var-202108-1269
Vulnerability from variot
A type confusion issue was addressed with improved memory handling. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2020-27918) "Clear History and Website Data" did not clear the history. A user may be unable to fully delete browsing history. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. (CVE-2021-1789) A port redirection issue was found in WebKitGTK and WPE WebKit in versions prior to 2.30.6. A malicious website may be able to access restricted ports on arbitrary servers. The highest threat from this vulnerability is to data integrity. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-1870) A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. In order to trigger the vulnerability, a victim must be tricked into visiting a malicious webpage. (CVE-2021-21775) A use-after-free vulnerability exists in the way Webkit's GraphicsContext handles certain events in WebKitGTK 2.30.4. A victim must be tricked into visiting a malicious web page to trigger this vulnerability. (CVE-2021-21779) An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. The victim needs to visit a malicious web site to trigger the vulnerability. Apple is aware of a report that this issue may have been actively exploited.. Apple is aware of a report that this issue may have been actively exploited.. Apple is aware of a report that this issue may have been actively exploited.. A malicious application may be able to leak sensitive user information. A malicious website may be able to access restricted ports on arbitrary servers. Apple is aware of a report that this issue may have been actively exploited.. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30799) A use-after-free flaw was found in WebKitGTK. (CVE-2021-30809) A confusion type flaw was found in WebKitGTK. (CVE-2021-30818) An out-of-bounds read flaw was found in WebKitGTK. A specially crafted audio file could use this flaw to trigger a disclosure of memory when processed. (CVE-2021-30887) An information leak flaw was found in WebKitGTK. A malicious web site using Content Security Policy reports could use this flaw to leak information via redirects. (CVE-2021-30888) A buffer overflow flaw was found in WebKitGTK. (CVE-2021-30952) An out-of-bounds read was addressed with improved bounds checking. (CVE-2021-30984) ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none. (CVE-2021-32912) BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit prior to 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace. The impact is limited to host services that create UNIX sockets that WebKit mounts inside its sandbox, and the sandboxed process remains otherwise confined. NOTE: this is similar to CVE-2021-41133. (CVE-2021-42762) A segmentation violation vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. (CVE-2021-45481) A use-after-free vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. (CVE-2021-45482) A use-after-free vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. Video self-preview in a webRTC call may be interrupted if the user answers a phone call. (CVE-2022-26719) In WebKitGTK up to and including 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp. (CVE-2022-32792) Multiple out-of-bounds write issues were addressed with improved bounds checking. An app may be able to disclose kernel memory. Visiting a website that frames malicious content may lead to UI spoofing. Visiting a malicious website may lead to user interface spoofing. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1.. (CVE-2022-46700) A flaw was found in the WebKitGTK package. An improper input validation issue may lead to a use-after-free vulnerability. This may, in theory, allow a remote malicious user to create a specially crafted web page, trick the victim into opening it, trigger type confusion, and execute arbitrary code on the target system. (CVE-2023-23529) A use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25358) A use-after-free vulnerability in WebCore::RenderLayer::renderer in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25360) A use-after-free vulnerability in WebCore::RenderLayer::setNextSibling in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25361) A use-after-free vulnerability in WebCore::RenderLayer::repaintBlockSelectionGaps in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25362) A use-after-free vulnerability in WebCore::RenderLayer::updateDescendantDependentFlags in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25363) The vulnerability allows a remote malicious user to bypass Same Origin Policy restrictions. (CVE-2023-27932) The vulnerability exists due to excessive data output by the application. A remote attacker can track sensitive user information. (CVE-2023-27954) An out-of-bounds read issue in WebKit that could be abused to disclose sensitive information when processing web content. Apple is aware of a report that this issue may have been actively exploited. (CVE-2023-32373) N/A (CVE-2023-32409). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2021-12-15-6 watchOS 8.3
watchOS 8.3 addresses the following issues. CVE-2021-30960: JunDong Xie of Ant Security Light-Year Lab
CFNetwork Proxies Available for: Apple Watch Series 3 and later Impact: User traffic might unexpectedly be leaked to a proxy server despite PAC configurations Description: A logic issue was addressed with improved state management. CVE-2021-30957: JunDong Xie of Ant Security Light-Year Lab
CoreAudio Available for: Apple Watch Series 3 and later Impact: Playing a malicious audio file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-30958: JunDong Xie of Ant Security Light-Year Lab
Crash Reporter Available for: Apple Watch Series 3 and later Impact: A local attacker may be able to elevate their privileges Description: This issue was addressed with improved checks. CVE-2021-30939: Rui Yang and Xingwei Lin of Ant Security Light-Year Lab, Mickey Jin (@patch1t) of Trend Micro
Kernel Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2021-30916: Zweig of Kunlun Lab
Kernel Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption vulnerability was addressed with improved locking. CVE-2021-30937: Sergei Glazunov of Google Project Zero
Kernel Available for: Apple Watch Series 3 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2021-30927: Xinru Chi of Pangu Lab CVE-2021-30980: Xinru Chi of Pangu Lab
Kernel Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2021-30949: Ian Beer of Google Project Zero
Kernel Available for: Apple Watch Series 3 and later Impact: An attacker in a privileged network position may be able to execute arbitrary code Description: A buffer overflow issue was addressed with improved memory handling. CVE-2021-30993: OSS-Fuzz, Ned Williamson of Google Project Zero
Kernel Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved state handling. CVE-2021-30955: Zweig of Kunlun Lab
Preferences Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to elevate privileges Description: A race condition was addressed with improved state handling. CVE-2021-30995: Mickey Jin (@patch1t) of Trend Micro, Mickey Jin (@patch1t)
Sandbox Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to bypass certain Privacy preferences Description: A validation issue related to hard link behavior was addressed with improved sandbox restrictions. CVE-2021-30968: Csaba Fitzl (@theevilbit) of Offensive Security
Sandbox Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to bypass certain Privacy preferences Description: A logic issue was addressed with improved restrictions. CVE-2021-30946: @gorelics
Sandbox Available for: Apple Watch Series 3 and later Impact: An application may be able to access a user's files Description: An access issue was addressed with additional sandbox restrictions. CVE-2021-30947: Csaba Fitzl (@theevilbit) of Offensive Security
TCC Available for: Apple Watch Series 3 and later Impact: A local user may be able to modify protected parts of the file system Description: A logic issue was addressed with improved state management. CVE-2021-30767: @gorelics
TCC Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to bypass Privacy preferences Description: An inherited permissions issue was addressed with additional restrictions. CVE-2021-30954: Kunlun Lab
Additional recognition
Bluetooth We would like to acknowledge Haram Park, Korea University for their assistance.
ColorSync We would like to acknowledge Mateusz Jurczyk of Google Project Zero for their assistance.
Contacts We would like to acknowledge Minchan Park (03stin) for their assistance.
Kernel We would like to acknowledge Amit Klein of Bar-Ilan University's Center for Research in Applied Cryptography and Cyber Security for their assistance.
WebKit We would like to acknowledge Peter Snyder of Brave and Soroush Karami for their assistance.
Installation note:
Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641
To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About".
Alternatively, on your watch, select "My Watch > General > About".
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmG6UnYACgkQeC9qKD1p rhj6SQ//YijQ31LlBeSJC1QfKKY86KApE/FiGxuNG04YGeLBujsOxrfRw/xmd9Xn wkBGmpHOrtguoNYjANNXwFBornC3wk7nse8kND8nEv7HYO8zxAa5lMDjGtuO1SY1 eG4mUeWVEAw6Avzt7Y/2sFi6nK5ft6PzWJaBKc6GU4pipGxptrdPLohow8KLu4Xh TL60gUilkVWlvgEbVrI3AYmxeKdkdrJdAU+caGTZUUzWHJfzIOLkb4o1143OQfqj t1vJrA6Hy43fQdU/ceJi1n/DR4N+Xg9kWyEXI6+06m0Ss41QcWfMwEks7dT/zIG+ wlLR+00WO7VdCwHt5x/bz09YzdGWgoOUz5xNicqI0idyHmELtxlnYhXez48+j2Xz xnzdfOoCp9E7bXBOQa2bKZqffNmYMGK1hR1tcgF+3gsmz9Zz+huAG2VBNjVByYaS rwfvG7WhhbNc9qzm3fykvgq8NF7Z1G7RKNKPPzhG7QIAC5s4S0wemw1voy53yvmj FPisKbj/AT2+qUoOuYODNTMOJje0OcfnjoKdWrN63xIOPWShSfIx4bhjIHy3ASwj zn94MyzNhrVGOwoRXC+uQu0f/cdSUGx8L7XdHLp0sjAPMsrqE3X+RuMOFYtds7aI 1TwxV/lhKMX5VzOcPeBASRRbXNWYs6mIXKAHBGTKcNkIR0djZOk=onN+ -----END PGP SIGNATURE-----
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202202-01
https://security.gentoo.org/
Severity: High Title: WebkitGTK+: Multiple vulnerabilities Date: February 01, 2022 Bugs: #779175, #801400, #813489, #819522, #820434, #829723, #831739 ID: 202202-01
Synopsis
Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in the arbitrary execution of code.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/webkit-gtk < 2.34.4 >= 2.34.4
Description
Multiple vulnerabilities have been discovered in WebkitGTK+. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All WebkitGTK+ users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.34.4"
References
[ 1 ] CVE-2021-30848 https://nvd.nist.gov/vuln/detail/CVE-2021-30848 [ 2 ] CVE-2021-30888 https://nvd.nist.gov/vuln/detail/CVE-2021-30888 [ 3 ] CVE-2021-30682 https://nvd.nist.gov/vuln/detail/CVE-2021-30682 [ 4 ] CVE-2021-30889 https://nvd.nist.gov/vuln/detail/CVE-2021-30889 [ 5 ] CVE-2021-30666 https://nvd.nist.gov/vuln/detail/CVE-2021-30666 [ 6 ] CVE-2021-30665 https://nvd.nist.gov/vuln/detail/CVE-2021-30665 [ 7 ] CVE-2021-30890 https://nvd.nist.gov/vuln/detail/CVE-2021-30890 [ 8 ] CVE-2021-30661 https://nvd.nist.gov/vuln/detail/CVE-2021-30661 [ 9 ] WSA-2021-0005 https://webkitgtk.org/security/WSA-2021-0005.html [ 10 ] CVE-2021-30761 https://nvd.nist.gov/vuln/detail/CVE-2021-30761 [ 11 ] CVE-2021-30897 https://nvd.nist.gov/vuln/detail/CVE-2021-30897 [ 12 ] CVE-2021-30823 https://nvd.nist.gov/vuln/detail/CVE-2021-30823 [ 13 ] CVE-2021-30734 https://nvd.nist.gov/vuln/detail/CVE-2021-30734 [ 14 ] CVE-2021-30934 https://nvd.nist.gov/vuln/detail/CVE-2021-30934 [ 15 ] CVE-2021-1871 https://nvd.nist.gov/vuln/detail/CVE-2021-1871 [ 16 ] CVE-2021-30762 https://nvd.nist.gov/vuln/detail/CVE-2021-30762 [ 17 ] WSA-2021-0006 https://webkitgtk.org/security/WSA-2021-0006.html [ 18 ] CVE-2021-30797 https://nvd.nist.gov/vuln/detail/CVE-2021-30797 [ 19 ] CVE-2021-30936 https://nvd.nist.gov/vuln/detail/CVE-2021-30936 [ 20 ] CVE-2021-30663 https://nvd.nist.gov/vuln/detail/CVE-2021-30663 [ 21 ] CVE-2021-1825 https://nvd.nist.gov/vuln/detail/CVE-2021-1825 [ 22 ] CVE-2021-30951 https://nvd.nist.gov/vuln/detail/CVE-2021-30951 [ 23 ] CVE-2021-30952 https://nvd.nist.gov/vuln/detail/CVE-2021-30952 [ 24 ] CVE-2021-1788 https://nvd.nist.gov/vuln/detail/CVE-2021-1788 [ 25 ] CVE-2021-1820 https://nvd.nist.gov/vuln/detail/CVE-2021-1820 [ 26 ] CVE-2021-30953 https://nvd.nist.gov/vuln/detail/CVE-2021-30953 [ 27 ] CVE-2021-30749 https://nvd.nist.gov/vuln/detail/CVE-2021-30749 [ 28 ] CVE-2021-30849 https://nvd.nist.gov/vuln/detail/CVE-2021-30849 [ 29 ] CVE-2021-1826 https://nvd.nist.gov/vuln/detail/CVE-2021-1826 [ 30 ] CVE-2021-30836 https://nvd.nist.gov/vuln/detail/CVE-2021-30836 [ 31 ] CVE-2021-30954 https://nvd.nist.gov/vuln/detail/CVE-2021-30954 [ 32 ] CVE-2021-30984 https://nvd.nist.gov/vuln/detail/CVE-2021-30984 [ 33 ] CVE-2021-30851 https://nvd.nist.gov/vuln/detail/CVE-2021-30851 [ 34 ] CVE-2021-30758 https://nvd.nist.gov/vuln/detail/CVE-2021-30758 [ 35 ] CVE-2021-42762 https://nvd.nist.gov/vuln/detail/CVE-2021-42762 [ 36 ] CVE-2021-1844 https://nvd.nist.gov/vuln/detail/CVE-2021-1844 [ 37 ] CVE-2021-30689 https://nvd.nist.gov/vuln/detail/CVE-2021-30689 [ 38 ] CVE-2021-45482 https://nvd.nist.gov/vuln/detail/CVE-2021-45482 [ 39 ] CVE-2021-30858 https://nvd.nist.gov/vuln/detail/CVE-2021-30858 [ 40 ] CVE-2021-21779 https://nvd.nist.gov/vuln/detail/CVE-2021-21779 [ 41 ] WSA-2021-0004 https://webkitgtk.org/security/WSA-2021-0004.html [ 42 ] CVE-2021-30846 https://nvd.nist.gov/vuln/detail/CVE-2021-30846 [ 43 ] CVE-2021-30744 https://nvd.nist.gov/vuln/detail/CVE-2021-30744 [ 44 ] CVE-2021-30809 https://nvd.nist.gov/vuln/detail/CVE-2021-30809 [ 45 ] CVE-2021-30884 https://nvd.nist.gov/vuln/detail/CVE-2021-30884 [ 46 ] CVE-2021-30720 https://nvd.nist.gov/vuln/detail/CVE-2021-30720 [ 47 ] CVE-2021-30799 https://nvd.nist.gov/vuln/detail/CVE-2021-30799 [ 48 ] CVE-2021-30795 https://nvd.nist.gov/vuln/detail/CVE-2021-30795 [ 49 ] CVE-2021-1817 https://nvd.nist.gov/vuln/detail/CVE-2021-1817 [ 50 ] CVE-2021-21775 https://nvd.nist.gov/vuln/detail/CVE-2021-21775 [ 51 ] CVE-2021-30887 https://nvd.nist.gov/vuln/detail/CVE-2021-30887 [ 52 ] CVE-2021-21806 https://nvd.nist.gov/vuln/detail/CVE-2021-21806 [ 53 ] CVE-2021-30818 https://nvd.nist.gov/vuln/detail/CVE-2021-30818
