Published:
31 May 2021
Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1846 webkit2gtk security update 31 May 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: webkit2gtk Publisher: Debian Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Cross-site Scripting -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2021-1871 CVE-2021-1844 CVE-2021-1788 Reference: ESB-2021.1582 ESB-2021.1486 Original Bulletin: http://www.debian.org/security/2021/dsa-4923 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-4923-1 security@debian.org https://www.debian.org/security/ Alberto Garcia May 30, 2021 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : webkit2gtk CVE ID : CVE-2021-1788 CVE-2021-1844 CVE-2021-1871 The following vulnerabilities have been discovered in the webkit2gtk web engine: CVE-2021-1788 Francisco Alonso discovered that processing maliciously crafted web content may lead to arbitrary code execution. CVE-2021-1844 Clement Lecigne and Alison Huffman discovered that processing maliciously crafted web content may lead to arbitrary code execution. CVE-2021-1871 An anonymous researcher discovered that a remote attacker may be able to cause arbitrary code execution. For the stable distribution (buster), these problems have been fixed in version 2.32.1-1~deb10u1. We recommend that you upgrade your webkit2gtk packages. For the detailed security status of webkit2gtk please refer to its security tracker page at: https://security-tracker.debian.org/tracker/webkit2gtk Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmCzs9QACgkQEMKTtsN8 TjZvEBAAvWMYeR9qQJIJnM82AkXjMqJpvayKaEKATKvXRql0niJkpGK/lPFvqM/v rSLP1lt2pBpHrB/2uMj44xcOVN2L0ARsTF2YL/cg7Y51pL/ue8zeeCG23tE/8RyX HOyZcXI253dpcweXoTbK5GteIw9mZKIs3gmtKcUGQjDSkYKtVQGNOcPBl0K5khLP VVAv6M85ooZyiqIQEFx3uEOMf0/feoy618VHb9x0lILsyU2Vm9QBLn1sh11538or XHJt5amHNiFb01W/ScvlAJof4PV8Nkh9KFzZIto3L3kkLvBXqXY0gnATfibz7Ksy 8Om+ktQde0R7oQSb8A/8vn/Frs5gsrpsUmOn98S4xoahAJKsO9isKTN8A442AQUM jl/zBrIR1D+G1G8xXfcjvQ4zh1FZbMpVbj18j3QOTPz0kCWN4dg2Fcrn1PT0Sw+k YLnTv7Hn3BVePPIufE0cqLNtR8DDjx5fXrr27r7KAUjWIlZxhYVxfrfdWEuuclFD uUWlXijlv8EtA5ahphBaVaafbHttlsk0pIGqn3V4pkcs8BV04xGxK7xKeEP3vH0F zQX7RLSo93UCj5RZtIClv5Le2y5NEU8+tbkTwL8jEy/KltFhmkMgXsPJHyv74GO8 oD4vFgSxCrYjfRU6Bwli6GbOhYMXNtgbBB4YRqbDKjt2vMjYDac= =mTUC - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYLRB9uNLKJtyKPYoAQgwZg/+NIx3eZq76PGSZWU+dU+2mnko4SeS2kmH ynoovqpCkm+pwiecF/aTE9JK710qcmdMBC+yM4iOXyYaiTHsv7G1CmLUOiXQPjof cpSlNYpaJFZsJ9Lg4OFDLpxDeIaUnq0q9Pn3zgqh1m5DWpdLFYclYc/MDRzbvzaZ JifwJuKT34KnFY/lMOEZMc9pj/EeSMsuyIJMtPo9XvJJvf8ezrB7wKwmvAUKzj6x Iw+bpmUHDQfL4fUAYIw6+AEswiroLRW3/Ju1N2+/S05y4l8FXlnX2qnleMNMsL1J PO8tkFDL+cQyrLpDbDT/McznekTyDzluwZtc/uVtzFgbnwy4XWjmln/oCq2FUaki 6OXmtPYR6/tT5CVasTuFvhFXJcCREh/GfnzEyFGwWMYyYiXCyEt/HqUKNQ+bB+BF u8/dWJNSrvLuxooOh2oPmBVIuna7kWEHo9ZQRSicWwEZn0+Qzs9l9bf6z2ewMPe4 LZ8i+ksa+RMYI0yx16GqDRHV79KZn379/PdIiZmypv05pZ38zElUeM9oEjZBo72A biFG7RZPoep0JK1/Kx+UyNJ0ZDO9nqK+A92Bhk+V71n/4bSxXvcK+oh8tysCiJYE eKVefkEUL2h1vdbu0/4osVBvFQ7jZnAZOFiFj63g621JGXucwOxEB9QrBrlZnywu BD9XbBE2U94= =O8/D -----END PGP SIGNATURE-----