SB2022020101 - Gentoo update for WebkitGTK+
Published: February 1, 2022
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 50 secuirty vulnerabilities.
1) Use-after-free (CVE-ID: CVE-2021-1788)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in WebKit. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
2) Buffer overflow (CVE-ID: CVE-2021-1817)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing web content in WebKit. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
3) Improper Initialization (CVE-ID: CVE-2021-1820)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to improper memory initialization in WebKit. A remote attacker can create a specially crafted web page, trick the victim into visiting it and disclose contents of process memory.
4) Universal cross-site scripting (CVE-ID: CVE-2021-1825)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
5) Universal cross-site scripting (CVE-ID: CVE-2021-1826)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data within WebKit. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
6) Buffer overflow (CVE-ID: CVE-2021-1844)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing web content in WebKit. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
7) Business Logic Errors (CVE-ID: CVE-2021-1871)
The vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to a logic issue in the WebKit component. A remote attacker can trick a victim to visit a malicious website and execute arbitrary code on the system.
Note: The vulnerability is being actively exploited in the wild.
8) Use-after-free (CVE-ID: CVE-2021-21775)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when when processing HTML content. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
9) Use-after-free (CVE-ID: CVE-2021-21779)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing HTML content in WebKit. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
10) Use-after-free (CVE-ID: CVE-2021-21806)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing HTML content. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
11) Use-after-free (CVE-ID: CVE-2021-30661)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing web content within the WebKit Storage component. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
12) Integer overflow (CVE-ID: CVE-2021-30663)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in WebKit. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
13) Buffer overflow (CVE-ID: CVE-2021-30665)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in WebKit. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
14) Buffer overflow (CVE-ID: CVE-2021-30666)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in WebKit. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
15) Information disclosure (CVE-ID: CVE-2021-30682)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in webKit. A remote attacker can gain unauthorized access to sensitive user information.
16) Universal cross-site scripting (CVE-ID: CVE-2021-30689)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in WebKit. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
17) Security features bypass (CVE-ID: CVE-2021-30720)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists in WebKit due to the way the component handles links to internal resources. A remote attacker can create a specially crafted web page and trick the application to connect to arbitrary internal addresses.
18) Buffer overflow (CVE-ID: CVE-2021-30734)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content in WebKit. A remote attacker can create a specially crafted web oage, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
19) Universal cross-site scripting (CVE-ID: CVE-2021-30744)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in WebKit. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
20) Buffer overflow (CVE-ID: CVE-2021-30749)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content within the KeyframeEffect class in WebKit. A remote attacker can create a specially crafted web oage, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
21) Type Confusion (CVE-ID: CVE-2021-30758)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error in WebKit. A remote attacker can trick the victim to open a specially crafted website, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
22) Buffer overflow (CVE-ID: CVE-2021-30761)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content within the WebKit component in Apple iOS. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
23) Use-after-free (CVE-ID: CVE-2021-30762)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content within the WebKit component in Apple iOS. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
24) Use-after-free (CVE-ID: CVE-2021-30795)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing HTML content in WebKit. A remote attacker can create a specially crafted website, trick the victim into visiting it, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
25) Input validation error (CVE-ID: CVE-2021-30797)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation of user-supplied input in WebKit. A remote attacker can trick the victim to visit a specially crafted website and execute arbitrary code on the system.
26) Buffer overflow (CVE-ID: CVE-2021-30799)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content in WebKit. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
27) Use-after-free (CVE-ID: CVE-2021-30809)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing HTML content in WebKit. A remote attacker can trick the victim to visit a specially crafted website, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
28) Type Confusion (CVE-ID: CVE-2021-30818)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error in WebKit. A remote attacker can trick the victim to visit a specially crafted website, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
29) Man-in-the-Middle (MitM) attack (CVE-ID: CVE-2021-30823)
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists in WebKit. A remote attacker can bypass HSTS and perform MitM attack.
30) Out-of-bounds read (CVE-ID: CVE-2021-30836)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in WebKit. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
31) Memory corruption (CVE-ID: CVE-2021-30846)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content in WebKit. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
32) Memory corruption (CVE-ID: CVE-2021-30848)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content in WebKit. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
33) Memory corruption (CVE-ID: CVE-2021-30849)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content in WebKit. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
34) Memory corruption (CVE-ID: CVE-2021-30851)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content in WebKit. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
35) Use-after-free (CVE-ID: CVE-2021-30858)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing HTML content in WebKit. A remote attacker can trick the victim to visit a specially crafted web page, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
Note, the vulnerability is being actively exploited in-the-wild.
36) Information disclosure (CVE-ID: CVE-2021-30884)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists in the WebKit component when processing CSS files. A remote attacker can trick the victim to open a specially crafted website and obtain user's browsing history.
37) Security restrictions bypass (CVE-ID: CVE-2021-30887)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due an error within the WebKit component. A remote attacker can trick the victim to open a specially crafted website and bypass Content Security Policy restrictions.
38) Information disclosure (CVE-ID: CVE-2021-30888)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists in WebKit. A malicious website using Content Security Policy reports may be able to leak information via redirect behavior.
39) Buffer overflow (CVE-ID: CVE-2021-30889)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content in WebKit. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
40) Universal Cross-site scripting (CVE-ID: CVE-2021-30890)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in WebKLit. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
41) Information disclosure (CVE-ID: CVE-2021-30897)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists in the WebKit specification for the resource timing API. A remote attacker can exfiltrate cross-origin data, if the victim visits a specially crafted website.
42) Buffer overflow (CVE-ID: CVE-2021-30934)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in WebKit. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
43) Use-after-free (CVE-ID: CVE-2021-30936)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in WebKit when processing HTML content. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
44) Use-after-free (CVE-ID: CVE-2021-30951)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in WebKit when processing HTML content. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
45) Integer overflow (CVE-ID: CVE-2021-30952)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in WebKit. A remote attacker can trick the victim to visit a specially crafted web page, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
46) Out-of-bounds read (CVE-ID: CVE-2021-30953)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing HTML content in WebKit. A remote attacker can create a specially crafted website, trick the victim into opening it using the affected software, trigger out-of-bounds read error and execute arbitrary code on the target system.
47) Type Confusion (CVE-ID: CVE-2021-30954)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error in WebKit. A remote attacker can trick the victim to visit a specially crafted website, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
48) Race condition (CVE-ID: CVE-2021-30984)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a race condition in WebKit. A local user can trick the victim to visit a specially crafted website, trigger a race condition and execute arbitrary code on the system.
49) Security restrictions bypass (CVE-ID: CVE-2021-42762)
The vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists in BubblewrapLauncher.cpp due to application allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox. A local user can abuse the VFS syscalls that manipulate its filesystem namespace and bypass implemented security restrictions. The impact is limited to host services that create UNIX sockets that WebKit mounts inside its sandbox, and the sandboxed process remains otherwise confined.
50) Use-after-free (CVE-ID: CVE-2021-45482)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when in WebCore::ContainerNode::firstChild. A remote attacker can trick the victim to open a specially crafted web page, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
Remediation
Install update from vendor's website.