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202202-01
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: webkit2gtk3 security, bug fix, and enhancement update Advisory ID: RHSA-2022:1777-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:1777 Issue date: 2022-05-10 CVE Names: CVE-2021-30809 CVE-2021-30818 CVE-2021-30823 CVE-2021-30836 CVE-2021-30846 CVE-2021-30848 CVE-2021-30849 CVE-2021-30851 CVE-2021-30884 CVE-2021-30887 CVE-2021-30888 CVE-2021-30889 CVE-2021-30890 CVE-2021-30897 CVE-2021-30934 CVE-2021-30936 CVE-2021-30951 CVE-2021-30952 CVE-2021-30953 CVE-2021-30954 CVE-2021-30984 CVE-2021-45481 CVE-2021-45482 CVE-2021-45483 CVE-2022-22589 CVE-2022-22590 CVE-2022-22592 CVE-2022-22594 CVE-2022-22620 CVE-2022-22637 =====================================================================
- Summary:
An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64
- Description:
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
The following packages have been upgraded to a later upstream version: webkit2gtk3 (2.34.6).
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.6 Release Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
Red Hat Enterprise Linux AppStream (v. 8):
Source: webkit2gtk3-2.34.6-1.el8.src.rpm
aarch64: webkit2gtk3-2.34.6-1.el8.aarch64.rpm webkit2gtk3-debuginfo-2.34.6-1.el8.aarch64.rpm webkit2gtk3-debugsource-2.34.6-1.el8.aarch64.rpm webkit2gtk3-devel-2.34.6-1.el8.aarch64.rpm webkit2gtk3-devel-debuginfo-2.34.6-1.el8.aarch64.rpm webkit2gtk3-jsc-2.34.6-1.el8.aarch64.rpm webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.aarch64.rpm webkit2gtk3-jsc-devel-2.34.6-1.el8.aarch64.rpm webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.aarch64.rpm
ppc64le: webkit2gtk3-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-debuginfo-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-debugsource-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-devel-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-devel-debuginfo-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-jsc-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-jsc-devel-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.ppc64le.rpm
s390x: webkit2gtk3-2.34.6-1.el8.s390x.rpm webkit2gtk3-debuginfo-2.34.6-1.el8.s390x.rpm webkit2gtk3-debugsource-2.34.6-1.el8.s390x.rpm webkit2gtk3-devel-2.34.6-1.el8.s390x.rpm webkit2gtk3-devel-debuginfo-2.34.6-1.el8.s390x.rpm webkit2gtk3-jsc-2.34.6-1.el8.s390x.rpm webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.s390x.rpm webkit2gtk3-jsc-devel-2.34.6-1.el8.s390x.rpm webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.s390x.rpm
x86_64: webkit2gtk3-2.34.6-1.el8.i686.rpm webkit2gtk3-2.34.6-1.el8.x86_64.rpm webkit2gtk3-debuginfo-2.34.6-1.el8.i686.rpm webkit2gtk3-debuginfo-2.34.6-1.el8.x86_64.rpm webkit2gtk3-debugsource-2.34.6-1.el8.i686.rpm webkit2gtk3-debugsource-2.34.6-1.el8.x86_64.rpm webkit2gtk3-devel-2.34.6-1.el8.i686.rpm webkit2gtk3-devel-2.34.6-1.el8.x86_64.rpm webkit2gtk3-devel-debuginfo-2.34.6-1.el8.i686.rpm webkit2gtk3-devel-debuginfo-2.34.6-1.el8.x86_64.rpm webkit2gtk3-jsc-2.34.6-1.el8.i686.rpm webkit2gtk3-jsc-2.34.6-1.el8.x86_64.rpm webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.i686.rpm webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.x86_64.rpm webkit2gtk3-jsc-devel-2.34.6-1.el8.i686.rpm webkit2gtk3-jsc-devel-2.34.6-1.el8.x86_64.rpm webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.i686.rpm webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-30809 https://access.redhat.com/security/cve/CVE-2021-30818 https://access.redhat.com/security/cve/CVE-2021-30823 https://access.redhat.com/security/cve/CVE-2021-30836 https://access.redhat.com/security/cve/CVE-2021-30846 https://access.redhat.com/security/cve/CVE-2021-30848 https://access.redhat.com/security/cve/CVE-2021-30849 https://access.redhat.com/security/cve/CVE-2021-30851 https://access.redhat.com/security/cve/CVE-2021-30884 https://access.redhat.com/security/cve/CVE-2021-30887 https://access.redhat.com/security/cve/CVE-2021-30888 https://access.redhat.com/security/cve/CVE-2021-30889 https://access.redhat.com/security/cve/CVE-2021-30890 https://access.redhat.com/security/cve/CVE-2021-30897 https://access.redhat.com/security/cve/CVE-2021-30934 https://access.redhat.com/security/cve/CVE-2021-30936 https://access.redhat.com/security/cve/CVE-2021-30951 https://access.redhat.com/security/cve/CVE-2021-30952 https://access.redhat.com/security/cve/CVE-2021-30953 https://access.redhat.com/security/cve/CVE-2021-30954 https://access.redhat.com/security/cve/CVE-2021-30984 https://access.redhat.com/security/cve/CVE-2021-45481 https://access.redhat.com/security/cve/CVE-2021-45482 https://access.redhat.com/security/cve/CVE-2021-45483 https://access.redhat.com/security/cve/CVE-2022-22589 https://access.redhat.com/security/cve/CVE-2022-22590 https://access.redhat.com/security/cve/CVE-2022-22592 https://access.redhat.com/security/cve/CVE-2022-22594 https://access.redhat.com/security/cve/CVE-2022-22620 https://access.redhat.com/security/cve/CVE-2022-22637 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc.
