MGASA-2021-0400

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2021-0400.html

Import Source

https://advisories.mageia.org/MGASA-2021-0400.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2021-0400

Related

Published

2021-08-14T14:00:09Z

Modified

2021-08-14T13:28:14Z

Summary

Updated webkit2 packages fix security vulnerabilities

Details

Updated webkit2 packages fix security vulnerabilities:

A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. In order to trigger the vulnerability, a victim must be tricked into visiting a malicious webpage (CVE-2021-21775).

A use-after-free vulnerability exists in the way Webkit GraphicsContext handles certain events in WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability (CVE-2021-21779).

Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2021-30663, CVE-2021-30665, CVE-2021-30734, CVE-2021-30749, CVE-2021-30758, CVE-2021-30795, CVE-2021-30797, CVE-2021-30799).

Processing maliciously crafted web content may lead to universal cross site scripting (CVE-2021-30689, CVE-2021-30744).

A malicious website may be able to access restricted ports on arbitrary servers (CVE-2021-30720).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:8 / webkit2

Package

Name: webkit2
Purl: pkg:rpm/mageia/webkit2?distro=mageia-8

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.32.3-1.mga8

Ecosystem specific

{
    "section": "core"
}