ALSA-2021:4381

Source
https://errata.almalinux.org/8/ALSA-2021-4381.html
Import Source
https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2021:4381.json
JSON Data
https://api.osv.dev/v1/vulns/ALSA-2021:4381
Related
Published
2021-11-09T09:15:15Z
Modified
2021-11-12T10:21:01Z
Summary
Moderate: GNOME security, bug fix, and enhancement update
Details

GNOME is the default desktop environment of AlmaLinux.

The following packages have been upgraded to a later upstream version: gdm (40.0), webkit2gtk3 (2.32.3). (BZ#1909300)

Security Fix(es):

  • webkitgtk: Use-after-free in AudioSourceProviderGStreamer leading to arbitrary code execution (CVE-2020-13558)

  • LibRaw: Stack buffer overflow in LibRaw::identifyprocessdng_fields() in identify.cpp (CVE-2020-24870)

  • webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2020-27918)

  • webkitgtk: IFrame sandboxing policy violation (CVE-2021-1765)

  • webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2021-1788)

  • webkitgtk: Type confusion issue leading to arbitrary code execution (CVE-2021-1789)

  • webkitgtk: Access to restricted ports on arbitrary servers via port redirection (CVE-2021-1799)

  • webkitgtk: IFrame sandboxing policy violation (CVE-2021-1801)

  • webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2021-1844)

  • webkitgtk: Logic issue leading to arbitrary code execution (CVE-2021-1870)

  • webkitgtk: Logic issue leading to arbitrary code execution (CVE-2021-1871)

  • webkitgtk: Use-after-free in ImageLoader dispatchPendingErrorEvent leading to information leak and possibly code execution (CVE-2021-21775)

  • webkitgtk: Use-after-free in WebCore::GraphicsContext leading to information leak and possibly code execution (CVE-2021-21779)

  • webkitgtk: Use-after-free in fireEventListeners leading to arbitrary code execution (CVE-2021-21806)

  • webkitgtk: Integer overflow leading to arbitrary code execution (CVE-2021-30663)

  • webkitgtk: Memory corruption leading to arbitrary code execution (CVE-2021-30665)

  • webkitgtk: Logic issue leading to leak of sensitive user information (CVE-2021-30682)

  • webkitgtk: Logic issue leading to universal cross site scripting attack (CVE-2021-30689)

  • webkitgtk: Logic issue allowing access to restricted ports on arbitrary servers (CVE-2021-30720)

  • webkitgtk: Memory corruptions leading to arbitrary code execution (CVE-2021-30734)

  • webkitgtk: Cross-origin issue with iframe elements leading to universal cross site scripting attack (CVE-2021-30744)

  • webkitgtk: Memory corruptions leading to arbitrary code execution (CVE-2021-30749)

  • webkitgtk: Type confusion leading to arbitrary code execution (CVE-2021-30758)

  • webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2021-30795)

  • webkitgtk: Insufficient checks leading to arbitrary code execution (CVE-2021-30797)

  • webkitgtk: Memory corruptions leading to arbitrary code execution (CVE-2021-30799)

  • webkitgtk: User may be unable to fully delete browsing history (CVE-2020-29623)

  • gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory (CVE-2020-36241)

  • gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory (incomplete CVE-2020-36241 fix) (CVE-2021-28650)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References

Affected packages

AlmaLinux:8 / LibRaw

Package

Name
LibRaw

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.19.5-3.el8

AlmaLinux:8 / LibRaw-devel

Package

Name
LibRaw-devel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.19.5-3.el8

AlmaLinux:8 / accountsservice

Package

Name
accountsservice

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.6.55-2.el8

AlmaLinux:8 / accountsservice-devel

Package

Name
accountsservice-devel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.6.55-2.el8

AlmaLinux:8 / accountsservice-libs

Package

Name
accountsservice-libs

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.6.55-2.el8

AlmaLinux:8 / gdm

Package

Name
gdm

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:40.0-15.el8

AlmaLinux:8 / gnome-autoar

Package

Name
gnome-autoar

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.2.3-2.el8

AlmaLinux:8 / gnome-calculator

Package

Name
gnome-calculator

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.28.2-2.el8

AlmaLinux:8 / gnome-classic-session

Package

Name
gnome-classic-session

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.32.1-20.el8

AlmaLinux:8 / gnome-control-center

Package

Name
gnome-control-center

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.28.2-28.el8

AlmaLinux:8 / gnome-control-center-filesystem

Package

Name
gnome-control-center-filesystem

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.28.2-28.el8

AlmaLinux:8 / gnome-online-accounts

Package

Name
gnome-online-accounts

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.28.2-3.el8

AlmaLinux:8 / gnome-online-accounts-devel

Package

Name
gnome-online-accounts-devel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.28.2-3.el8

