Detections
Analytics
Debian DSA-4877-1 : webkit2gtk - security update
critical Nessus Plugin ID 148236
Language:
Synopsis
The remote Debian host is missing a security-related update.Description
The following vulnerabilities have been discovered in the webkit2gtk web engine :- CVE-2020-27918 Liu Long discovered that processing maliciously crafted web content may lead to arbitrary code execution.
- CVE-2020-29623 Simon Hunt discovered that users may be unable to fully delete their browsing history under some circumstances.
- CVE-2021-1765 Eliya Stein discovered that maliciously crafted web content may violate iframe sandboxing policy.
- CVE-2021-1789 @S0rryMybad discovered that processing maliciously crafted web content may lead to arbitrary code execution.
- CVE-2021-1799 Gregory Vishnepolsky, Ben Seri and Samy Kamkar discovered that a malicious website may be able to access restricted ports on arbitrary servers.
- CVE-2021-1801 Eliya Stein discovered that processing maliciously crafted web content may lead to arbitrary code execution.
- CVE-2021-1870 An anonymous researcher discovered that processing maliciously crafted web content may lead to arbitrary code execution.
Solution
Upgrade the webkit2gtk packages.For the stable distribution (buster), these problems have been fixed in version 2.30.6-1~deb10u1.
See Also
https://security-tracker.debian.org/tracker/CVE-2021-1799
https://security-tracker.debian.org/tracker/CVE-2021-1801
https://security-tracker.debian.org/tracker/CVE-2021-1870
https://security-tracker.debian.org/tracker/source-package/webkit2gtk
https://packages.debian.org/source/buster/webkit2gtk
https://www.debian.org/security/2021/dsa-4877
https://security-tracker.debian.org/tracker/CVE-2020-27918
https://security-tracker.debian.org/tracker/CVE-2020-29623
Plugin Details
Severity: Critical
ID: 148236
File Name: debian_DSA-4877.nasl
Version: 1.8
Type: local
Agent: unix
Family: Debian Local Security Checks
Published: 3/30/2021
Updated: 5/6/2022
Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus
Risk Information
VPR
Risk Factor: High
Score: 7.4
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 6.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS Score Source: CVE-2021-1870
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Temporal Score: 9.4
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:debian:debian_linux:webkit2gtk, cpe:/o:debian:debian_linux:10.0
Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 3/27/2021
Vulnerability Publication Date: 12/8/2020
CISA Known Exploited Vulnerability Due Dates: 11/17/2021, 5/25/2022
Reference Information
CVE: CVE-2020-27918, CVE-2020-29623, CVE-2021-1765, CVE-2021-1789, CVE-2021-1799, CVE-2021-1801, CVE-2021-1870
DSA: 4877