————- 1 net-libs/webkit-gtk < 2.34.4 >= 2.34.4
Description ===========
Multiple vulnerabilities have been discovered in WebkitGTK+. Please review the CVE identifiers referenced below for details.
Impact ======
An attacker, by enticing a user to visit maliciously crafted web content, may be able to execute arbitrary code, violate iframe sandboxing policy, access restricted ports on arbitrary servers, cause memory corruption, or could cause a Denial of Service condition.
Workaround ==========
There is no known workaround at this time.
Resolution ==========
All WebkitGTK+ users should upgrade to the latest version:
# emerge –sync # emerge –ask –oneshot –verbose “>=net-libs/webkit-gtk-2.34.4”
References ==========
[ 1 ] CVE-2021-30848 nvd.nist.gov/vuln/detail/CVE-2021-30848 [ 2 ] CVE-2021-30888 nvd.nist.gov/vuln/detail/CVE-2021-30888 [ 3 ] CVE-2021-30682 nvd.nist.gov/vuln/detail/CVE-2021-30682 [ 4 ] CVE-2021-30889 nvd.nist.gov/vuln/detail/CVE-2021-30889 [ 5 ] CVE-2021-30666 nvd.nist.gov/vuln/detail/CVE-2021-30666 [ 6 ] CVE-2021-30665 nvd.nist.gov/vuln/detail/CVE-2021-30665 [ 7 ] CVE-2021-30890 nvd.nist.gov/vuln/detail/CVE-2021-30890 [ 8 ] CVE-2021-30661 nvd.nist.gov/vuln/detail/CVE-2021-30661 [ 9 ] WSA-2021-0005 webkitgtk.org/security/WSA-2021-0005.html [ 10 ] CVE-2021-30761 nvd.nist.gov/vuln/detail/CVE-2021-30761 [ 11 ] CVE-2021-30897 nvd.nist.gov/vuln/detail/CVE-2021-30897 [ 12 ] CVE-2021-30823 nvd.nist.gov/vuln/detail/CVE-2021-30823 [ 13 ] CVE-2021-30734 nvd.nist.gov/vuln/detail/CVE-2021-30734 [ 14 ] CVE-2021-30934 nvd.nist.gov/vuln/detail/CVE-2021-30934 [ 15 ] CVE-2021-1871 nvd.nist.gov/vuln/detail/CVE-2021-1871 [ 16 ] CVE-2021-30762 nvd.nist.gov/vuln/detail/CVE-2021-30762 [ 17 ] WSA-2021-0006 webkitgtk.org/security/WSA-2021-0006.html [ 18 ] CVE-2021-30797 nvd.nist.gov/vuln/detail/CVE-2021-30797 [ 19 ] CVE-2021-30936 nvd.nist.gov/vuln/detail/CVE-2021-30936 [ 20 ] CVE-2021-30663 nvd.nist.gov/vuln/detail/CVE-2021-30663 [ 21 ] CVE-2021-1825 nvd.nist.gov/vuln/detail/CVE-2021-1825 [ 22 ] CVE-2021-30951 nvd.nist.gov/vuln/detail/CVE-2021-30951 [ 23 ] CVE-2021-30952 nvd.nist.gov/vuln/detail/CVE-2021-30952 [ 24 ] CVE-2021-1788 nvd.nist.gov/vuln/detail/CVE-2021-1788 [ 25 ] CVE-2021-1820 nvd.nist.gov/vuln/detail/CVE-2021-1820 [ 26 ] CVE-2021-30953 nvd.nist.gov/vuln/detail/CVE-2021-30953 [ 27 ] CVE-2021-30749 nvd.nist.gov/vuln/detail/CVE-2021-30749 [ 28 ] CVE-2021-30849 nvd.nist.gov/vuln/detail/CVE-2021-30849 [ 29 ] CVE-2021-1826 nvd.nist.gov/vuln/detail/CVE-2021-1826 [ 30 ] CVE-2021-30836 nvd.nist.gov/vuln/detail/CVE-2021-30836 [ 31 ] CVE-2021-30954 nvd.nist.gov/vuln/detail/CVE-2021-30954 [ 32 ] CVE-2021-30984 nvd.nist.gov/vuln/detail/CVE-2021-30984 [ 33 ] CVE-2021-30851 nvd.nist.gov/vuln/detail/CVE-2021-30851 [ 34 ] CVE-2021-30758 nvd.nist.gov/vuln/detail/CVE-2021-30758 [ 35 ] CVE-2021-42762 nvd.nist.gov/vuln/detail/CVE-2021-42762 [ 36 ] CVE-2021-1844 nvd.nist.gov/vuln/detail/CVE-2021-1844 [ 37 ] CVE-2021-30689 nvd.nist.gov/vuln/detail/CVE-2021-30689 [ 38 ] CVE-2021-45482 nvd.nist.gov/vuln/detail/CVE-2021-45482 [ 39 ] CVE-2021-30858 nvd.nist.gov/vuln/detail/CVE-2021-30858 [ 40 ] CVE-2021-21779 nvd.nist.gov/vuln/detail/CVE-2021-21779 [ 41 ] WSA-2021-0004 webkitgtk.org/security/WSA-2021-0004.html [ 42 ] CVE-2021-30846 nvd.nist.gov/vuln/detail/CVE-2021-30846 [ 43 ] CVE-2021-30744 nvd.nist.gov/vuln/detail/CVE-2021-30744 [ 44 ] CVE-2021-30809 nvd.nist.gov/vuln/detail/CVE-2021-30809 [ 45 ] CVE-2021-30884 nvd.nist.gov/vuln/detail/CVE-2021-30884 [ 46 ] CVE-2021-30720 nvd.nist.gov/vuln/detail/CVE-2021-30720 [ 47 ] CVE-2021-30799 nvd.nist.gov/vuln/detail/CVE-2021-30799 [ 48 ] CVE-2021-30795 nvd.nist.gov/vuln/detail/CVE-2021-30795 [ 49 ] CVE-2021-1817 nvd.nist.gov/vuln/detail/CVE-2021-1817 [ 50 ] CVE-2021-21775 nvd.nist.gov/vuln/detail/CVE-2021-21775 [ 51 ] CVE-2021-30887 nvd.nist.gov/vuln/detail/CVE-2021-30887 [ 52 ] CVE-2021-21806 nvd.nist.gov/vuln/detail/CVE-2021-21806 [ 53 ] CVE-2021-30818 nvd.nist.gov/vuln/detail/CVE-2021-30818
Availability ============
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
security.gentoo.org/glsa/202202-01
Concerns? =========
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users’ machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at bugs.gentoo.org.
License =======
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons – Attribution / Share Alike license.
creativecommons.org/licenses/by-sa/2.5