Bug 1194019 - (CVE-2021-30890) VUL-0: CVE-2021-30890: webkit2gtk3: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0007
(CVE-2021-30890)
VUL-0: CVE-2021-30890: webkit2gtk3: WebKitGTK and WPE WebKit Security Advisor...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/308223/
CVSSv3.1:SUSE:CVE-2021-30809:8.8:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2021-12-22 16:16 UTC by Gabriele Sonnu
Modified: 2022-03-23 13:22 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Gabriele Sonnu 2021-12-22 16:16:56 UTC
Several vulnerabilities were discovered in WebKitGTK and WPE WebKit.

CVE-2021-30809
    Versions affected: WebKitGTK and WPE WebKit before 2.32.4.
    Credit to an anonymous researcher.
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: A use after free issue was
    addressed with improved memory management.

CVE-2021-30818
    Versions affected: WebKitGTK and WPE WebKit before 2.34.0.
    Credit to Amar Menezes (@amarekano) of Zon8Research.
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: A type confusion issue was
    addressed with improved state handling.

CVE-2021-30823
    Versions affected: WebKitGTK and WPE WebKit before 2.34.0.
    Credit to David Gullasch of Recurity Labs.
    Impact: An attacker in a privileged network position may be able to
    bypass HSTS. Description: A logic issue was addressed with improved
    restrictions.

CVE-2021-30836
    Versions affected: WebKitGTK and WPE WebKit before 2.32.4.
    Credit to Peter Nguyen Vu Hoang of STAR Labs.
    Impact: Processing a maliciously crafted audio file may disclose
    restricted memory. Description: An out-of-bounds read was addressed
    with improved input validation.

CVE-2021-30884
    Versions affected: WebKitGTK and WPE WebKit before 2.34.0.
    Credit to an anonymous researcher.
    Impact: Visiting a maliciously crafted website may reveal a user's
    browsing history. Description: The issue was resolved with
    additional restrictions on CSS compositing.

CVE-2021-30887
    Versions affected: WebKitGTK and WPE WebKit before 2.34.3.
    Credit to Narendra Bhati (@imnarendrabhati) of Suma Soft Pvt. Ltd.
    Impact: Processing maliciously crafted web content may lead to
    unexpectedly unenforced Content Security Policy. Description: A
    logic issue was addressed with improved restrictions.

CVE-2021-30888
    Versions affected: WebKitGTK and WPE WebKit before 2.34.0.
    Credit to Prakash (@1lastBr3ath).
    Impact: A malicious website using Content Security Policy reports
    may be able to leak information via redirect behavior. Description:
    An information leakage issue was addressed.

CVE-2021-30889
    Versions affected: WebKitGTK and WPE WebKit before 2.34.0.
    Credit to Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher
    lab.
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution, Description: A buffer overflow issue was
    addressed with improved memory handling.

CVE-2021-30890
    Versions affected: WebKitGTK and WPE WebKit before 2.34.3.
    Credit to an anonymous researcher.
    Impact: Processing maliciously crafted web content may lead to
    universal cross site scripting. Description: A logic issue was
    addressed with improved state management.

CVE-2021-30897
    Versions affected: WebKitGTK and WPE WebKit before 2.34.0.
    Credit to an anonymous researcher.
    Impact: A malicious website may exfiltrate data cross-origin.
    Description: An issue existed in the specification for the resource
    timing API. The specification was updated and the updated
    specification was implemented.


We recommend updating to the latest stable versions of WebKitGTK and WPE
WebKit. It is the best way to ensure that you are running safe versions
of WebKit. Please check our websites for information about the latest
stable releases.

References:
https://webkitgtk.org/security/WSA-2021-0007.html
https://www.openwall.com/lists/oss-security/2021/12/20/6

References:
https://bugzilla.redhat.com/show_bug.cgi?id=2034368
https://bugzilla.redhat.com/show_bug.cgi?id=2034386
https://bugzilla.redhat.com/show_bug.cgi?id=2034378
https://bugzilla.redhat.com/show_bug.cgi?id=2034347
https://bugzilla.redhat.com/show_bug.cgi?id=2034373
https://bugzilla.redhat.com/show_bug.cgi?id=2034383
https://bugzilla.redhat.com/show_bug.cgi?id=2034389
https://bugzilla.redhat.com/show_bug.cgi?id=2034376
https://bugzilla.redhat.com/show_bug.cgi?id=2034381
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30897
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30884
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30809
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30823
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30836
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30889
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30888
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30890
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30818
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30887
http://seclists.org/oss-sec/2021/q4/174
http://www.openwall.com/lists/oss-security/2021/12/20/6
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30897
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30890
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30889
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30888
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30887
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30884
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30836
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30823
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30818
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30809
https://support.apple.com/en-us/HT212816
https://support.apple.com/kb/HT212953
https://support.apple.com/en-us/HT212876
https://support.apple.com/kb/HT212869
https://support.apple.com/en-us/HT212814
https://support.apple.com/en-us/HT212819
https://support.apple.com/en-us/HT212868
https://support.apple.com/en-us/HT212867
https://support.apple.com/en-us/HT212874
https://support.apple.com/en-us/HT212869
https://support.apple.com/en-us/HT212807
https://support.apple.com/kb/HT212816
https://support.apple.com/en-us/HT212815
Comment 1 Gabriele Sonnu 2021-12-22 16:19:22 UTC
Affected packages:

 - SUSE:SLE-12-SP2:Update/webkit2gtk3  2.34.1
 - SUSE:SLE-15-SP2:Update/webkit2gtk3  2.34.1
 - SUSE:SLE-15:Update/webkit2gtk3      2.34.1
 - openSUSE:Factory/webkit2gtk3        2.34.2

Please update them to 2.34.3
Comment 8 Swamp Workflow Management 2022-01-20 17:31:19 UTC
SUSE-SU-2022:0142-1: An update that fixes 72 vulnerabilities is now available.

Category: security (important)
Bug References: 1194019
CVE References: CVE-2018-8518,CVE-2018-8523,CVE-2019-8551,CVE-2019-8558,CVE-2019-8559,CVE-2019-8563,CVE-2019-8674,CVE-2019-8681,CVE-2019-8684,CVE-2019-8687,CVE-2019-8688,CVE-2019-8689,CVE-2019-8690,CVE-2019-8707,CVE-2019-8719,CVE-2019-8726,CVE-2019-8733,CVE-2019-8763,CVE-2019-8765,CVE-2019-8766,CVE-2019-8768,CVE-2019-8782,CVE-2019-8808,CVE-2019-8815,CVE-2019-8821,CVE-2019-8822,CVE-2020-10018,CVE-2020-13753,CVE-2020-27918,CVE-2020-29623,CVE-2020-3885,CVE-2020-3894,CVE-2020-3895,CVE-2020-3897,CVE-2020-3900,CVE-2020-3901,CVE-2020-3902,CVE-2020-9802,CVE-2020-9803,CVE-2020-9805,CVE-2020-9947,CVE-2020-9948,CVE-2020-9951,CVE-2020-9952,CVE-2021-1765,CVE-2021-1788,CVE-2021-1817,CVE-2021-1820,CVE-2021-1825,CVE-2021-1826,CVE-2021-1844,CVE-2021-1871,CVE-2021-30661,CVE-2021-30666,CVE-2021-30682,CVE-2021-30761,CVE-2021-30762,CVE-2021-30809,CVE-2021-30818,CVE-2021-30823,CVE-2021-30836,CVE-2021-30846,CVE-2021-30848,CVE-2021-30849,CVE-2021-30851,CVE-2021-30858,CVE-2021-30884,CVE-2021-30887,CVE-2021-30888,CVE-2021-30889,CVE-2021-30890,CVE-2021-30897
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    webkit2gtk3-2.34.3-2.82.1
SUSE OpenStack Cloud Crowbar 8 (src):    webkit2gtk3-2.34.3-2.82.1
SUSE OpenStack Cloud 9 (src):    webkit2gtk3-2.34.3-2.82.1
SUSE OpenStack Cloud 8 (src):    webkit2gtk3-2.34.3-2.82.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    webkit2gtk3-2.34.3-2.82.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    webkit2gtk3-2.34.3-2.82.1
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    webkit2gtk3-2.34.3-2.82.1
SUSE Linux Enterprise Server 12-SP5 (src):    webkit2gtk3-2.34.3-2.82.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    webkit2gtk3-2.34.3-2.82.1
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    webkit2gtk3-2.34.3-2.82.1
SUSE Linux Enterprise Server 12-SP3-BCL (src):    webkit2gtk3-2.34.3-2.82.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    webkit2gtk3-2.34.3-2.82.1
HPE Helion Openstack 8 (src):    webkit2gtk3-2.34.3-2.82.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 9 Swamp Workflow Management 2022-01-25 20:23:00 UTC
SUSE-SU-2022:0182-1: An update that fixes 43 vulnerabilities is now available.

Category: security (important)
Bug References: 1194019
CVE References: CVE-2019-8766,CVE-2019-8782,CVE-2019-8808,CVE-2019-8815,CVE-2020-13753,CVE-2020-27918,CVE-2020-29623,CVE-2020-3902,CVE-2020-9802,CVE-2020-9803,CVE-2020-9805,CVE-2020-9947,CVE-2020-9948,CVE-2020-9951,CVE-2020-9952,CVE-2021-1765,CVE-2021-1788,CVE-2021-1817,CVE-2021-1820,CVE-2021-1825,CVE-2021-1826,CVE-2021-1844,CVE-2021-1871,CVE-2021-30661,CVE-2021-30666,CVE-2021-30682,CVE-2021-30761,CVE-2021-30762,CVE-2021-30809,CVE-2021-30818,CVE-2021-30823,CVE-2021-30836,CVE-2021-30846,CVE-2021-30848,CVE-2021-30849,CVE-2021-30851,CVE-2021-30858,CVE-2021-30884,CVE-2021-30887,CVE-2021-30888,CVE-2021-30889,CVE-2021-30890,CVE-2021-30897
JIRA References: 
Sources used:
SUSE Manager Server 4.1 (src):    webkit2gtk3-2.34.3-23.3
SUSE Manager Retail Branch Server 4.1 (src):    webkit2gtk3-2.34.3-23.3
SUSE Manager Proxy 4.1 (src):    webkit2gtk3-2.34.3-23.3
SUSE Linux Enterprise Server for SAP 15-SP2 (src):    webkit2gtk3-2.34.3-23.3
SUSE Linux Enterprise Server 15-SP2-LTSS (src):    webkit2gtk3-2.34.3-23.3
SUSE Linux Enterprise Server 15-SP2-BCL (src):    webkit2gtk3-2.34.3-23.3
SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (src):    webkit2gtk3-2.34.3-23.3
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    webkit2gtk3-2.34.3-23.3
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src):    webkit2gtk3-2.34.3-23.3
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src):    webkit2gtk3-2.34.3-23.3
SUSE Enterprise Storage 7 (src):    webkit2gtk3-2.34.3-23.3

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 10 Swamp Workflow Management 2022-01-25 20:26:36 UTC
SUSE-SU-2022:0183-1: An update that fixes 53 vulnerabilities is now available.

Category: security (important)
Bug References: 1194019
CVE References: CVE-2018-8518,CVE-2018-8523,CVE-2019-8766,CVE-2019-8768,CVE-2019-8782,CVE-2019-8808,CVE-2019-8815,CVE-2020-10018,CVE-2020-13753,CVE-2020-27918,CVE-2020-29623,CVE-2020-3885,CVE-2020-3894,CVE-2020-3895,CVE-2020-3897,CVE-2020-3900,CVE-2020-3901,CVE-2020-3902,CVE-2020-9802,CVE-2020-9803,CVE-2020-9805,CVE-2020-9947,CVE-2020-9948,CVE-2020-9951,CVE-2020-9952,CVE-2021-1765,CVE-2021-1788,CVE-2021-1817,CVE-2021-1820,CVE-2021-1825,CVE-2021-1826,CVE-2021-1844,CVE-2021-1871,CVE-2021-30661,CVE-2021-30666,CVE-2021-30682,CVE-2021-30761,CVE-2021-30762,CVE-2021-30809,CVE-2021-30818,CVE-2021-30823,CVE-2021-30836,CVE-2021-30846,CVE-2021-30848,CVE-2021-30849,CVE-2021-30851,CVE-2021-30858,CVE-2021-30884,CVE-2021-30887,CVE-2021-30888,CVE-2021-30889,CVE-2021-30890,CVE-2021-30897
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    webkit2gtk3-2.34.3-3.92.1
SUSE Linux Enterprise Server for SAP 15 (src):    webkit2gtk3-2.34.3-3.92.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    webkit2gtk3-2.34.3-3.92.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    webkit2gtk3-2.34.3-3.92.1
SUSE Linux Enterprise Server 15-LTSS (src):    webkit2gtk3-2.34.3-3.92.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    webkit2gtk3-2.34.3-3.92.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    webkit2gtk3-2.34.3-3.92.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    webkit2gtk3-2.34.3-3.92.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    webkit2gtk3-2.34.3-3.92.1
SUSE Enterprise Storage 6 (src):    webkit2gtk3-2.34.3-3.92.1
SUSE CaaS Platform 4.0 (src):    webkit2gtk3-2.34.3-3.92.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 11 Swamp Workflow Management 2022-01-25 20:35:44 UTC
openSUSE-SU-2022:0182-1: An update that fixes 43 vulnerabilities is now available.

