Opened 2 years ago
Closed 2 years ago
#16014 closed enhancement (fixed)
webkitgtk-2.34.5
| Reported by: | Douglas R. Reno | Owned by: | Douglas R. Reno |
|---|---|---|---|
| Priority: | high | Milestone: | 11.1 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description
New security release
Change History (7)
comment:2 by , 2 years ago
------------------------------------------------------------------------
WebKitGTK and WPE WebKit Security Advisory WSA-2022-0001
------------------------------------------------------------------------
Date reported : January 21, 2022
Advisory ID : WSA-2022-0001
WebKitGTK Advisory URL : https://webkitgtk.org/security/WSA-2022-0001.html
WPE WebKit Advisory URL : https://wpewebkit.org/security/WSA-2022-0001.html
CVE identifiers : CVE-2021-30934, CVE-2021-30936,
CVE-2021-30951, CVE-2021-30952,
CVE-2021-30953, CVE-2021-30954,
CVE-2021-30984, CVE-2022-XXXXX,
CVE-2021-45481, CVE-2021-45482,
CVE-2021-45483.
Several vulnerabilities were discovered in WebKitGTK and WPE WebKit.
CVE-2021-30934
Versions affected: WebKitGTK and WPE WebKit before 2.34.4.
Credit to Dani Biro.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: A buffer overflow issue was
addressed with improved memory handling.
CVE-2021-30936
Versions affected: WebKitGTK and WPE WebKit before 2.34.4.
Credit to Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher
lab.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: A use after free issue was
addressed with improved memory management.
CVE-2021-30951
Versions affected: WebKitGTK and WPE WebKit before 2.34.4.
Credit to Pangu.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: A use after free issue was
addressed with improved memory management.
CVE-2021-30952
Versions affected: WebKitGTK and WPE WebKit before 2.34.4.
Credit to WeBin.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: An integer overflow was
addressed with improved input validation.
CVE-2021-30953
Versions affected: WebKitGTK and WPE WebKit before 2.34.4.
Credit to VRIJ.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: An out-of-bounds read was
addressed with improved bounds checking.
CVE-2021-30954
Versions affected: WebKitGTK and WPE WebKit before 2.34.4.
Credit to Kunlun Lab.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: A type confusion issue was
addressed with improved memory handling.
CVE-2021-30984
Versions affected: WebKitGTK and WPE WebKit before 2.34.4.
Credit to Kunlun Lab.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: A race condition was
addressed with improved state handling.
CVE-2022-XXXXX
Versions affected: WebKitGTK and WPE WebKit before 2.34.4.
Credit to Martin Bajanik from fingerprintjs.com.
Impact: A malicious website may exfiltrate data cross-origin.
Description: A cross-origin issue existed with the IndexedDB. This
was addressed with improved checking of security origins.
Notes: There is a public PoC demonstrating this issue at
https://safarileaks.com so this issue may have been actively
exploited. We still don't know the CVE number that will be assigned
to this issue. We will update this advisory once we know it.
CVE-2021-45481
Versions affected: WebKitGTK and WPE WebKit before 2.34.0.
Credit to Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab.
Processing maliciously crafted web content may cause an application
crash due to an incorrect memory allocation in
WebCore::ImageBufferCairoImageSurfaceBackend::create
CVE-2021-45482
Versions affected: WebKitGTK and WPE WebKit before 2.32.4.
Credit to Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab.
Processing maliciously crafted web content may cause a memory
corruption issue (use-after-free) in WebCore::ContainerNode::firstChild
CVE-2021-45483
Versions affected: WebKitGTK and WPE WebKit before 2.34.0.
Credit to Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab.
Processing maliciously crafted web content may cause a memory
corruption issue (heap-use-after-free) in WebCore::Frame::page
We recommend updating to the latest stable versions of WebKitGTK and WPE
WebKit. It is the best way to ensure that you are running safe versions
of WebKit. Please check our websites for information about the latest
stable releases.
Further information about WebKitGTK and WPE WebKit security advisories
can be found at: https://webkitgtk.org/security.html or
https://wpewebkit.org/security/.
The WebKitGTK and WPE WebKit team,
January 21, 2022
In here, there are 8 arbitrary (technically remote) code execution vulnerabilities, a cross-origin data exfiltration bug that is being actively exploited, and 3 memory corruption/allocation vulnerabilities.
comment:3 by , 2 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:4 by , 2 years ago
| Summary: | webkitgtk-2.34.4 → webkitgtk-2.34.5 |
|---|
Now 2.34.5.
Improve VP8 codec selection when using GStreamer 1.20. Fix connecting to the accessiblity bus when using the Bubblewrap sandbox. Fix links being incorrectly activated when starting a pinch zoom gesture. Fix touch-based scrolling. Fix the build with recent toolchains based on GCC 12 and on older ones as included e.g. in Ubuntu 18.04. Fix the build with ICU 60, version 61 is no longer required. Fix several crashes and rendering issues.
comment:5 by , 2 years ago
Time to tack some additional CVEs into the list
------------------------------------------------------------------------
WebKitGTK and WPE WebKit Security Advisory WSA-2022-0002
------------------------------------------------------------------------
Date reported : February 09, 2022
Advisory ID : WSA-2022-0002
WebKitGTK Advisory URL : https://webkitgtk.org/security/WSA-2022-0002.html
WPE WebKit Advisory URL : https://wpewebkit.org/security/WSA-2022-0002.html
CVE identifiers : CVE-2022-22589, CVE-2022-22590,
CVE-2022-22592.
Several vulnerabilities were discovered in WebKitGTK and WPE WebKit.
CVE-2022-22589
Versions affected: WebKitGTK and WPE WebKit before 2.34.5.
Credit to Heige of KnownSec 404 Team (knownsec.com) and Bo Qu of
Palo Alto Networks (paloaltonetworks.com).
Impact: Processing a maliciously crafted mail message may lead to
running arbitrary javascript. Description: A validation issue was
addressed with improved input sanitization.
CVE-2022-22590
Versions affected: WebKitGTK and WPE WebKit before 2.34.5.
Credit to Toan Pham from Team Orca of Sea Security
(security.sea.com).
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: A use after free issue was
addressed with improved memory management.
CVE-2022-22592
Versions affected: WebKitGTK and WPE WebKit before 2.34.5.
Credit to Prakash (@1lastBr3ath).
Impact: Processing maliciously crafted web content may prevent
Content Security Policy from being enforced. Description: A logic
issue was addressed with improved state management.
We recommend updating to the latest stable versions of WebKitGTK and WPE
WebKit. It is the best way to ensure that you are running safe versions
of WebKit. Please check our websites for information about the latest
stable releases.
Further information about WebKitGTK and WPE WebKit security advisories
can be found at: https://webkitgtk.org/security.html or
https://wpewebkit.org/security/.
The WebKitGTK and WPE WebKit team,
February 09, 2022
Also good to know that Gstreamer issues were fixed with this. I should be able to get around to all of this stuff soon.
comment:6 by , 2 years ago
I now have ffmpeg-5.0 + gst-libav-1.20.0 + webkitgtk-2.34.5 + epiphany-41.3 and I can play 4K videos on bilibili.com.
comment:7 by , 2 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Fixed at 885bcd416dc03428a27908b61a4b92382e5fdcf1
Security Advisory coming later tonight with the other two security updates I have
Note:
See TracTickets
for help on using tickets.
