Bugzilla – Bug 1192063
VUL-0: webkit2gtk3: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006
Last modified: 2022-04-11 07:48:57 UTC
------------------------------------------------------------------------ WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006 ------------------------------------------------------------------------ Date reported : October 26, 2021 Advisory ID : WSA-2021-0006 WebKitGTK Advisory URL : https://webkitgtk.org/security/WSA-2021-0006.html WPE WebKit Advisory URL : https://wpewebkit.org/security/WSA-2021-0006.html CVE identifiers : CVE-2021-30846, CVE-2021-30848, CVE-2021-30849, CVE-2021-30851. Several vulnerabilities were discovered in WebKitGTK and WPE WebKit. CVE-2021-30846 Versions affected: WebKitGTK and WPE WebKit before 2.34.0. Credit to Sergei Glazunov of Google Project Zero. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: A memory corruption issue was addressed with improved memory handling. CVE-2021-30848 Versions affected: WebKitGTK and WPE WebKit before 2.32.4. Credit to Sergei Glazunov of Google Project Zero. Impact: Processing maliciously crafted web content may lead to code execution. Description: A memory corruption issue was addressed with improved memory handling. CVE-2021-30849 Versions affected: WebKitGTK and WPE WebKit before 2.32.4. Credit to Sergei Glazunov of Google Project Zero. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2021-30851 Versions affected: WebKitGTK and WPE WebKit before 2.34.0. Credit to Samuel Groß of Google Project Zero. Impact: Processing maliciously crafted web content may lead to code execution. Description: A memory corruption vulnerability was addressed with improved locking. We recommend updating to the latest stable versions of WebKitGTK and WPE WebKit. It is the best way to ensure that you are running safe versions of WebKit. Please check our websites for information about the latest stable releases. Further information about WebKitGTK and WPE WebKit security advisories can be found at: https://webkitgtk.org/security.html or https://wpewebkit.org/security/. The WebKitGTK and WPE WebKit team, October 26, 2021
The advisory also lists CVE-2021-42762 (bnc#1191937) and CVE-2021-30858 (bnc#1190701), for which we already have opened bugs.
CVE-2021-30851 seems to be rejected. It should not matter for the version bump, though.
CVE-2021-30851 got re-populated [0] and now reads as "A memory corruption vulnerability was addressed with improved locking. This issue is fixed in Safari 15, tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing maliciously crafted web content may lead to code execution." [0] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30851
SUSE-SU-2021:3769-1: An update that fixes three vulnerabilities is now available. Category: security (important) Bug References: 1191937,1192063 CVE References: CVE-2021-30846,CVE-2021-30851,CVE-2021-42762 JIRA References: Sources used: SUSE Linux Enterprise Server for SAP 15-SP1 (src): webkit2gtk3-2.34.1-3.87.1 SUSE Linux Enterprise Server for SAP 15 (src): webkit2gtk3-2.34.1-3.87.1 SUSE Linux Enterprise Server 15-SP1-LTSS (src): webkit2gtk3-2.34.1-3.87.1 SUSE Linux Enterprise Server 15-SP1-BCL (src): webkit2gtk3-2.34.1-3.87.1 SUSE Linux Enterprise Server 15-LTSS (src): webkit2gtk3-2.34.1-3.87.1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src): webkit2gtk3-2.34.1-3.87.1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src): webkit2gtk3-2.34.1-3.87.1 SUSE Linux Enterprise High Performance Computing 15-LTSS (src): webkit2gtk3-2.34.1-3.87.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): webkit2gtk3-2.34.1-3.87.1 SUSE Enterprise Storage 6 (src): webkit2gtk3-2.34.1-3.87.1 SUSE CaaS Platform 4.0 (src): webkit2gtk3-2.34.1-3.87.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:3861-1: An update that fixes two vulnerabilities is now available. Category: security (important) Bug References: 1192063 CVE References: CVE-2021-30846,CVE-2021-30851 JIRA References: Sources used: SUSE OpenStack Cloud Crowbar 9 (src): webkit2gtk3-2.34.1-2.77.1 SUSE OpenStack Cloud Crowbar 8 (src): webkit2gtk3-2.34.1-2.77.1 SUSE OpenStack Cloud 9 (src): webkit2gtk3-2.34.1-2.77.1 SUSE OpenStack Cloud 8 (src): webkit2gtk3-2.34.1-2.77.1 SUSE Linux Enterprise Software Development Kit 12-SP5 (src): webkit2gtk3-2.34.1-2.77.1 SUSE Linux Enterprise Server for SAP 12-SP4 (src): webkit2gtk3-2.34.1-2.77.1 SUSE Linux Enterprise Server for SAP 12-SP3 (src): webkit2gtk3-2.34.1-2.77.1 SUSE Linux Enterprise Server 12-SP5 (src): webkit2gtk3-2.34.1-2.77.1 SUSE Linux Enterprise Server 12-SP4-LTSS (src): webkit2gtk3-2.34.1-2.77.1 SUSE Linux Enterprise Server 12-SP3-LTSS (src): webkit2gtk3-2.34.1-2.77.1 SUSE Linux Enterprise Server 12-SP3-BCL (src): webkit2gtk3-2.34.1-2.77.1 SUSE Linux Enterprise Server 12-SP2-BCL (src): webkit2gtk3-2.34.1-2.77.1 HPE Helion Openstack 8 (src): webkit2gtk3-2.34.1-2.77.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2021:3874-1: An update that fixes two vulnerabilities is now available. Category: security (important) Bug References: 1192063 CVE References: CVE-2021-30846,CVE-2021-30851 JIRA References: Sources used: openSUSE Leap 15.3 (src): webkit2gtk3-2.34.1-18.1
SUSE-SU-2021:3874-1: An update that fixes two vulnerabilities is now available. Category: security (important) Bug References: 1192063 CVE References: CVE-2021-30846,CVE-2021-30851 JIRA References: Sources used: SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (src): webkit2gtk3-2.34.1-18.1 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (src): webkit2gtk3-2.34.1-18.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 (src): webkit2gtk3-2.34.1-18.1 SUSE Linux Enterprise Module for Basesystem 15-SP2 (src): webkit2gtk3-2.34.1-18.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2021:1557-1: An update that fixes two vulnerabilities is now available. Category: security (important) Bug References: 1192063 CVE References: CVE-2021-30846,CVE-2021-30851 JIRA References: Sources used: openSUSE Leap 15.2 (src): webkit2gtk3-2.34.1-lp152.2.25.3
Done.