FEDORA-2020-e8a7566e80

GLSA-202012-10

https://talosintelligence.com/vulnerability_reports/TALOS-2020-1195

This update for webkit2gtk3 fixes the following issues :

-webkit2gtk3 was updated to version 2.30.3 (bsc#1179122 bsc#1179451) :

  - CVE-2021-13543: Fixed a use after free which could have     led to arbitrary code execution.

  - CVE-2021-13584: Fixed a use after free which could have     led to arbitrary code execution.

  - CVE-2021-9948: Fixed a type confusion which could have     led to arbitrary code execution.

  - CVE-2021-9951: Fixed a use after free which could have     led to arbitrary code execution.

  - CVE-2021-9983: Fixed an out of bounds write which could     have led to arbitrary code execution.

  - Have the libwebkit2gtk package require     libjavascriptcoregtk of the same version (bsc#1171531).

  - Enable c_loop on aarch64: currently needed for     compilation to succeed with JIT disabled. Also disable     sampling profiler, since it conflicts with c_loop     (bsc#1177087).

This update was imported from the SUSE:SLE-15:Update update project.

This update for webkit2gtk3 fixes the following issues :

-webkit2gtk3 was updated to version 2.30.3 (bsc#1179122 bsc#1179451) :

  - CVE-2021-13543: Fixed a use after free which could have     led to arbitrary code execution.

  - CVE-2021-13584: Fixed a use after free which could have     led to arbitrary code execution.

  - CVE-2021-9948: Fixed a type confusion which could have     led to arbitrary code execution.

  - CVE-2021-9951: Fixed a use after free which could have     led to arbitrary code execution.

  - CVE-2021-9983: Fixed an out of bounds write which could     have led to arbitrary code execution.

  - Have the libwebkit2gtk package require     libjavascriptcoregtk of the same version (bsc#1171531).

  - Enable c_loop on aarch64: currently needed for     compilation to succeed with JIT disabled. Also disable     sampling profiler, since it conflicts with c_loop     (bsc#1177087).

This update was imported from the SUSE:SLE-15-SP2:Update update project.

The remote host is affected by the vulnerability described in GLSA-202012-10 (WebkitGTK+: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in WebKitGTK+. Please       review the CVE identifiers referenced below for details.
  Impact :

    An attacker, by enticing a user to visit maliciously crafted web       content, may be able to execute arbitrary code or cause memory       corruption.
  Workaround :

    There is no known workaround at this time.

This update for webkit2gtk3 fixes the following issues :

-webkit2gtk3 was updated to version 2.30.3 (bsc#1179122 bsc#1179451) :

  - CVE-2021-13543: Fixed a use after free which could have     led to arbitrary code execution.

  - CVE-2021-13584: Fixed a use after free which could have     led to arbitrary code execution.

  - CVE-2021-9948: Fixed a type confusion which could have     led to arbitrary code execution.

  - CVE-2021-9951: Fixed a use after free which could have     led to arbitrary code execution.

  - CVE-2021-9983: Fixed an out of bounds write which could     have led to arbitrary code execution.

  - Have the libwebkit2gtk package require     libjavascriptcoregtk of the same version (bsc#1171531).

  - Enable c_loop on aarch64: currently needed for     compilation to succeed with JIT disabled. Also disable     sampling profiler, since it conflicts with c_loop     (bsc#1177087).

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Update to WebKitGTK 2.30.3 :

  - Fix backdrop filters with rounded borders.

  - Fix scrolling iframes when async scrolling is enabled.

  - Allow applications to handle drag and drop on the web     view again.

  - Update Outlook user agent quirk.

  - Fix several crashes and rendering issues.

  - Security fixes: CVE-2020-9983, CVE-2020-13584

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The following vulnerabilities have been discovered in the webkit2gtk web engine :

  - CVE-2020-9948     Brendan Draper discovered that processing maliciously     crafted web content may lead to arbitrary code     execution.

  - CVE-2020-9951     Marcin Noga discovered that processing maliciously     crafted web content may lead to arbitrary code     execution.

  - CVE-2020-9983     zhunki discovered that processing maliciously crafted     web content may lead to code execution.

  - CVE-2020-13584     Cisco discovered that processing maliciously crafted web     content may lead to arbitrary code execution.

ID	Name	Product	Family	Severity
145374	openSUSE Security Update : webkit2gtk3 (openSUSE-2020-2304)	Nessus	SuSE Local Security Checks	medium
145331	openSUSE Security Update : webkit2gtk3 (openSUSE-2020-2310)	Nessus	SuSE Local Security Checks	medium
144597	GLSA-202012-10 : WebkitGTK+: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	medium
144432	SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2020:3867-1)	Nessus	SuSE Local Security Checks	medium
144427	SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2020:3864-1)	Nessus	SuSE Local Security Checks	medium
143453	Fedora 32 : webkit2gtk3 (2020-e8a7566e80)	Nessus	Fedora Local Security Checks	medium
143291	Fedora 33 : webkit2gtk3 (2020-145877bcd3)	Nessus	Fedora Local Security Checks	medium
143260	Debian DSA-4797-1 : webkit2gtk - security update	Nessus	Debian Local Security Checks	medium

CVE-2020-13584

MEDIUM

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Configuration 2

Tenable Plugins

medium

medium

medium

medium

medium

medium

medium

medium