Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.3161 webkit2gtk and wpewebkit security update 22 September 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: webkit2gtk wpewebkit Publisher: Debian Operating System: Debian GNU/Linux Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2021-30858 Reference: ESB-2021.3103 ESB-2021.3101.2 ESB-2021.3099.2 Original Bulletin: http://www.debian.org/security/2021/dsa-4975 http://www.debian.org/security/2021/dsa-4976 Comment: This bulletin contains two (2) Debian security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-4975-1 security@debian.org https://www.debian.org/security/ Alberto Garcia September 20, 2021 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : webkit2gtk CVE ID : CVE-2021-30858 The following vulnerabilities have been discovered in the webkit2gtk web engine: CVE-2021-30858 An anonymous researcher discovered that processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. For the oldstable distribution (buster), this problem has been fixed in version 2.32.4-1~deb10u1. For the stable distribution (bullseye), this problem has been fixed in version 2.32.4-1~deb11u1. We recommend that you upgrade your webkit2gtk packages. For the detailed security status of webkit2gtk please refer to its security tracker page at: https://security-tracker.debian.org/tracker/webkit2gtk Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEYrwugQBKzlHMYFizAAyEYu0C2AIFAmFJsGUACgkQAAyEYu0C 2AKdlhAAmjU/MW2ccBDZJfb51uQss5NzI2n+WDs7Q42f/0+BQ9MOTmOLX5nYl1qj GsKV3XwNV3aXt2ipZTTFiSkyKczK2zOfb6XkfB1ZccBG5A3QB8BK5ZCM/LF0b4Uf GNa79nzIgbyeMRJzChjujuC/7QcRIa/k5Ib0oRdxWIsGdFheCT4GZrUq5sRs3k3c 3VWbCFtR5/GxV0C34d5uA9UeCwYup4yQNzp612OAGYGZm2EtLU5ToM12j6TJ7eIF Zv70ZDLueq30DPgC3Dvvqzuj/CG1grOKu6zU6m3oaRllL/Unxn7BRT0UpkVvlBG/ QPq+0k+Z6oMnIWrbJy46eaDiG+kB99uChtfDKUYzV4Mf4EtSPwdNbWJcOffyuBrX wqUhqnAAJWhK/2lXMbTOKxo/+TyLGGgR3E2tfqHOW0IN6jLgDRWpI8wNE8o+uyFN YQlTjTyFn2MyuSDGh9uHSkYGJ1JQn+qXuBuHTx22YfIx2zWpxgpjHJyKK6aPfAzq Dy8PMU1hSCMdvPsVt2htMqAPowzMR09PnrfI1y8zHraTB1CPFoM6+hXzdTNOh6LF /JMbj/rXbKEgNYEkgUDn2TW5IX1ik5D5aKwdPJ9XtE0CCgodCz5VW+xJfL8dFfjq YaKk+Mn3kidbj//Yrwa1KDvUmADPN89/OJl/bOFEWVJSDXRz/UA= =l/B8 - -----END PGP SIGNATURE----- - -------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-4976-1 security@debian.org https://www.debian.org/security/ Alberto Garcia September 20, 2021 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : wpewebkit CVE ID : CVE-2021-30858 The following vulnerabilities have been discovered in the webkit2gtk web engine: CVE-2021-30858 An anonymous researcher discovered that processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. For the stable distribution (bullseye), this problem has been fixed in version 2.32.4-1~deb11u1. We recommend that you upgrade your wpewebkit packages. For the detailed security status of wpewebkit please refer to its security tracker page at: https://security-tracker.debian.org/tracker/wpewebkit Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEYrwugQBKzlHMYFizAAyEYu0C2AIFAmFJsE8ACgkQAAyEYu0C 2AKV0g//RZZv0o8nec9Qa8kbs6DToqRpxq1+ml5ULyPzBHr0GvFGMv0CgGnySv5E tzZV3GIxVV913yL0CiAxG1wP2yEpAcnCjcFPbaug5TIdDwDH3ysz2RBy+3vWnFAF 4Y/l60p2VAAwcD7wezGL2mh0AgscD6PAumST1oFr3eS+1JKzkf9qszukZsTbUaTx +iYLepFyAsPz+TXWtzIm25sP9qXdOhBI/Wpj7mpPB2mzvRyFYB0al8p6JMJdTS4M zN5tgZdpcUnpB4kp4j2bHxmcYOV18qrBLXG6OGIkse/WZwqQus5/Kui4AlDYfd/M iq3RK6CTJp5jcMQHwWl/YSnMR7Id1cVBB1kWqlZ9eI4uEIYtxcwSp6bwmj6A7cEk Ac3GQUKgf58kDuOiUC8G/gVENHMxDg5WM6VqadzyTlLAvIxdbkGizpbzF+3vICmS 7nBQQbOLzJonwyWVHtmSw2Gj6GbxGpkkTcVRBD5OxQO5haVjOeUR7+R2qOLep92N JvEpr9ubxwBpevBgFAczZnmduF7t7P8FYYBKgGiZJ6rq8g/dk7qgOE5x3qAz4h0j /L/GfgYVIuIsaFLjRcEZ3PXvzsXQ2TThkNUMGFuZhKyRkpj1QcvoZd4aYPMFK2sd q9zj9mbQBk3v1//sd8ZgAN/hDma8XoA3Uo30vI+MQkcRPZIHIyI= =83R+ - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYUpogeNLKJtyKPYoAQgbDg/8Ce/88jSyMfZA0kz/kBNWzOfOlsui6Zvu +ipHWwFqqGiHr9BwM1LiRDRJXwdRUQHia7n3rZ0nEREUcIcchsipm6m728fphbeJ GmJIW+CWPQN6mVO+yQ8ulspiJ6Zaf+WvRNfuhfrsnOpBgdENIvPXsVaLlqeSiLlI Ov+NpZezsqmm81o4xCmjP5Wa9ck4Hg3cttAYhqmE+1Ma2gcIXCApvv7vjQkMQZCH KD5n8RVGNCFE6yeNvmQYOfWySsqCvzkXhQsaJP3ArjVjQ3Ifpt7hwDtaXd0ThtRN kDKB42C+m7+aHOxpXQmllfrt4eij5O+e9OtrqQ5yEMlGrtOcfOrTow+aUtVqYtr1 tGS2n7oLWdWOGhwjNBf93n3bNjNCkUh/gDkW1hniCEQJHH4FeYQfGGLjQ6jEKaJN bHnLZKndC9IK8ldxT29+4MFW1bcM5fTV3JvnBGbJXh+CXqIQrDoMLvb43fLxoOE6 Jp9pq+UeC6E/brQGM0VHuKJQe2MZ3TAg/X/M/QYByn2ak8b/G5W08MwXdPOEuhTH jmp2MW/lVPiBXeIbfCHuv2fWyGDqefO8vZ4Xw6fBdv2+MuzWlwIFwMa6kacDcv0L pko0wRw40LM7VdPonS66QLRBZi549hbdTLdN8FIE23gLrYrXkZQeK4IUj+JryFPX xRhNi85DbdM= =Ovej -----END PGP SIGNATURE-----