Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

DSA-4877-1 webkit2gtk -- security update

Related Vulnerabilities: CVE-2020-27918   CVE-2020-29623   CVE-2021-1765   CVE-2021-1789   CVE-2021-1799   CVE-2021-1801   CVE-2021-1870  

The following vulnerabilities have been discovered in the webkit2gtk web engine: CVE-2020-27918 Liu Long discovered that processing maliciously crafted web content may lead to arbitrary code execution. CVE-2020-29623 Simon Hunt discovered that users may be unable to fully delete their browsing history under some circumstances. CVE-2021-1765 Eliya Stein discovered that maliciously crafted web content may violate iframe sandboxing policy. CVE-2021-1789 @S0rryMybad discovered that processing maliciously crafted web content may lead to arbitrary code execution. CVE-2021-1799 Gregory Vishnepolsky, Ben Seri and Samy Kamkar discovered that a malicious website may be able to access restricted ports on arbitrary servers. CVE-2021-1801 Eliya Stein discovered that processing maliciously crafted web content may lead to arbitrary code execution. CVE-2021-1870 An anonymous researcher discovered that processing maliciously crafted web content may lead to arbitrary code execution. For the stable distribution (buster), these problems have been fixed in version 2.30.6-1~deb10u1. We recommend that you upgrade your webkit2gtk packages. For the detailed security status of webkit2gtk please refer to its security tracker page at: https://security-tracker.debian.org/tracker/webkit2gtk

Source

Debian Security Advisory

DSA-4877-1 webkit2gtk -- security update

Date Reported:
27 Mar 2021
Affected Packages:
webkit2gtk
Vulnerable:
Yes
Security database references:
In Mitre's CVE dictionary: CVE-2020-27918, CVE-2020-29623, CVE-2021-1765, CVE-2021-1789, CVE-2021-1799, CVE-2021-1801, CVE-2021-1870.
More information:

The following vulnerabilities have been discovered in the webkit2gtk web engine:

  • CVE-2020-27918

    Liu Long discovered that processing maliciously crafted web content may lead to arbitrary code execution.

  • CVE-2020-29623

    Simon Hunt discovered that users may be unable to fully delete their browsing history under some circumstances.

  • CVE-2021-1765

    Eliya Stein discovered that maliciously crafted web content may violate iframe sandboxing policy.

  • CVE-2021-1789

    @S0rryMybad discovered that processing maliciously crafted web content may lead to arbitrary code execution.

  • CVE-2021-1799

    Gregory Vishnepolsky, Ben Seri and Samy Kamkar discovered that a malicious website may be able to access restricted ports on arbitrary servers.

  • CVE-2021-1801

    Eliya Stein discovered that processing maliciously crafted web content may lead to arbitrary code execution.

  • CVE-2021-1870

    An anonymous researcher discovered that processing maliciously crafted web content may lead to arbitrary code execution.

For the stable distribution (buster), these problems have been fixed in version 2.30.6-1~deb10u1.

We recommend that you upgrade your webkit2gtk packages.

For the detailed security status of webkit2gtk please refer to its security tracker page at: https://security-tracker.debian.org/tracker/webkit2gtk

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started