AlmaLinux:8 / gnome-session

Package

Name
gnome-session

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.28.1-13.el8

AlmaLinux:8 / gnome-session-kiosk-session

Package

Name
gnome-session-kiosk-session

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.28.1-13.el8

AlmaLinux:8 / gnome-session-wayland-session

Package

Name
gnome-session-wayland-session

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.28.1-13.el8

AlmaLinux:8 / gnome-session-xsession

Package

Name
gnome-session-xsession

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.28.1-13.el8

AlmaLinux:8 / gnome-settings-daemon

Package

Name
gnome-settings-daemon

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.32.0-16.el8.alma

AlmaLinux:8 / gnome-shell

Package

Name
gnome-shell

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.32.2-40.el8

AlmaLinux:8 / gnome-shell-extension-apps-menu

Package

Name
gnome-shell-extension-apps-menu

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.32.1-20.el8

AlmaLinux:8 / gnome-shell-extension-auto-move-windows

Package

Name
gnome-shell-extension-auto-move-windows

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.32.1-20.el8

AlmaLinux:8 / gnome-shell-extension-common

Package

Name
gnome-shell-extension-common

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.32.1-20.el8

AlmaLinux:8 / gnome-shell-extension-dash-to-dock

Package

Name
gnome-shell-extension-dash-to-dock

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.32.1-20.el8

AlmaLinux:8 / gnome-shell-extension-desktop-icons

Package

Name
gnome-shell-extension-desktop-icons

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.32.1-20.el8

AlmaLinux:8 / gnome-shell-extension-disable-screenshield

Package

Name
gnome-shell-extension-disable-screenshield

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.32.1-20.el8

AlmaLinux:8 / gnome-shell-extension-drive-menu

Package

Name
gnome-shell-extension-drive-menu

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.32.1-20.el8

AlmaLinux:8 / gnome-shell-extension-gesture-inhibitor

Package

Name
gnome-shell-extension-gesture-inhibitor

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.32.1-20.el8

AlmaLinux:8 / gnome-shell-extension-horizontal-workspaces

Package

Name
gnome-shell-extension-horizontal-workspaces

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.32.1-20.el8

AlmaLinux:8 / gnome-shell-extension-launch-new-instance

Package

Name
gnome-shell-extension-launch-new-instance

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.32.1-20.el8

AlmaLinux:8 / gnome-shell-extension-native-window-placement

Package

Name
gnome-shell-extension-native-window-placement

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.32.1-20.el8

AlmaLinux:8 / gnome-shell-extension-no-hot-corner

Package

Name
gnome-shell-extension-no-hot-corner

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.32.1-20.el8

AlmaLinux:8 / gnome-shell-extension-panel-favorites

Package

Name
gnome-shell-extension-panel-favorites

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.32.1-20.el8

AlmaLinux:8 / gnome-shell-extension-places-menu

Package

Name
gnome-shell-extension-places-menu

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.32.1-20.el8

AlmaLinux:8 / gnome-shell-extension-screenshot-window-sizer

Package

Name
gnome-shell-extension-screenshot-window-sizer

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.32.1-20.el8

AlmaLinux:8 / gnome-shell-extension-systemMonitor

Package

Name
gnome-shell-extension-systemMonitor

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.32.1-20.el8

AlmaLinux:8 / gnome-shell-extension-top-icons

Package

Name
gnome-shell-extension-top-icons

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.32.1-20.el8

AlmaLinux:8 / gnome-shell-extension-updates-dialog

Package

Name
gnome-shell-extension-updates-dialog

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.32.1-20.el8

AlmaLinux:8 / gnome-shell-extension-user-theme

Package

Name
gnome-shell-extension-user-theme

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.32.1-20.el8

AlmaLinux:8 / gnome-shell-extension-window-grouper

Package

Name
gnome-shell-extension-window-grouper

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.32.1-20.el8

AlmaLinux:8 / gnome-shell-extension-window-list

Package

Name
gnome-shell-extension-window-list

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.32.1-20.el8

AlmaLinux:8 / gnome-shell-extension-windowsNavigator

Package

Name
gnome-shell-extension-windowsNavigator

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.32.1-20.el8

AlmaLinux:8 / gnome-shell-extension-workspace-indicator

Package

Name
gnome-shell-extension-workspace-indicator

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.32.1-20.el8

AlmaLinux:8 / gnome-software

Package

Name
gnome-software

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.36.1-10.el8

AlmaLinux:8 / gnome-software-devel

Package

Name
gnome-software-devel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.36.1-10.el8

AlmaLinux:8 / gsettings-desktop-schemas

Package

Name
gsettings-desktop-schemas

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.32.0-6.el8

AlmaLinux:8 / gsettings-desktop-schemas-devel

Package

Name
gsettings-desktop-schemas-devel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.32.0-6.el8

AlmaLinux:8 / gtk-update-icon-cache

Package

Name
gtk-update-icon-cache

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.22.30-8.el8

AlmaLinux:8 / gtk3

Package

Name
gtk3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.22.30-8.el8

AlmaLinux:8 / gtk3-devel

Package

Name
gtk3-devel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.22.30-8.el8

AlmaLinux:8 / gtk3-immodule-xim

Package

Name
gtk3-immodule-xim

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.22.30-8.el8

AlmaLinux:8 / mutter

Package

Name
mutter

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.32.2-60.el8

AlmaLinux:8 / mutter-devel

Package

Name
mutter-devel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.32.2-60.el8

AlmaLinux:8 / vino

Package

Name
vino

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.22.0-11.el8

AlmaLinux:8 / webkit2gtk3

Package

Name
webkit2gtk3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.32.3-2.el8

AlmaLinux:8 / webkit2gtk3-devel

Package

Name
webkit2gtk3-devel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.32.3-2.el8

AlmaLinux:8 / webkit2gtk3-jsc

Package

Name
webkit2gtk3-jsc

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.32.3-2.el8

AlmaLinux:8 / webkit2gtk3-jsc-devel

Package

Name
webkit2gtk3-jsc-devel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.32.3-2.el8