drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in webkit2gtk
Name: |
Mehrere Probleme in webkit2gtk |
|
ID: |
DSA-4877-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian buster |
|
Datum: |
Sa, 27. März 2021, 13:07 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29623
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1765
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1801
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1799
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1870
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27918
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1789 |
|
Applikationen: |
WebKitGTK |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-4877-1 security@debian.org https://www.debian.org/security/ Alberto Garcia March 27, 2021 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : webkit2gtk CVE ID : CVE-2020-27918 CVE-2020-29623 CVE-2021-1765 CVE-2021-1789 CVE-2021-1799 CVE-2021-1801 CVE-2021-1870
The following vulnerabilities have been discovered in the webkit2gtk web engine:
CVE-2020-27918
Liu Long discovered that processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2020-29623
Simon Hunt discovered that users may be unable to fully delete their browsing history under some circumstances.
CVE-2021-1765
Eliya Stein discovered that maliciously crafted web content may violate iframe sandboxing policy.
CVE-2021-1789
@S0rryMybad discovered that processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2021-1799
Gregory Vishnepolsky, Ben Seri and Samy Kamkar discovered that a malicious website may be able to access restricted ports on arbitrary servers.
CVE-2021-1801
Eliya Stein discovered that processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2021-1870
An anonymous researcher discovered that processing maliciously crafted web content may lead to arbitrary code execution.
For the stable distribution (buster), these problems have been fixed in version 2.30.6-1~deb10u1.
We recommend that you upgrade your webkit2gtk packages.
For the detailed security status of webkit2gtk please refer to its security tracker page at: https://security-tracker.debian.org/tracker/webkit2gtk
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmBe0l1fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0S5hQ/8C2v1zUfBwSGNyQkeH/8SJ4P39FOtLS7uKAsBu24uFgQn0NJ2tITsGU+d MvPT813PYFND7RRjwch+KVhxfj1py0JzxeizGNJf8B5qocfCLJn/cGzrxIqurxVC eiwum9x49P9+kCBfiBBz3hTGiaVJa9HdgonauOhlxgVITYDqgE5Z5jTpKaM3lKQv qa9CIrP0zaGdOVwY9PUMRNCxJ1i90cKNePLaIE/a1R4p7pwa5sR069uu94PGahQx KDd8w0/3dFeQoQTALhvrkxdKCDgi4GWzCnB1KD2k4lZncPOrx0yGRx8H0lXO+MgN 6+0zg5EaG1bdk4aYoyYKTPIYPRVbJBpg9pisgJ+IL452P1F7zmaUq2vtSZMl7JIN xwzxuMKAR7letp+Ji7HRb34rex7ni0bIMndDs1sBjesUK1C9c2gRUtj2uhRStS9a 0sqmVjCqGxaXzsKL+5AqJY8VYbPCXvxhoNGHzGA6SdFv/bj8l6FOpsrFguNhpFJ4 6QdvgvFuRo2fYXsfRhosyLH4XXfyf4XZiDC4zX6Z1/Ata4mPJCgbS/aoewEIarm5 Nw426CdjAtefXdeRbRd/VRmZPNriolXlYI11VxhM9xpmw0Ag75jq+meNF3+wi9G0 6m8OoG+6FhUc4UcLv/OiSFHZgy3eTP6wIqa/6FG1gh7wta2+sXM= =IQ2D -----END PGP SIGNATURE-----
|
|
|
|