GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Sat May 01, 2021 2:26 am Post subject: [ GLSA 202104-03 ] WebkitGTK+ |
 |
|
Gentoo Linux Security Advisory
Title: WebkitGTK+: Multiple vulnerabilities (GLSA 202104-03)
Severity: normal
Exploitable: local, remote
Date: 2021-04-30
Bug(s): #770793, #773193
ID: 202104-03
Synopsis
Multiple vulnerabilities have been found in WebkitGTK+, the worst
of which could result in the arbitrary execution of code.
Background
WebKitGTK+ is a full-featured port of the WebKit rendering engine,
suitable for projects requiring any kind of web integration, from hybrid
HTML/CSS applications to full-fledged web browsers.
Affected Packages
Package: net-libs/webkit-gtk
Vulnerable: < 2.30.6
Unaffected: >= 2.30.6
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in WebkitGTK+. Please
review the CVE identifiers referenced below for details.
Impact
An attacker, by enticing a user to visit maliciously crafted web
content, may be able to execute arbitrary code, violate iframe sandboxing
policy, access restricted ports on arbitrary servers, cause memory
corruption, or could cause a Denial of Service condition.
Workaround
There is no known workaround at this time.
Resolution
All WebkitGTK+ users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.30.6"
|
References
CVE-2020-13558
CVE-2020-27918
CVE-2020-29623
CVE-2020-9947
CVE-2021-1765
CVE-2021-1789
CVE-2021-1799
CVE-2021-1801
CVE-2021-1870
WSA-2021-0001
WSA-2021-0002 |
|
News & Announcements
