Opened 3 months ago

Closed 3 months ago

Last modified 2 months ago

#15306 closed enhancement (fixed)

WebKitGTK-2.32.3

Reported by: Douglas R. Reno Owned by: Douglas R. Reno
Priority: high Milestone: 11.0
Component: BOOK Version: git
Severity: normal Keywords:
Cc:

Description

New point version

Change History (5)

comment:1 by Douglas R. Reno, 3 months ago

Owner: changed from blfs-book to Douglas R. Reno
Status: newassigned

Couple more GNOME things.

comment:2 by Douglas R. Reno, 3 months ago

First, the normal release notes

What's new in the WebKitGTK 2.32.3 release?
===========================================

  - Properly set the cookies settings after a network process crash.
  - Fix accessibility tree after a cross site navigation with PSON enabled.
  - Ensure WebKitScriptWorld::window-object-cleared signal is always emitted.
  - Fix several crashes and rendering issues.

comment:3 by Douglas R. Reno, 3 months ago

Priority: normalhigh

Now, let's talk Security.

CVE-2021-21775
    Versions affected: WebKitGTK and WPE WebKit before 2.32.3.
    Credit to Marcin Towalski of Cisco Talos.
    A use-after-free vulnerability exists in the way certain events are
    processed for ImageLoader objects of WebKit. A specially crafted web
    page can lead to a potential information leak and further memory
    corruption. In order to trigger the vulnerability, a victim must be
    tricked into visiting a malicious webpage.


CVE-2021-21779
    Versions affected: WebKitGTK and WPE WebKit before 2.32.3.
    Credit to Marcin Towalski of Cisco Talos.
    A use-after-free vulnerability exists in the way that WebKit
    GraphicsContext handles certain events. A specially crafted web page
    can lead to a potential information leak and further memory
    corruption. A victim must be tricked into visiting a malicious web
    page to trigger this vulnerability.


CVE-2021-30663
    Versions affected: WebKitGTK and WPE WebKit before 2.32.3.
    Credit to an anonymous researcher.
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: An integer overflow was
    addressed with improved input validation.

CVE-2021-30665
    Versions affected: WebKitGTK and WPE WebKit before 2.32.3.
    Credit to yangkang (@dnpushme)&zerokeeper&bianliang of 360 ATA.
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Apple is aware of a report that this issue
    may have been actively exploited. Description: A memory corruption
    issue was addressed with improved state management.

CVE-2021-30689
    Versions affected: WebKitGTK and WPE WebKit before 2.32.3.
    Credit to an anonymous researcher.
    Impact: Processing maliciously crafted web content may lead to
    universal cross site scripting. Description: A logic issue was
    addressed with improved state management.

CVE-2021-30720
    Versions affected: WebKitGTK and WPE WebKit before 2.32.3.
    Credit to David Schütz (@xdavidhu).
    Impact: A malicious website may be able to access restricted ports
    on arbitrary servers. Description: A logic issue was addressed with
    improved restrictions.

CVE-2021-30734
    Versions affected: WebKitGTK and WPE WebKit before 2.32.3.
    Credit to Jack Dates of RET2 Systems, Inc. (@ret2systems) working
    with Trend Micro Zero Day Initiative.
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: Multiple memory corruption
    issues were addressed with improved memory handling.

CVE-2021-30744
    Versions affected: WebKitGTK and WPE WebKit before 2.32.3.
    Credit to Dan Hite of jsontop.
    Impact: Processing maliciously crafted web content may lead to
    universal cross site scripting. Description: A cross-origin issue
    with iframe elements was addressed with improved tracking of
    security origins.

CVE-2021-30749
    Versions affected: WebKitGTK and WPE WebKit before 2.32.3.
    Credit to an anonymous researcher and mipu94 of SEFCOM lab, ASU.
    working with Trend Micro Zero Day Initiative.
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: Multiple memory corruption
    issues were addressed with improved memory handling.

CVE-2021-30795
    Versions affected: WebKitGTK and WPE WebKit before 2.32.3.
    Credit to Sergei Glazunov of Google Project Zero.
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: A use after free issue was
    addressed with improved memory management.

CVE-2021-30797
    Versions affected: WebKitGTK and WPE WebKit before 2.32.3.
    Credit to Ivan Fratric of Google Project Zero.
    Impact: Processing maliciously crafted web content may lead to code
    execution. Description: This issue was addressed with improved
    checks.

CVE-2021-30799
    Versions affected: WebKitGTK and WPE WebKit before 2.32.3.
    Credit to Sergei Glazunov of Google Project Zero.
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: Multiple memory corruption
    issues were addressed with improved memory handling.

Here is a quick count:

Arbitrary Code Execution: 6

Cross Site Scripting: 2

Information Leak: 2

Port Scanning: 1

At least one of these is being actively exploited in the wild. Because of this, I am marking this as High.

comment:4 by Douglas R. Reno, 3 months ago

Resolution: fixed
Status: assignedclosed

comment:5 by Bruce Dubbs, 2 months ago

Milestone: 10.211.0

Milestone renamed

Note: See TracTickets for help on using tickets.