Published:
31 May 2021
Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.1846
webkit2gtk security update
31 May 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: webkit2gtk
Publisher: Debian
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Denial of Service -- Remote/Unauthenticated
Cross-site Scripting -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2021-1871 CVE-2021-1844 CVE-2021-1788
Reference: ESB-2021.1582
ESB-2021.1486
Original Bulletin:
http://www.debian.org/security/2021/dsa-4923
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- - -------------------------------------------------------------------------
Debian Security Advisory DSA-4923-1 security@debian.org
https://www.debian.org/security/ Alberto Garcia
May 30, 2021 https://www.debian.org/security/faq
- - -------------------------------------------------------------------------
Package : webkit2gtk
CVE ID : CVE-2021-1788 CVE-2021-1844 CVE-2021-1871
The following vulnerabilities have been discovered in the webkit2gtk
web engine:
CVE-2021-1788
Francisco Alonso discovered that processing maliciously crafted
web content may lead to arbitrary code execution.
CVE-2021-1844
Clement Lecigne and Alison Huffman discovered that processing
maliciously crafted web content may lead to arbitrary code
execution.
CVE-2021-1871
An anonymous researcher discovered that a remote attacker may be
able to cause arbitrary code execution.
For the stable distribution (buster), these problems have been fixed in
version 2.32.1-1~deb10u1.
We recommend that you upgrade your webkit2gtk packages.
For the detailed security status of webkit2gtk please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/webkit2gtk
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmCzs9QACgkQEMKTtsN8
TjZvEBAAvWMYeR9qQJIJnM82AkXjMqJpvayKaEKATKvXRql0niJkpGK/lPFvqM/v
rSLP1lt2pBpHrB/2uMj44xcOVN2L0ARsTF2YL/cg7Y51pL/ue8zeeCG23tE/8RyX
HOyZcXI253dpcweXoTbK5GteIw9mZKIs3gmtKcUGQjDSkYKtVQGNOcPBl0K5khLP
VVAv6M85ooZyiqIQEFx3uEOMf0/feoy618VHb9x0lILsyU2Vm9QBLn1sh11538or
XHJt5amHNiFb01W/ScvlAJof4PV8Nkh9KFzZIto3L3kkLvBXqXY0gnATfibz7Ksy
8Om+ktQde0R7oQSb8A/8vn/Frs5gsrpsUmOn98S4xoahAJKsO9isKTN8A442AQUM
jl/zBrIR1D+G1G8xXfcjvQ4zh1FZbMpVbj18j3QOTPz0kCWN4dg2Fcrn1PT0Sw+k
YLnTv7Hn3BVePPIufE0cqLNtR8DDjx5fXrr27r7KAUjWIlZxhYVxfrfdWEuuclFD
uUWlXijlv8EtA5ahphBaVaafbHttlsk0pIGqn3V4pkcs8BV04xGxK7xKeEP3vH0F
zQX7RLSo93UCj5RZtIClv5Le2y5NEU8+tbkTwL8jEy/KltFhmkMgXsPJHyv74GO8
oD4vFgSxCrYjfRU6Bwli6GbOhYMXNtgbBB4YRqbDKjt2vMjYDac=
=mTUC
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYLRB9uNLKJtyKPYoAQgwZg/+NIx3eZq76PGSZWU+dU+2mnko4SeS2kmH
ynoovqpCkm+pwiecF/aTE9JK710qcmdMBC+yM4iOXyYaiTHsv7G1CmLUOiXQPjof
cpSlNYpaJFZsJ9Lg4OFDLpxDeIaUnq0q9Pn3zgqh1m5DWpdLFYclYc/MDRzbvzaZ
JifwJuKT34KnFY/lMOEZMc9pj/EeSMsuyIJMtPo9XvJJvf8ezrB7wKwmvAUKzj6x
Iw+bpmUHDQfL4fUAYIw6+AEswiroLRW3/Ju1N2+/S05y4l8FXlnX2qnleMNMsL1J
PO8tkFDL+cQyrLpDbDT/McznekTyDzluwZtc/uVtzFgbnwy4XWjmln/oCq2FUaki
6OXmtPYR6/tT5CVasTuFvhFXJcCREh/GfnzEyFGwWMYyYiXCyEt/HqUKNQ+bB+BF
u8/dWJNSrvLuxooOh2oPmBVIuna7kWEHo9ZQRSicWwEZn0+Qzs9l9bf6z2ewMPe4
LZ8i+ksa+RMYI0yx16GqDRHV79KZn379/PdIiZmypv05pZ38zElUeM9oEjZBo72A
biFG7RZPoep0JK1/Kx+UyNJ0ZDO9nqK+A92Bhk+V71n/4bSxXvcK+oh8tysCiJYE
eKVefkEUL2h1vdbu0/4osVBvFQ7jZnAZOFiFj63g621JGXucwOxEB9QrBrlZnywu
BD9XbBE2U94=
=O8/D
-----END PGP SIGNATURE-----