Debian Security Advisory 4995-1

Debian Security Advisory 4995-1: Posted Oct 28, 2021; Authored by Debian | Site debian.org; Debian Linux Security Advisory 4995-1 - Vulnerabilities have been discovered in the webkit2gtk web engine.; tags | advisory, web, vulnerability; systems | linux, debian; advisories | CVE-2021-30846, CVE-2021-30851, CVE-2021-42762; SHA-256 | 56293c36337dba30ef591ea81eef079c417077dc72af4c13f968613d883f56ca; Download | Favorite | View

Debian Security Advisory 4995-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4995-1                   security@debian.org
https://www.debian.org/security/                           Alberto Garcia
October 29, 2021                      https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : webkit2gtk
CVE ID         : CVE-2021-30846 CVE-2021-30851 CVE-2021-42762

The following vulnerabilities have been discovered in the webkit2gtk
web engine:

CVE-2021-30846

    Sergei Glazunov discovered that processing maliciously crafted web
    content may lead to arbitrary code execution

CVE-2021-30851

    Samuel Gross discovered that processing maliciously crafted web
    content may lead to code execution

CVE-2021-42762

    An anonymous reporter discovered a limited Bubblewrap sandbox
    bypass that allows a sandboxed process to trick host processes
    into thinking the sandboxed process is not confined.

For the oldstable distribution (buster), these problems have been fixed
in version 2.34.1-1~deb10u1.

For the stable distribution (bullseye), these problems have been fixed in
version 2.34.1-1~deb11u1.

We recommend that you upgrade your webkit2gtk packages.

For the detailed security status of webkit2gtk please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/webkit2gtk

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEYrwugQBKzlHMYFizAAyEYu0C2AIFAmF7IEEACgkQAAyEYu0C
2ALNKg/8C/g6IIYCcMULa5qLUYWiLfDdtyjSR6hDqR/UOhwrKvMainIIEoMTjhqQ
t3kLOdOk8xLfyWmfQ4hs541w8LNx89IrshFVRfpE4jRpgclsaZI4Qoh4xkQ4wyC2
exnG3AFdeLrd5V9Ej+az8uKheVcYS+XV6FMP1g2bgh7hlzF/A1H5Ld11ZAc/sYjd
3wfTOP0FLoBQ8TKBXNAuESXH5T6EivcjCkkEKLxGwMeiPyJtTGLYBDcCGUgLt9bK
rK4PadWMp2CheGQ0hNoXmdycdY2yaQf25gH8JuPJtuMjjdiBtOkMQFbQ7WZRy6fs
YUpkOdLglceD6wUgt6BJUCRE9Ayc4lW422rCSCLPGnVeYRhLJ59NqfVrEEpMks+B
0G9ALAX6cmbJjhqmX3oDm2/AYnLqyrjV25G7g7DXEBgNkYULc+ZCkTvDuFRTS+Ew
fj9V5QxMOTRiAn/pI0fWABzwpSbcFBK0c/gAXL0sJjPVZ433eB68qFjn/oLbmXr9
t+I9Y/a/ePAYC8eFaJ0PY5AoPHPzKALglO1EKiKb3VJuWtrNNzWCUZlS7vr1rcAp
QJDbf37Pz8oSQ64ebwqWAkwzqmR9ri9vxvoFu0q7WK7gTVNwEA9w00zcJyt0pNwe
W40R4DPXmTeDybCNzkAZaAMipomr94f0pizrNW0hNiUohp/jB68=
=yfUq
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 291 files
Ubuntu 63 files
LiquidWorm 29 files
indoushka 20 files
Debian 19 files
Apple 10 files
Google Security Research 7 files
Chokri Hammedi 3 files
Jann Horn 3 files
Emiliano Febbi 3 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,154)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,599)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,795)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,227)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,962)
UNIX (9,474)
UnixWare (188)
Windows (6,784)
Other

Debian Security Advisory 4995-1

Debian Security Advisory 4995-1

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Debian Security Advisory 4995-1

Share This

Debian Security Advisory 4995-1

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems