Debian Security Advisory 4996-1

Debian Security Advisory 4996-1: Posted Oct 28, 2021; Authored by Debian | Site debian.org; Debian Linux Security Advisory 4996-1 - The following vulnerabilities have been discovered in the wpewebkit web engine.; tags | advisory, web, vulnerability; systems | linux, debian; advisories | CVE-2021-30846, CVE-2021-30851, CVE-2021-42762; SHA-256 | bb243531bc6a39ae06f45f1996bcbea68d212382918c06fb0306d81fafe45a44; Download | Favorite | View

Debian Security Advisory 4996-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4996-1                   security@debian.org
https://www.debian.org/security/                           Alberto Garcia
October 29, 2021                      https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : wpewebkit
CVE ID         : CVE-2021-30846 CVE-2021-30851 CVE-2021-42762

The following vulnerabilities have been discovered in the wpewebkit
web engine:

CVE-2021-30846

    Sergei Glazunov discovered that processing maliciously crafted web
    content may lead to arbitrary code execution

CVE-2021-30851

    Samuel Gross discovered that processing maliciously crafted web
    content may lead to code execution

CVE-2021-42762

    An anonymous reporter discovered a limited Bubblewrap sandbox
    bypass that allows a sandboxed process to trick host processes
    into thinking the sandboxed process is not confined.

For the stable distribution (bullseye), these problems have been fixed in
version 2.34.1-1~deb11u1.

We recommend that you upgrade your wpewebkit packages.

For the detailed security status of wpewebkit please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/wpewebkit

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEYrwugQBKzlHMYFizAAyEYu0C2AIFAmF7IFIACgkQAAyEYu0C
2AIzsQ/+Mk/nRYF/q8i9u6EpR3y/iYfx67rKCFRMkXVzthBfTPMmC6NR1rVHGhjI
N6ruqermXxZ2EzQCZ/5xMPxGIREONX7m6F1YFqPX50IByw4Mb9vmvci4TQyuHfYO
EYQomeP3mLQKyOjyJwB+RhmYrZx+wqU3A0p0kD8pETswfNe6R0hA4itGzBqFhXcS
znBV+6aj2MCO88ohacE2sw0T4ttE9AUu7u5tDKE4KOM2tWHIQcio/p8XhSm2Ef0n
Ak6xrnvkpHQpKrD3EBscRuT36XxZrX5KmhzcXfcIoAvUrm+HLQsjz/N84rb4ykt4
Od7pWZRuUOL/A/1DcWAZyDWhO95+rMRHQiTVwU8DUh7sZBloIo66QdPxfjT4p01i
5vJ4nFeDqrRJ2mnfo4VxHDWlkJ/vkGjXEo6WKnY7bw+bO522yRAzBaZxXE896UeA
DA2qgR/IDeVejh/8OosM1yIaiLKQ5FeF9gPSEulF2m0RbZAVQR93VriRyZ9OSTaj
7AQ8kREW9ztMxtxV6c9bu6yJOVPbhlw0zNSV1kG5qdLj5fgffSiQEjvUcQfzqoVo
+dgZc1ATG4bKzDZqrzu9IliJodYhGlfieXAshfhuSR2DxG0++KTjnlOk24eTXt9H
POVkE0Saz56qb+T56WGjpfcVRbdx17BndcPj7GvHOL+rGs72KTc=
=URfn
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 291 files
Ubuntu 63 files
LiquidWorm 29 files
indoushka 20 files
Debian 19 files
Apple 10 files
Google Security Research 7 files
Chokri Hammedi 3 files
Jann Horn 3 files
Emiliano Febbi 3 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,154)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,599)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,795)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,227)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,962)
UNIX (9,474)
UnixWare (188)
Windows (6,784)
Other

Debian Security Advisory 4996-1

Debian Security Advisory 4996-1

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Debian Security Advisory 4996-1

Share This

Debian Security Advisory 4996-1

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems