GNOME is the default desktop environment of AlmaLinux.
The following packages have been upgraded to a later upstream version: gdm (40.0), webkit2gtk3 (2.32.3). (BZ#1909300)
Security Fix(es):
webkitgtk: Use-after-free in AudioSourceProviderGStreamer leading to arbitrary code execution (CVE-2020-13558)
LibRaw: Stack buffer overflow in LibRaw::identifyprocessdng_fields() in identify.cpp (CVE-2020-24870)
webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2020-27918)
webkitgtk: IFrame sandboxing policy violation (CVE-2021-1765)
webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2021-1788)
webkitgtk: Type confusion issue leading to arbitrary code execution (CVE-2021-1789)
webkitgtk: Access to restricted ports on arbitrary servers via port redirection (CVE-2021-1799)
webkitgtk: IFrame sandboxing policy violation (CVE-2021-1801)
webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2021-1844)
webkitgtk: Logic issue leading to arbitrary code execution (CVE-2021-1870)
webkitgtk: Logic issue leading to arbitrary code execution (CVE-2021-1871)
webkitgtk: Use-after-free in ImageLoader dispatchPendingErrorEvent leading to information leak and possibly code execution (CVE-2021-21775)
webkitgtk: Use-after-free in WebCore::GraphicsContext leading to information leak and possibly code execution (CVE-2021-21779)
webkitgtk: Use-after-free in fireEventListeners leading to arbitrary code execution (CVE-2021-21806)
webkitgtk: Integer overflow leading to arbitrary code execution (CVE-2021-30663)
webkitgtk: Memory corruption leading to arbitrary code execution (CVE-2021-30665)
webkitgtk: Logic issue leading to leak of sensitive user information (CVE-2021-30682)
webkitgtk: Logic issue leading to universal cross site scripting attack (CVE-2021-30689)
webkitgtk: Logic issue allowing access to restricted ports on arbitrary servers (CVE-2021-30720)
webkitgtk: Memory corruptions leading to arbitrary code execution (CVE-2021-30734)
webkitgtk: Cross-origin issue with iframe elements leading to universal cross site scripting attack (CVE-2021-30744)
webkitgtk: Memory corruptions leading to arbitrary code execution (CVE-2021-30749)
webkitgtk: Type confusion leading to arbitrary code execution (CVE-2021-30758)
webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2021-30795)
webkitgtk: Insufficient checks leading to arbitrary code execution (CVE-2021-30797)
webkitgtk: Memory corruptions leading to arbitrary code execution (CVE-2021-30799)
webkitgtk: User may be unable to fully delete browsing history (CVE-2020-29623)
gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory (CVE-2020-36241)
gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory (incomplete CVE-2020-36241 fix) (CVE-2021-28650)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.