[ GLSA 202202-01 ] WebkitGTK+

[GLSA]

Gentoo Linux Security Advisory

Title: WebkitGTK+: Multiple vulnerabilities (GLSA 202202-01)
Severity: high
Exploitable: remote
Date: 2022-02-01
Bug(s): #779175, #801400, #813489, #819522, #820434, #829723, #831739
ID: 202202-01

Synopsis

Multiple vulnerabilities have been found in WebkitGTK+, the worst of
which could result in the arbitrary execution of code.


Background

WebKitGTK+ is a full-featured port of the WebKit rendering engine,
suitable for projects requiring any kind of web integration,
from hybrid HTML/CSS applications to full-fledged web browsers.


Affected Packages

Package: net-libs/webkit-gtk
Vulnerable: < 2.34.4
Unaffected: >= 2.34.4
Architectures: All supported architectures


Description

Multiple vulnerabilities have been discovered in WebkitGTK+. Please
review the CVE identifiers referenced below for details.


Impact

An attacker, by enticing a user to visit maliciously
crafted web content, may be able to execute arbitrary code, violate
iframe sandboxing policy, access restricted ports on arbitrary
servers, cause memory corruption, or could cause a Denial of Service
condition.

Workaround

There is no known workaround at this time.

Resolution

All WebkitGTK+ users should upgrade to the latest version: