Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.3161
webkit2gtk and wpewebkit security update
22 September 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: webkit2gtk
wpewebkit
Publisher: Debian
Operating System: Debian GNU/Linux
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2021-30858
Reference: ESB-2021.3103
ESB-2021.3101.2
ESB-2021.3099.2
Original Bulletin:
http://www.debian.org/security/2021/dsa-4975
http://www.debian.org/security/2021/dsa-4976
Comment: This bulletin contains two (2) Debian security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- - -------------------------------------------------------------------------
Debian Security Advisory DSA-4975-1 security@debian.org
https://www.debian.org/security/ Alberto Garcia
September 20, 2021 https://www.debian.org/security/faq
- - -------------------------------------------------------------------------
Package : webkit2gtk
CVE ID : CVE-2021-30858
The following vulnerabilities have been discovered in the webkit2gtk
web engine:
CVE-2021-30858
An anonymous researcher discovered that processing maliciously
crafted web content may lead to arbitrary code execution. Apple is
aware of a report that this issue may have been actively
exploited.
For the oldstable distribution (buster), this problem has been fixed
in version 2.32.4-1~deb10u1.
For the stable distribution (bullseye), this problem has been fixed in
version 2.32.4-1~deb11u1.
We recommend that you upgrade your webkit2gtk packages.
For the detailed security status of webkit2gtk please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/webkit2gtk
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEYrwugQBKzlHMYFizAAyEYu0C2AIFAmFJsGUACgkQAAyEYu0C
2AKdlhAAmjU/MW2ccBDZJfb51uQss5NzI2n+WDs7Q42f/0+BQ9MOTmOLX5nYl1qj
GsKV3XwNV3aXt2ipZTTFiSkyKczK2zOfb6XkfB1ZccBG5A3QB8BK5ZCM/LF0b4Uf
GNa79nzIgbyeMRJzChjujuC/7QcRIa/k5Ib0oRdxWIsGdFheCT4GZrUq5sRs3k3c
3VWbCFtR5/GxV0C34d5uA9UeCwYup4yQNzp612OAGYGZm2EtLU5ToM12j6TJ7eIF
Zv70ZDLueq30DPgC3Dvvqzuj/CG1grOKu6zU6m3oaRllL/Unxn7BRT0UpkVvlBG/
QPq+0k+Z6oMnIWrbJy46eaDiG+kB99uChtfDKUYzV4Mf4EtSPwdNbWJcOffyuBrX
wqUhqnAAJWhK/2lXMbTOKxo/+TyLGGgR3E2tfqHOW0IN6jLgDRWpI8wNE8o+uyFN
YQlTjTyFn2MyuSDGh9uHSkYGJ1JQn+qXuBuHTx22YfIx2zWpxgpjHJyKK6aPfAzq
Dy8PMU1hSCMdvPsVt2htMqAPowzMR09PnrfI1y8zHraTB1CPFoM6+hXzdTNOh6LF
/JMbj/rXbKEgNYEkgUDn2TW5IX1ik5D5aKwdPJ9XtE0CCgodCz5VW+xJfL8dFfjq
YaKk+Mn3kidbj//Yrwa1KDvUmADPN89/OJl/bOFEWVJSDXRz/UA=
=l/B8
- -----END PGP SIGNATURE-----
- --------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- - -------------------------------------------------------------------------
Debian Security Advisory DSA-4976-1 security@debian.org
https://www.debian.org/security/ Alberto Garcia
September 20, 2021 https://www.debian.org/security/faq
- - -------------------------------------------------------------------------
Package : wpewebkit
CVE ID : CVE-2021-30858
The following vulnerabilities have been discovered in the webkit2gtk
web engine:
CVE-2021-30858
An anonymous researcher discovered that processing maliciously
crafted web content may lead to arbitrary code execution. Apple is
aware of a report that this issue may have been actively
exploited.
For the stable distribution (bullseye), this problem has been fixed in
version 2.32.4-1~deb11u1.
We recommend that you upgrade your wpewebkit packages.
For the detailed security status of wpewebkit please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/wpewebkit
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEYrwugQBKzlHMYFizAAyEYu0C2AIFAmFJsE8ACgkQAAyEYu0C
2AKV0g//RZZv0o8nec9Qa8kbs6DToqRpxq1+ml5ULyPzBHr0GvFGMv0CgGnySv5E
tzZV3GIxVV913yL0CiAxG1wP2yEpAcnCjcFPbaug5TIdDwDH3ysz2RBy+3vWnFAF
4Y/l60p2VAAwcD7wezGL2mh0AgscD6PAumST1oFr3eS+1JKzkf9qszukZsTbUaTx
+iYLepFyAsPz+TXWtzIm25sP9qXdOhBI/Wpj7mpPB2mzvRyFYB0al8p6JMJdTS4M
zN5tgZdpcUnpB4kp4j2bHxmcYOV18qrBLXG6OGIkse/WZwqQus5/Kui4AlDYfd/M
iq3RK6CTJp5jcMQHwWl/YSnMR7Id1cVBB1kWqlZ9eI4uEIYtxcwSp6bwmj6A7cEk
Ac3GQUKgf58kDuOiUC8G/gVENHMxDg5WM6VqadzyTlLAvIxdbkGizpbzF+3vICmS
7nBQQbOLzJonwyWVHtmSw2Gj6GbxGpkkTcVRBD5OxQO5haVjOeUR7+R2qOLep92N
JvEpr9ubxwBpevBgFAczZnmduF7t7P8FYYBKgGiZJ6rq8g/dk7qgOE5x3qAz4h0j
/L/GfgYVIuIsaFLjRcEZ3PXvzsXQ2TThkNUMGFuZhKyRkpj1QcvoZd4aYPMFK2sd
q9zj9mbQBk3v1//sd8ZgAN/hDma8XoA3Uo30vI+MQkcRPZIHIyI=
=83R+
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYUpogeNLKJtyKPYoAQgbDg/8Ce/88jSyMfZA0kz/kBNWzOfOlsui6Zvu
+ipHWwFqqGiHr9BwM1LiRDRJXwdRUQHia7n3rZ0nEREUcIcchsipm6m728fphbeJ
GmJIW+CWPQN6mVO+yQ8ulspiJ6Zaf+WvRNfuhfrsnOpBgdENIvPXsVaLlqeSiLlI
Ov+NpZezsqmm81o4xCmjP5Wa9ck4Hg3cttAYhqmE+1Ma2gcIXCApvv7vjQkMQZCH
KD5n8RVGNCFE6yeNvmQYOfWySsqCvzkXhQsaJP3ArjVjQ3Ifpt7hwDtaXd0ThtRN
kDKB42C+m7+aHOxpXQmllfrt4eij5O+e9OtrqQ5yEMlGrtOcfOrTow+aUtVqYtr1
tGS2n7oLWdWOGhwjNBf93n3bNjNCkUh/gDkW1hniCEQJHH4FeYQfGGLjQ6jEKaJN
bHnLZKndC9IK8ldxT29+4MFW1bcM5fTV3JvnBGbJXh+CXqIQrDoMLvb43fLxoOE6
Jp9pq+UeC6E/brQGM0VHuKJQe2MZ3TAg/X/M/QYByn2ak8b/G5W08MwXdPOEuhTH
jmp2MW/lVPiBXeIbfCHuv2fWyGDqefO8vZ4Xw6fBdv2+MuzWlwIFwMa6kacDcv0L
pko0wRw40LM7VdPonS66QLRBZi549hbdTLdN8FIE23gLrYrXkZQeK4IUj+JryFPX
xRhNi85DbdM=
=Ovej
-----END PGP SIGNATURE-----