Gentoo: GLSA-202104-03: WebkitGTK+: Multiple vulnerabilities | Linu...
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 202104-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
     Title: WebkitGTK+: Multiple vulnerabilities
      Date: April 30, 2021
      Bugs: #770793, #773193
        ID: 202104-03

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been found in WebkitGTK+, the worst of
which could result in the arbitrary execution of code.

Background
==========

WebKitGTK+ is a full-featured port of the WebKit rendering engine,
suitable for projects requiring any kind of web integration, from
hybrid HTML/CSS applications to full-fledged web browsers.

Affected packages
=================

     -------------------------------------------------------------------
      Package              /     Vulnerable     /            Unaffected
     -------------------------------------------------------------------
   1  net-libs/webkit-gtk          < 2.30.6                  >= 2.30.6

Description
===========

Multiple vulnerabilities have been discovered in WebkitGTK+. Please
review the CVE identifiers referenced below for details.

Impact
======

An attacker, by enticing a user to visit maliciously crafted web
content, may be able to execute arbitrary code, violate iframe
sandboxing policy, access restricted ports on arbitrary servers, cause
memory corruption, or could cause a Denial of Service condition.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All WebkitGTK+ users should upgrade to the latest version:

   # emerge --sync
   # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.30.6"

References
==========

[  1 ] CVE-2020-13558
        https://nvd.nist.gov/vuln/detail/CVE-2020-13558
[  2 ] CVE-2020-27918
        https://nvd.nist.gov/vuln/detail/CVE-2020-27918
[  3 ] CVE-2020-29623
        https://nvd.nist.gov/vuln/detail/CVE-2020-29623
[  4 ] CVE-2020-9947
        https://nvd.nist.gov/vuln/detail/CVE-2020-9947
[  5 ] CVE-2021-1765
        https://nvd.nist.gov/vuln/detail/CVE-2021-1765
[  6 ] CVE-2021-1789
        https://nvd.nist.gov/vuln/detail/CVE-2021-1789
[  7 ] CVE-2021-1799
        https://nvd.nist.gov/vuln/detail/CVE-2021-1799
[  8 ] CVE-2021-1801
        https://nvd.nist.gov/vuln/detail/CVE-2021-1801
[  9 ] CVE-2021-1870
        https://nvd.nist.gov/vuln/detail/CVE-2021-1870
[ 10 ] WSA-2021-0001
        https://webkitgtk.org/security/WSA-2021-0001.html
[ 11 ] WSA-2021-0002
        https://webkitgtk.org/security/WSA-2021-0002.html

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  https://security.gentoo.org/glsa/202104-03

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
[email protected] or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2021 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo: GLSA-202104-03: WebkitGTK+: Multiple vulnerabilities

Summary

Multiple vulnerabilities have been discovered in WebkitGTK+. Please review the CVE identifiers referenced below for details.

Resolution

All WebkitGTK+ users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.30.6"

References

[ 1 ] CVE-2020-13558 https://nvd.nist.gov/vuln/detail/CVE-2020-13558 [ 2 ] CVE-2020-27918 https://nvd.nist.gov/vuln/detail/CVE-2020-27918 [ 3 ] CVE-2020-29623 https://nvd.nist.gov/vuln/detail/CVE-2020-29623 [ 4 ] CVE-2020-9947 https://nvd.nist.gov/vuln/detail/CVE-2020-9947 [ 5 ] CVE-2021-1765 https://nvd.nist.gov/vuln/detail/CVE-2021-1765 [ 6 ] CVE-2021-1789 https://nvd.nist.gov/vuln/detail/CVE-2021-1789 [ 7 ] CVE-2021-1799 https://nvd.nist.gov/vuln/detail/CVE-2021-1799 [ 8 ] CVE-2021-1801 https://nvd.nist.gov/vuln/detail/CVE-2021-1801 [ 9 ] CVE-2021-1870 https://nvd.nist.gov/vuln/detail/CVE-2021-1870 [ 10 ] WSA-2021-0001 https://webkitgtk.org/security/WSA-2021-0001.html [ 11 ] WSA-2021-0002 https://webkitgtk.org/security/WSA-2021-0002.html

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202104-03

Concerns

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to [email protected] or alternatively, you may file a bug at https://bugs.gentoo.org.

Severity
Severity: Normal
Title: WebkitGTK+: Multiple vulnerabilities
Issued Date: April 30, 2021
Bugs: #770793, #773193
ID: 202104-03

Synopsis

Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in the arbitrary execution of code.

Background

WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers.

Affected Packages

------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-libs/webkit-gtk < 2.30.6 >= 2.30.6

Impact

An attacker, by enticing a user to visit maliciously crafted web content, may be able to execute arbitrary code, violate iframe sandboxing policy, access restricted ports on arbitrary servers, cause memory corruption, or could cause a Denial of Service condition.

Workaround

There is no known workaround at this time.

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.