For the oldstable distribution (buster), these problems have been fixed in version 2.34.4-1~deb10u1.
For the stable distribution (bullseye), these problems have been fixed in version 2.34.4-1~deb11u1.
We recommend that you upgrade your webkit2gtk packages
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202108-1269", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "watchos", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "8.3" }, { "model": "ipados", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "15.2" }, { "model": "iphone os", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "15.2" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "10.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "11.0" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "34" }, { "model": "macos", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "12.1" }, { "model": "safari", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "15.2" }, { "model": "tvos", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "15.2" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "35" }, { "model": "macos", "scope": "gte", "trust": 1.0, "vendor": "apple", "version": "12.0" } ], "sources": [ { "db": "NVD", "id": "CVE-2021-30954" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "15.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "15.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "12.1", "versionStartIncluding": "12.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "15.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "15.2", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-30954" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apple", "sources": [ { "db": "PACKETSTORM", "id": "165358" }, { "db": "PACKETSTORM", "id": "165359" }, { "db": "PACKETSTORM", "id": "165360" } ], "trust": 0.3 }, "cve": "CVE-2021-30954", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "VHN-390687", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "CVE-2021-30954", "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.1, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-30954", "trust": 1.0, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202108-2055", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-390687", "trust": 0.1, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2021-30954", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-390687" }, { "db": "VULMON", "id": "CVE-2021-30954" }, { "db": "NVD", "id": "CVE-2021-30954" }, { "db": "CNNVD", "id": "CNNVD-202108-2055" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A type confusion issue was addressed with improved memory handling. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2020-27918)\n\"Clear History and Website Data\" did not clear the history. A user may be unable to fully delete browsing history. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. (CVE-2021-1789)\nA port redirection issue was found in WebKitGTK and WPE WebKit in versions prior to 2.30.6. A malicious website may be able to access restricted ports on arbitrary servers. The highest threat from this vulnerability is to data integrity. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-1870)\nA use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. In order to trigger the vulnerability, a victim must be tricked into visiting a malicious webpage. (CVE-2021-21775)\nA use-after-free vulnerability exists in the way Webkit\u0027s GraphicsContext handles certain events in WebKitGTK 2.30.4. A victim must be tricked into visiting a malicious web page to trigger this vulnerability. (CVE-2021-21779)\nAn exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. The victim needs to visit a malicious web site to trigger the vulnerability. Apple is aware of a report that this issue may have been actively exploited.. Apple is aware of a report that this issue may have been actively exploited.. Apple is aware of a report that this issue may have been actively exploited.. A malicious application may be able to leak sensitive user information. A malicious website may be able to access restricted ports on arbitrary servers. Apple is aware of a report that this issue may have been actively exploited.. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30799)\nA use-after-free flaw was found in WebKitGTK. (CVE-2021-30809)\nA confusion type flaw was found in WebKitGTK. (CVE-2021-30818)\nAn out-of-bounds read flaw was found in WebKitGTK. A specially crafted audio file could use this flaw to trigger a disclosure of memory when processed. (CVE-2021-30887)\nAn information leak flaw was found in WebKitGTK. A malicious web site using Content Security Policy reports could use this flaw to leak information via redirects. (CVE-2021-30888)\nA buffer overflow flaw was found in WebKitGTK. (CVE-2021-30952)\nAn out-of-bounds read was addressed with improved bounds checking. (CVE-2021-30984)\n** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none. (CVE-2021-32912)\nBubblewrapLauncher.cpp in WebKitGTK and WPE WebKit prior to 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace. The impact is limited to host services that create UNIX sockets that WebKit mounts inside its sandbox, and the sandboxed process remains otherwise confined. NOTE: this is similar to CVE-2021-41133. (CVE-2021-42762)\nA segmentation violation vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. (CVE-2021-45481)\nA use-after-free vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. (CVE-2021-45482)\nA use-after-free vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. Video self-preview in a webRTC call may be interrupted if the user answers a phone call. (CVE-2022-26719)\nIn WebKitGTK up to and including 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp. (CVE-2022-32792)\nMultiple out-of-bounds write issues were addressed with improved bounds checking. An app may be able to disclose kernel memory. Visiting a website that frames malicious content may lead to UI spoofing. Visiting a malicious website may lead to user interface spoofing. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1.. (CVE-2022-46700)\nA flaw was found in the WebKitGTK package. An improper input validation issue may lead to a use-after-free vulnerability. This may, in theory, allow a remote malicious user to create a specially crafted web page, trick the victim into opening it, trigger type confusion, and execute arbitrary code on the target system. (CVE-2023-23529)\nA use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25358)\nA use-after-free vulnerability in WebCore::RenderLayer::renderer in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25360)\nA use-after-free vulnerability in WebCore::RenderLayer::setNextSibling in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25361)\nA use-after-free vulnerability in WebCore::RenderLayer::repaintBlockSelectionGaps in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25362)\nA use-after-free vulnerability in WebCore::RenderLayer::updateDescendantDependentFlags in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25363)\nThe vulnerability allows a remote malicious user to bypass Same Origin Policy restrictions. (CVE-2023-27932)\nThe vulnerability exists due to excessive data output by the application. A remote attacker can track sensitive user information. (CVE-2023-27954)\nAn out-of-bounds read issue in WebKit that could be abused to disclose sensitive information when processing web content. Apple is aware of a report that this issue may have been actively exploited. (CVE-2023-32373)\nN/A (CVE-2023-32409). