Bug 1191937 (CVE-2021-42762)

Summary: VUL-0: CVE-2021-42762: webkit2gtk3: BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined
Product: [Novell Products] SUSE Security Incidents Reporter: Carlos López <carlos.lopez>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Major    
Priority: P3 - Medium CC: gabriele.sonnu, mgorse, os.gnome.maintainers, smash_bz
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/313202/
Whiteboard:
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Carlos López 2021-10-22 06:45:17 UTC
CVE-2021-42762

BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allows a
limited sandbox bypass that allows a sandboxed process to trick host processes
into thinking the sandboxed process is not confined by the sandbox, by abusing
VFS syscalls that manipulate its filesystem namespace. The impact is limited to
host services that create UNIX sockets that WebKit mounts inside its sandbox,
and the sandboxed process remains otherwise confined. NOTE: this is similar to
CVE-2021-41133.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42762
https://github.com/flatpak/flatpak/security/advisories/GHSA-67h7-w3jq-vh4q
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42762
https://bugs.webkit.org/show_bug.cgi?id=231479
Comment 1 Carlos López 2021-10-22 06:48:35 UTC
Affected code streams:
 - SUSE:SLE-12-SP2:Update
 - SUSE:SLE-15:Update      
 - SUSE:SLE-15-SP2:Update

Upstream patch:
https://bugs.webkit.org/attachment.cgi?id=440804&action=diff
Comment 3 Swamp Workflow Management 2021-11-03 17:24:12 UTC
SUSE-SU-2021:3603-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1191937
CVE References: CVE-2021-42762
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (src):    webkit2gtk3-2.32.4-15.1
SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (src):    webkit2gtk3-2.32.4-15.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    webkit2gtk3-2.32.4-15.1
SUSE Linux Enterprise Module for Basesystem 15-SP2 (src):    webkit2gtk3-2.32.4-15.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 4 Swamp Workflow Management 2021-11-03 17:25:23 UTC
openSUSE-SU-2021:3603-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1191937
CVE References: CVE-2021-42762
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    webkit2gtk3-2.32.4-15.1
Comment 5 Swamp Workflow Management 2021-11-06 05:19:23 UTC
openSUSE-SU-2021:1454-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1191937
CVE References: CVE-2021-42762
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    webkit2gtk3-2.32.4-lp152.2.22.1
Comment 9 Swamp Workflow Management 2021-11-23 20:25:38 UTC
SUSE-SU-2021:3768-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1191937
CVE References: CVE-2021-42762
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    webkit2gtk3-2.32.4-2.74.5
SUSE OpenStack Cloud Crowbar 8 (src):    webkit2gtk3-2.32.4-2.74.5
SUSE OpenStack Cloud 9 (src):    webkit2gtk3-2.32.4-2.74.5
SUSE OpenStack Cloud 8 (src):    webkit2gtk3-2.32.4-2.74.5
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    webkit2gtk3-2.32.4-2.74.5
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    webkit2gtk3-2.32.4-2.74.5
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    webkit2gtk3-2.32.4-2.74.5
SUSE Linux Enterprise Server 12-SP5 (src):    webkit2gtk3-2.32.4-2.74.5
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    webkit2gtk3-2.32.4-2.74.5
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    webkit2gtk3-2.32.4-2.74.5
SUSE Linux Enterprise Server 12-SP3-BCL (src):    webkit2gtk3-2.32.4-2.74.5
SUSE Linux Enterprise Server 12-SP2-BCL (src):    webkit2gtk3-2.32.4-2.74.5
HPE Helion Openstack 8 (src):    webkit2gtk3-2.32.4-2.74.5

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 10 Swamp Workflow Management 2021-11-23 20:27:07 UTC
SUSE-SU-2021:3769-1: An update that fixes three vulnerabilities is now available.

Category: security (important)
Bug References: 1191937,1192063
CVE References: CVE-2021-30846,CVE-2021-30851,CVE-2021-42762
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    webkit2gtk3-2.34.1-3.87.1
SUSE Linux Enterprise Server for SAP 15 (src):    webkit2gtk3-2.34.1-3.87.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    webkit2gtk3-2.34.1-3.87.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    webkit2gtk3-2.34.1-3.87.1
SUSE Linux Enterprise Server 15-LTSS (src):    webkit2gtk3-2.34.1-3.87.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    webkit2gtk3-2.34.1-3.87.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    webkit2gtk3-2.34.1-3.87.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    webkit2gtk3-2.34.1-3.87.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    webkit2gtk3-2.34.1-3.87.1
SUSE Enterprise Storage 6 (src):    webkit2gtk3-2.34.1-3.87.1
SUSE CaaS Platform 4.0 (src):    webkit2gtk3-2.34.1-3.87.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 16 Gabriele Sonnu 2022-04-11 08:12:32 UTC
Done.