• [SECURITY] [DSA 4877-1] webkit2gtk security update

    From Salvatore Bonaccorso@21:1/5 to All on Sat Mar 27 07:50:01 2021
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-4877-1 security@debian.org https://www.debian.org/security/ Alberto Garcia
    March 27, 2021 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : webkit2gtk
    CVE ID : CVE-2020-27918 CVE-2020-29623 CVE-2021-1765 CVE-2021-1789
    CVE-2021-1799 CVE-2021-1801 CVE-2021-1870

    The following vulnerabilities have been discovered in the webkit2gtk
    web engine:

    CVE-2020-27918

    Liu Long discovered that processing maliciously crafted web
    content may lead to arbitrary code execution.

    CVE-2020-29623

    Simon Hunt discovered that users may be unable to fully delete
    their browsing history under some circumstances.

    CVE-2021-1765

    Eliya Stein discovered that maliciously crafted web content may
    violate iframe sandboxing policy.

    CVE-2021-1789

    @S0rryMybad discovered that processing maliciously crafted web
    content may lead to arbitrary code execution.

    CVE-2021-1799

    Gregory Vishnepolsky, Ben Seri and Samy Kamkar discovered that a
    malicious website may be able to access restricted ports on
    arbitrary servers.

    CVE-2021-1801

    Eliya Stein discovered that processing maliciously crafted web
    content may lead to arbitrary code execution.

    CVE-2021-1870

    An anonymous researcher discovered that processing maliciously
    crafted web content may lead to arbitrary code execution.

    For the stable distribution (buster), these problems have been fixed in
    version 2.30.6-1~deb10u1.

    We recommend that you upgrade your webkit2gtk packages.

    For the detailed security status of webkit2gtk please refer to
    its security tracker page at: https://security-tracker.debian.org/tracker/webkit2gtk

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org
    -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmBe0l1fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0S5hQ/8C2v1zUfBwSGNyQkeH/8SJ4P39FOtLS7uKAsBu24uFgQn0NJ2tITsGU+d MvPT813PYFND7RRjwch+KVhxfj1py0JzxeizGNJf8B5qocfCLJn/cGzrxIqurxVC eiwum9x49P9+kCBfiBBz3hTGiaVJa9HdgonauOhlxgVITYDqgE5Z5jTpKaM3lKQv qa9CIrP0zaGdOVwY9PUMRNCxJ1i90cKNePLaIE/a1R4p7pwa5sR069uu94PGahQx KDd8w0/3dFeQoQTALhvrkxdKCDgi4GWzCnB1KD2k4lZncPOrx0yGRx8H0lXO+MgN 6+0zg5EaG1bdk4aYoyYKTPIYPRVbJBpg9pisgJ+IL452P1F7zmaUq2vtSZMl7JIN xwzxuMKAR7letp+Ji7HRb34rex7ni0bIMndDs1sBjesUK1C9c2gRUtj2uhRStS9a 0sqmVjCqGxaXzsKL+5AqJY8VYbPCXvxhoNGHzGA6SdFv/bj8l6FOpsrFguNhpFJ4 6QdvgvFuRo2fYXsfRhosyLH4XXfyf4XZiDC4zX6Z1/Ata4mPJCgbS/aoewEIarm5 Nw426CdjAtefXdeRbRd/VRmZPNriolXlYI11VxhM9xpmw0Ag75jq+meNF3+wi9G0 6m8OoG+6FhUc4UcLv/OiSFHZgy3eTP6wIqa/6FG1gh7wta2+sXM=
    =IQ2D
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)