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2021-12-15-6 watchOS 8.3\n\nwatchOS 8.3 addresses the following issues. \nCVE-2021-30960: JunDong Xie of Ant Security Light-Year Lab\n\nCFNetwork Proxies\nAvailable for: Apple Watch Series 3 and later\nImpact: User traffic might unexpectedly be leaked to a proxy server\ndespite PAC configurations\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30957: JunDong Xie of Ant Security Light-Year Lab\n\nCoreAudio\nAvailable for: Apple Watch Series 3 and later\nImpact: Playing a malicious audio file may lead to arbitrary code\nexecution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2021-30958: JunDong Xie of Ant Security Light-Year Lab\n\nCrash Reporter\nAvailable for: Apple Watch Series 3 and later\nImpact: A local attacker may be able to elevate their privileges\nDescription: This issue was addressed with improved checks. \nCVE-2021-30939: Rui Yang and Xingwei Lin of Ant Security Light-Year\nLab, Mickey Jin (@patch1t) of Trend Micro\n\nKernel\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2021-30916: Zweig of Kunlun Lab\n\nKernel\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption vulnerability was addressed with\nimproved locking. \nCVE-2021-30937: Sergei Glazunov of Google Project Zero\n\nKernel\nAvailable for: Apple Watch Series 3 and later\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2021-30927: Xinru Chi of Pangu Lab\nCVE-2021-30980: Xinru Chi of Pangu Lab\n\nKernel\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2021-30949: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: Apple Watch Series 3 and later\nImpact: An attacker in a privileged network position may be able to\nexecute arbitrary code\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nCVE-2021-30993: OSS-Fuzz, Ned Williamson of Google Project Zero\n\nKernel\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2021-30955: Zweig of Kunlun Lab\n\nPreferences\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to elevate privileges\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2021-30995: Mickey Jin (@patch1t) of Trend Micro, Mickey Jin\n(@patch1t)\n\nSandbox\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to bypass certain Privacy\npreferences\nDescription: A validation issue related to hard link behavior was\naddressed with improved sandbox restrictions. \nCVE-2021-30968: Csaba Fitzl (@theevilbit) of Offensive Security\n\nSandbox\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to bypass certain Privacy\npreferences\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2021-30946: @gorelics\n\nSandbox\nAvailable for: Apple Watch Series 3 and later\nImpact: An application may be able to access a user\u0027s files\nDescription: An access issue was addressed with additional sandbox\nrestrictions. \nCVE-2021-30947: Csaba Fitzl (@theevilbit) of Offensive Security\n\nTCC\nAvailable for: Apple Watch Series 3 and later\nImpact: A local user may be able to modify protected parts of the\nfile system\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30767: @gorelics\n\nTCC\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to bypass Privacy\npreferences\nDescription: An inherited permissions issue was addressed with\nadditional restrictions. \nCVE-2021-30954: Kunlun Lab\n\nAdditional recognition\n\nBluetooth\nWe would like to acknowledge Haram Park, Korea University for their\nassistance. \n\nColorSync\nWe would like to acknowledge Mateusz Jurczyk of Google Project Zero\nfor their assistance. \n\nContacts\nWe would like to acknowledge Minchan Park (03stin) for their\nassistance. \n\nKernel\nWe would like to acknowledge Amit Klein of Bar-Ilan University\u0027s\nCenter for Research in Applied Cryptography and Cyber Security for\ntheir assistance. \n\nWebKit\nWe would like to acknowledge Peter Snyder of Brave and Soroush Karami\nfor their assistance. \n\nInstallation note:\n\nInstructions on how to update your Apple Watch software are\navailable at https://support.apple.com/kb/HT204641\n\nTo check the version on your Apple Watch, open the Apple Watch app\non your iPhone and select \"My Watch \u003e General \u003e About\". \n\nAlternatively, on your watch, select \"My Watch \u003e General \u003e About\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmG6UnYACgkQeC9qKD1p\nrhj6SQ//YijQ31LlBeSJC1QfKKY86KApE/FiGxuNG04YGeLBujsOxrfRw/xmd9Xn\nwkBGmpHOrtguoNYjANNXwFBornC3wk7nse8kND8nEv7HYO8zxAa5lMDjGtuO1SY1\neG4mUeWVEAw6Avzt7Y/2sFi6nK5ft6PzWJaBKc6GU4pipGxptrdPLohow8KLu4Xh\nTL60gUilkVWlvgEbVrI3AYmxeKdkdrJdAU+caGTZUUzWHJfzIOLkb4o1143OQfqj\nt1vJrA6Hy43fQdU/ceJi1n/DR4N+Xg9kWyEXI6+06m0Ss41QcWfMwEks7dT/zIG+\nwlLR+00WO7VdCwHt5x/bz09YzdGWgoOUz5xNicqI0idyHmELtxlnYhXez48+j2Xz\nxnzdfOoCp9E7bXBOQa2bKZqffNmYMGK1hR1tcgF+3gsmz9Zz+huAG2VBNjVByYaS\nrwfvG7WhhbNc9qzm3fykvgq8NF7Z1G7RKNKPPzhG7QIAC5s4S0wemw1voy53yvmj\nFPisKbj/AT2+qUoOuYODNTMOJje0OcfnjoKdWrN63xIOPWShSfIx4bhjIHy3ASwj\nzn94MyzNhrVGOwoRXC+uQu0f/cdSUGx8L7XdHLp0sjAPMsrqE3X+RuMOFYtds7aI\n1TwxV/lhKMX5VzOcPeBASRRbXNWYs6mIXKAHBGTKcNkIR0djZOk=onN+\n-----END PGP SIGNATURE-----\n\n\n\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202202-01\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: WebkitGTK+: Multiple vulnerabilities\n Date: February 01, 2022\n Bugs: #779175, #801400, #813489, #819522, #820434, #829723,\n #831739\n ID: 202202-01\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been found in WebkitGTK+, the worst of\nwhich could result in the arbitrary execution of code. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-libs/webkit-gtk \u003c 2.34.4 \u003e= 2.34.4\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in WebkitGTK+. Please\nreview the CVE identifiers referenced below for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll WebkitGTK+ users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-libs/webkit-gtk-2.34.4\"\n\nReferences\n=========\n[ 1 ] CVE-2021-30848\n https://nvd.nist.gov/vuln/detail/CVE-2021-30848\n[ 2 ] CVE-2021-30888\n https://nvd.nist.gov/vuln/detail/CVE-2021-30888\n[ 3 ] CVE-2021-30682\n https://nvd.nist.gov/vuln/detail/CVE-2021-30682\n[ 4 ] CVE-2021-30889\n https://nvd.nist.gov/vuln/detail/CVE-2021-30889\n[ 5 ] CVE-2021-30666\n https://nvd.nist.gov/vuln/detail/CVE-2021-30666\n[ 6 ] CVE-2021-30665\n https://nvd.nist.gov/vuln/detail/CVE-2021-30665\n[ 7 ] CVE-2021-30890\n https://nvd.nist.gov/vuln/detail/CVE-2021-30890\n[ 8 ] CVE-2021-30661\n https://nvd.nist.gov/vuln/detail/CVE-2021-30661\n[ 9 ] WSA-2021-0005\n https://webkitgtk.org/security/WSA-2021-0005.html\n[ 10 ] CVE-2021-30761\n https://nvd.nist.gov/vuln/detail/CVE-2021-30761\n[ 11 ] CVE-2021-30897\n https://nvd.nist.gov/vuln/detail/CVE-2021-30897\n[ 12 ] CVE-2021-30823\n https://nvd.nist.gov/vuln/detail/CVE-2021-30823\n[ 13 ] CVE-2021-30734\n https://nvd.nist.gov/vuln/detail/CVE-2021-30734\n[ 14 ] CVE-2021-30934\n https://nvd.nist.gov/vuln/detail/CVE-2021-30934\n[ 15 ] CVE-2021-1871\n https://nvd.nist.gov/vuln/detail/CVE-2021-1871\n[ 16 ] CVE-2021-30762\n https://nvd.nist.gov/vuln/detail/CVE-2021-30762\n[ 17 ] WSA-2021-0006\n https://webkitgtk.org/security/WSA-2021-0006.html\n[ 18 ] CVE-2021-30797\n https://nvd.nist.gov/vuln/detail/CVE-2021-30797\n[ 19 ] CVE-2021-30936\n https://nvd.nist.gov/vuln/detail/CVE-2021-30936\n[ 20 ] CVE-2021-30663\n https://nvd.nist.gov/vuln/detail/CVE-2021-30663\n[ 21 ] CVE-2021-1825\n https://nvd.nist.gov/vuln/detail/CVE-2021-1825\n[ 22 ] CVE-2021-30951\n https://nvd.nist.gov/vuln/detail/CVE-2021-30951\n[ 23 ] CVE-2021-30952\n https://nvd.nist.gov/vuln/detail/CVE-2021-30952\n[ 24 ] CVE-2021-1788\n https://nvd.nist.gov/vuln/detail/CVE-2021-1788\n[ 25 ] CVE-2021-1820\n https://nvd.nist.gov/vuln/detail/CVE-2021-1820\n[ 26 ] CVE-2021-30953\n https://nvd.nist.gov/vuln/detail/CVE-2021-30953\n[ 27 ] CVE-2021-30749\n https://nvd.nist.gov/vuln/detail/CVE-2021-30749\n[ 28 ] CVE-2021-30849\n https://nvd.nist.gov/vuln/detail/CVE-2021-30849\n[ 29 ] CVE-2021-1826\n https://nvd.nist.gov/vuln/detail/CVE-2021-1826\n[ 30 ] CVE-2021-30836\n https://nvd.nist.gov/vuln/detail/CVE-2021-30836\n[ 31 ] CVE-2021-30954\n https://nvd.nist.gov/vuln/detail/CVE-2021-30954\n[ 32 ] CVE-2021-30984\n https://nvd.nist.gov/vuln/detail/CVE-2021-30984\n[ 33 ] CVE-2021-30851\n https://nvd.nist.gov/vuln/detail/CVE-2021-30851\n[ 34 ] CVE-2021-30758\n https://nvd.nist.gov/vuln/detail/CVE-2021-30758\n[ 35 ] CVE-2021-42762\n https://nvd.nist.gov/vuln/detail/CVE-2021-42762\n[ 36 ] CVE-2021-1844\n https://nvd.nist.gov/vuln/detail/CVE-2021-1844\n[ 37 ] CVE-2021-30689\n https://nvd.nist.gov/vuln/detail/CVE-2021-30689\n[ 38 ] CVE-2021-45482\n https://nvd.nist.gov/vuln/detail/CVE-2021-45482\n[ 39 ] CVE-2021-30858\n https://nvd.nist.gov/vuln/detail/CVE-2021-30858\n[ 40 ] CVE-2021-21779\n https://nvd.nist.gov/vuln/detail/CVE-2021-21779\n[ 41 ] WSA-2021-0004\n https://webkitgtk.org/security/WSA-2021-0004.html\n[ 42 ] CVE-2021-30846\n https://nvd.nist.gov/vuln/detail/CVE-2021-30846\n[ 43 ] CVE-2021-30744\n https://nvd.nist.gov/vuln/detail/CVE-2021-30744\n[ 44 ] CVE-2021-30809\n https://nvd.nist.gov/vuln/detail/CVE-2021-30809\n[ 45 ] CVE-2021-30884\n https://nvd.nist.gov/vuln/detail/CVE-2021-30884\n[ 46 ] CVE-2021-30720\n https://nvd.nist.gov/vuln/detail/CVE-2021-30720\n[ 47 ] CVE-2021-30799\n https://nvd.nist.gov/vuln/detail/CVE-2021-30799\n[ 48 ] CVE-2021-30795\n https://nvd.nist.gov/vuln/detail/CVE-2021-30795\n[ 49 ] CVE-2021-1817\n https://nvd.nist.gov/vuln/detail/CVE-2021-1817\n[ 50 ] CVE-2021-21775\n https://nvd.nist.gov/vuln/detail/CVE-2021-21775\n[ 51 ] CVE-2021-30887\n https://nvd.nist.gov/vuln/detail/CVE-2021-30887\n[ 52 ] CVE-2021-21806\n https://nvd.nist.gov/vuln/detail/CVE-2021-21806\n[ 53 ] CVE-2021-30818\n https://nvd.nist.gov/vuln/detail/CVE-2021-30818\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202202-01\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: webkit2gtk3 security, bug fix, and enhancement update\nAdvisory ID: RHSA-2022:1777-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:1777\nIssue date: 2022-05-10\nCVE Names: CVE-2021-30809 CVE-2021-30818 CVE-2021-30823 \n CVE-2021-30836 CVE-2021-30846 CVE-2021-30848 \n CVE-2021-30849 CVE-2021-30851 CVE-2021-30884 \n CVE-2021-30887 CVE-2021-30888 CVE-2021-30889 \n CVE-2021-30890 CVE-2021-30897 CVE-2021-30934 \n CVE-2021-30936 CVE-2021-30951 CVE-2021-30952 \n CVE-2021-30953 CVE-2021-30954 CVE-2021-30984 \n CVE-2021-45481 CVE-2021-45482 CVE-2021-45483 \n CVE-2022-22589 CVE-2022-22590 CVE-2022-22592 \n CVE-2022-22594 CVE-2022-22620 CVE-2022-22637 \n=====================================================================\n\n1. Summary:\n\nAn update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nWebKitGTK is the port of the portable web rendering engine WebKit to the\nGTK platform. \n\nThe following packages have been upgraded to a later upstream version:\nwebkit2gtk3 (2.34.6). \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.6 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 8):\n\nSource:\nwebkit2gtk3-2.34.6-1.el8.src.rpm\n\naarch64:\nwebkit2gtk3-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-debuginfo-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-debugsource-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-devel-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-devel-debuginfo-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-jsc-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-jsc-debuginfo-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-jsc-devel-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.aarch64.rpm\n\nppc64le:\nwebkit2gtk3-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-debuginfo-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-debugsource-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-devel-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-devel-debuginfo-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-jsc-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-jsc-debuginfo-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-jsc-devel-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.ppc64le.rpm\n\ns390x:\nwebkit2gtk3-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-debuginfo-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-debugsource-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-devel-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-devel-debuginfo-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-jsc-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-jsc-debuginfo-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-jsc-devel-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.s390x.rpm\n\nx86_64:\nwebkit2gtk3-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-debuginfo-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-debuginfo-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-debugsource-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-debugsource-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-devel-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-devel-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-devel-debuginfo-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-devel-debuginfo-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-jsc-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-jsc-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-jsc-debuginfo-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-jsc-debuginfo-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-jsc-devel-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-jsc-devel-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-30809\nhttps://access.redhat.com/security/cve/CVE-2021-30818\nhttps://access.redhat.com/security/cve/CVE-2021-30823\nhttps://access.redhat.com/security/cve/CVE-2021-30836\nhttps://access.redhat.com/security/cve/CVE-2021-30846\nhttps://access.redhat.com/security/cve/CVE-2021-30848\nhttps://access.redhat.com/security/cve/CVE-2021-30849\nhttps://access.redhat.com/security/cve/CVE-2021-30851\nhttps://access.redhat.com/security/cve/CVE-2021-30884\nhttps://access.redhat.com/security/cve/CVE-2021-30887\nhttps://access.redhat.com/security/cve/CVE-2021-30888\nhttps://access.redhat.com/security/cve/CVE-2021-30889\nhttps://access.redhat.com/security/cve/CVE-2021-30890\nhttps://access.redhat.com/security/cve/CVE-2021-30897\nhttps://access.redhat.com/security/cve/CVE-2021-30934\nhttps://access.redhat.com/security/cve/CVE-2021-30936\nhttps://access.redhat.com/security/cve/CVE-2021-30951\nhttps://access.redhat.com/security/cve/CVE-2021-30952\nhttps://access.redhat.com/security/cve/CVE-2021-30953\nhttps://access.redhat.com/security/cve/CVE-2021-30954\nhttps://access.redhat.com/security/cve/CVE-2021-30984\nhttps://access.redhat.com/security/cve/CVE-2021-45481\nhttps://access.redhat.com/security/cve/CVE-2021-45482\nhttps://access.redhat.com/security/cve/CVE-2021-45483\nhttps://access.redhat.com/security/cve/CVE-2022-22589\nhttps://access.redhat.com/security/cve/CVE-2022-22590\nhttps://access.redhat.com/security/cve/CVE-2022-22592\nhttps://access.redhat.com/security/cve/CVE-2022-22594\nhttps://access.redhat.com/security/cve/CVE-2022-22620\nhttps://access.redhat.com/security/cve/CVE-2022-22637\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n\nFor the oldstable distribution (buster), these problems have been fixed\nin version 2.34.4-1~deb10u1. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 2.34.4-1~deb11u1. \n\nWe recommend that you upgrade your webkit2gtk packages", "sources": [ { "db": "NVD", "id": "CVE-2021-30954" }, { "db": "VULHUB", "id": "VHN-390687" }, { "db": "VULMON", "id": "CVE-2021-30954" }, { "db": "PACKETSTORM", "id": "165358" }, { "db": "PACKETSTORM", "id": "165359" }, { "db": "PACKETSTORM", "id": "165360" }, { "db": "PACKETSTORM", "id": "165794" }, { "db": "PACKETSTORM", "id": "167037" }, { "db": "PACKETSTORM", "id": "169186" }, { "db": "PACKETSTORM", "id": "169195" } ], "trust": 1.71 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-30954", "trust": 2.5 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2022/01/21/2", "trust": 1.8 }, { "db": "PACKETSTORM", "id": "167037", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "165360", "trust": 0.8 }, { "db": "CS-HELP", "id": "SB2022012631", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021121510", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021121434", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022051140", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022012301", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.0371", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.0899", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.4260", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.0405", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202108-2055", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "165359", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "165358", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-390687", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2021-30954", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "165794", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "169186", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "169195", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-390687" }, { "db": "VULMON", "id": "CVE-2021-30954" }, { "db": "PACKETSTORM", "id": "165358" }, { "db": "PACKETSTORM", "id": "165359" }, { "db": "PACKETSTORM", "id": "165360" }, { "db": "PACKETSTORM", "id": "165794" }, { "db": "PACKETSTORM", "id": "167037" }, { "db": "PACKETSTORM", "id": "169186" }, { "db": "PACKETSTORM", "id": "169195" }, { "db": "NVD", "id": "CVE-2021-30954" }, { "db": "CNNVD", "id": "CNNVD-202108-2055" } ] }, "id": "VAR-202108-1269", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-390687" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T11:15:56.390000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Apple tvOS Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=175815" }, { "title": "Red Hat: CVE-2021-30954", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2021-30954" }, { "title": "Debian Security Advisories: DSA-5060-1 webkit2gtk -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=743b4956bba0b69beefec691bcb80a4f" }, { "title": "Debian Security Advisories: DSA-5061-1 wpewebkit -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=de655d6c12336519b9a7054c0eb4670d" }, { "title": "Amazon Linux 2: ALAS2-2023-2088", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2023-2088" } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-30954" }, { "db": "CNNVD", "id": "CNNVD-202108-2055" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-843", "trust": 1.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-390687" }, { "db": "NVD", "id": "CVE-2021-30954" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "https://support.apple.com/en-us/ht212976" }, { "trust": 2.4, "url": "https://support.apple.com/en-us/ht212982" }, { "trust": 1.9, "url": "https://www.debian.org/security/2022/dsa-5060" }, { "trust": 1.8, "url": "https://www.debian.org/security/2022/dsa-5061" }, { "trust": 1.8, "url": "https://support.apple.com/en-us/ht212975" }, { "trust": 1.8, "url": "https://support.apple.com/en-us/ht212978" }, { "trust": 1.8, "url": "https://support.apple.com/en-us/ht212980" }, { "trust": 1.8, "url": "http://www.openwall.com/lists/oss-security/2022/01/21/2" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7eqvz3cemtinlbz7pbc7wrxvevcrhnsm/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/hqkwd4bxrdd2ygr5avu7h5j5piqieu6v/" }, { "trust": 0.8, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7eqvz3cemtinlbz7pbc7wrxvevcrhnsm/" }, { "trust": 0.8, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/hqkwd4bxrdd2ygr5avu7h5j5piqieu6v/" }, { "trust": 0.8, "url": "https://access.redhat.com/security/cve/cve-2021-30954" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30936" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30984" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30953" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30952" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30951" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30954" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30934" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0371" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-37064" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/167037/red-hat-security-advisory-2022-1777-01.html" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021121510" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/webkitgtk-multiple-vulnerabilities-37345" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022051140" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.4260" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0405" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021121434" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0899" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/165360/apple-security-advisory-2021-12-15-7.html" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022012301" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022012631" }, { "trust": 0.3, "url": "https://www.apple.com/support/security/pgp/" }, { "trust": 0.3, "url": "https://support.apple.com/kb/ht201222" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30966" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30926" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30957" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30958" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30960" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30916" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30927" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30945" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30939" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30955" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30937" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30968" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30980" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30949" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30947" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30942" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30849" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30851" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30887" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30846" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30884" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30897" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30890" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30818" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-45482" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30809" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30889" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30823" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30888" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30848" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30836" }, { "trust": 0.2, "url": "https://www.debian.org/security/faq" }, { "trust": 0.2, "url": "https://www.debian.org/security/" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/843.