Category: security (important)
Bug References: 1194019
CVE References: CVE-2019-8766,CVE-2019-8782,CVE-2019-8808,CVE-2019-8815,CVE-2020-13753,CVE-2020-27918,CVE-2020-29623,CVE-2020-3902,CVE-2020-9802,CVE-2020-9803,CVE-2020-9805,CVE-2020-9947,CVE-2020-9948,CVE-2020-9951,CVE-2020-9952,CVE-2021-1765,CVE-2021-1788,CVE-2021-1817,CVE-2021-1820,CVE-2021-1825,CVE-2021-1826,CVE-2021-1844,CVE-2021-1871,CVE-2021-30661,CVE-2021-30666,CVE-2021-30682,CVE-2021-30761,CVE-2021-30762,CVE-2021-30809,CVE-2021-30818,CVE-2021-30823,CVE-2021-30836,CVE-2021-30846,CVE-2021-30848,CVE-2021-30849,CVE-2021-30851,CVE-2021-30858,CVE-2021-30884,CVE-2021-30887,CVE-2021-30888,CVE-2021-30889,CVE-2021-30890,CVE-2021-30897
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    webkit2gtk3-2.34.3-23.3
Comment 12 Swamp Workflow Management 2022-02-17 11:19:22 UTC
SUSE-SU-2022:0182-2: An update that fixes 43 vulnerabilities is now available.

Category: security (important)
Bug References: 1194019
CVE References: CVE-2019-8766,CVE-2019-8782,CVE-2019-8808,CVE-2019-8815,CVE-2020-13753,CVE-2020-27918,CVE-2020-29623,CVE-2020-3902,CVE-2020-9802,CVE-2020-9803,CVE-2020-9805,CVE-2020-9947,CVE-2020-9948,CVE-2020-9951,CVE-2020-9952,CVE-2021-1765,CVE-2021-1788,CVE-2021-1817,CVE-2021-1820,CVE-2021-1825,CVE-2021-1826,CVE-2021-1844,CVE-2021-1871,CVE-2021-30661,CVE-2021-30666,CVE-2021-30682,CVE-2021-30761,CVE-2021-30762,CVE-2021-30809,CVE-2021-30818,CVE-2021-30823,CVE-2021-30836,CVE-2021-30846,CVE-2021-30848,CVE-2021-30849,CVE-2021-30851,CVE-2021-30858,CVE-2021-30884,CVE-2021-30887,CVE-2021-30888,CVE-2021-30889,CVE-2021-30890,CVE-2021-30897
JIRA References: 
Sources used:
SUSE Linux Enterprise Realtime Extension 15-SP2 (src):    webkit2gtk3-2.34.3-23.3

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 13 Swamp Workflow Management 2022-02-17 11:28:17 UTC
openSUSE-SU-2022:0182-2: An update that fixes 43 vulnerabilities is now available.

Category: security (important)
Bug References: 1194019
CVE References: CVE-2019-8766,CVE-2019-8782,CVE-2019-8808,CVE-2019-8815,CVE-2020-13753,CVE-2020-27918,CVE-2020-29623,CVE-2020-3902,CVE-2020-9802,CVE-2020-9803,CVE-2020-9805,CVE-2020-9947,CVE-2020-9948,CVE-2020-9951,CVE-2020-9952,CVE-2021-1765,CVE-2021-1788,CVE-2021-1817,CVE-2021-1820,CVE-2021-1825,CVE-2021-1826,CVE-2021-1844,CVE-2021-1871,CVE-2021-30661,CVE-2021-30666,CVE-2021-30682,CVE-2021-30761,CVE-2021-30762,CVE-2021-30809,CVE-2021-30818,CVE-2021-30823,CVE-2021-30836,CVE-2021-30846,CVE-2021-30848,CVE-2021-30849,CVE-2021-30851,CVE-2021-30858,CVE-2021-30884,CVE-2021-30887,CVE-2021-30888,CVE-2021-30889,CVE-2021-30890,CVE-2021-30897
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    webkit2gtk3-2.34.3-23.3
Comment 14 Marcus Meissner 2022-03-23 13:22:57 UTC
DONE