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://alas.aws.amazon.com/al2/alas-2023-2088.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30993" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30995" }, { "trust": 0.1, "url": "https://support.apple.com/ht212980." }, { "trust": 0.1, "url": "https://support.apple.com/kb/ht204641" }, { "trust": 0.1, "url": "https://support.apple.com/ht212975." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30946" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30767" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30964" }, { "trust": 0.1, "url": "https://support.apple.com/ht212982." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1844" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30744" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1820" }, { "trust": 0.1, "url": "https://security.gentoo.org/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30762" }, { "trust": 0.1, "url": "https://webkitgtk.org/security/wsa-2021-0005.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30858" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30682" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30663" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1817" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-42762" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30758" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30799" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21779" }, { "trust": 0.1, "url": "https://security.gentoo.org/glsa/202202-01" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1871" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30665" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30795" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1825" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30661" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30666" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30734" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30797" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21775" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1826" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30749" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30689" }, { "trust": 0.1, "url": "https://webkitgtk.org/security/wsa-2021-0004.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30761" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30720" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1788" }, { "trust": 0.1, "url": "https://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "https://webkitgtk.org/security/wsa-2021-0006.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21806" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-22592" }, { "trust": 0.1, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-22637" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30809" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30846" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22589" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30890" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:1777" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30888" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-22620" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30887" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30952" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30823" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-45483" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22590" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30897" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30936" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-22594" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30851" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30848" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30934" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-45483" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30849" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30836" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-45481" }, { "trust": 0.1, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30818" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30889" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-45482" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30951" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-22589" }, { "trust": 0.1, "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30953" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30984" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-45481" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-22590" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30884" }, { "trust": 0.1, "url": "https://security-tracker.debian.org/tracker/webkit2gtk" }, { "trust": 0.1, "url": "https://security-tracker.debian.org/tracker/wpewebkit" } ], "sources": [ { "db": "VULHUB", "id": "VHN-390687" }, { "db": "VULMON", "id": "CVE-2021-30954" }, { "db": "PACKETSTORM", "id": "165358" }, { "db": "PACKETSTORM", "id": "165359" }, { "db": "PACKETSTORM", "id": "165360" }, { "db": "PACKETSTORM", "id": "165794" }, { "db": "PACKETSTORM", "id": "167037" }, { "db": "PACKETSTORM", "id": "169186" }, { "db": "PACKETSTORM", "id": "169195" }, { "db": "NVD", "id": "CVE-2021-30954" }, { "db": "CNNVD", "id": "CNNVD-202108-2055" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-390687" }, { "db": "VULMON", "id": "CVE-2021-30954" }, { "db": "PACKETSTORM", "id": "165358" }, { "db": "PACKETSTORM", "id": "165359" }, { "db": "PACKETSTORM", "id": "165360" }, { "db": "PACKETSTORM", "id": "165794" }, { "db": "PACKETSTORM", "id": "167037" }, { "db": "PACKETSTORM", "id": "169186" }, { "db": "PACKETSTORM", "id": "169195" }, { "db": "NVD", "id": "CVE-2021-30954" }, { "db": "CNNVD", "id": "CNNVD-202108-2055" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-08-24T00:00:00", "db": "VULHUB", "id": "VHN-390687" }, { "date": "2021-08-24T00:00:00", "db": "VULMON", "id": "CVE-2021-30954" }, { "date": "2021-12-17T19:19:55", "db": "PACKETSTORM", "id": "165358" }, { "date": "2021-12-17T19:20:06", "db": "PACKETSTORM", "id": "165359" }, { "date": "2021-12-17T19:23:27", "db": "PACKETSTORM", "id": "165360" }, { "date": "2022-02-01T17:03:05", "db": "PACKETSTORM", "id": "165794" }, { "date": "2022-05-11T15:50:41", "db": "PACKETSTORM", "id": "167037" }, { "date": "2022-01-28T20:12:00", "db": "PACKETSTORM", "id": "169186" }, { "date": "2022-01-28T20:12:00", "db": "PACKETSTORM", "id": "169195" }, { "date": "2021-08-24T19:15:21.860000", "db": "NVD", "id": "CVE-2021-30954" }, { "date": "2021-08-24T00:00:00", "db": "CNNVD", "id": "CNNVD-202108-2055" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-02-25T00:00:00", "db": "VULHUB", "id": "VHN-390687" }, { "date": "2022-02-25T00:00:00", "db": "VULMON", "id": "CVE-2021-30954" }, { "date": "2023-11-07T03:34:02", "db": "NVD", "id": "CVE-2021-30954" }, { "date": "2022-05-12T00:00:00", "db": "CNNVD", "id": "CNNVD-202108-2055" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202108-2055" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apple tvOS Security hole", "sources": [ { "db": "CNNVD", "id": "CNNVD-202108-2055" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202108-2055" } ], "trust": 0.6 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.