RLSA-2021:4381
See a problem?- Import Source
- https://storage.googleapis.com/resf-osv-data/RLSA-2021:4381.json
- JSON Data
- https://api.osv.dev/v1/vulns/RLSA-2021:4381
- Related
- Published
- 2021-11-09T09:15:15Z
- Modified
- 2023-02-02T12:52:00.453832Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Moderate: GNOME security, bug fix, and enhancement update
- Details
-
GNOME is the default desktop environment of Rocky Linux.
The following packages have been upgraded to a later upstream version: gdm (40.0), webkit2gtk3 (2.32.3). (BZ#1909300)
Security Fix(es):
webkitgtk: Use-after-free in AudioSourceProviderGStreamer leading to arbitrary code execution (CVE-2020-13558)
LibRaw: Stack buffer overflow in LibRaw::identifyprocessdng_fields() in identify.cpp (CVE-2020-24870)
webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2020-27918)
webkitgtk: IFrame sandboxing policy violation (CVE-2021-1765)
webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2021-1788)
webkitgtk: Type confusion issue leading to arbitrary code execution (CVE-2021-1789)
webkitgtk: Access to restricted ports on arbitrary servers via port redirection (CVE-2021-1799)
webkitgtk: IFrame sandboxing policy violation (CVE-2021-1801)
webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2021-1844)
webkitgtk: Logic issue leading to arbitrary code execution (CVE-2021-1870)
webkitgtk: Logic issue leading to arbitrary code execution (CVE-2021-1871)
webkitgtk: Use-after-free in ImageLoader dispatchPendingErrorEvent leading to information leak and possibly code execution (CVE-2021-21775)
webkitgtk: Use-after-free in WebCore::GraphicsContext leading to information leak and possibly code execution (CVE-2021-21779)
webkitgtk: Use-after-free in fireEventListeners leading to arbitrary code execution (CVE-2021-21806)
webkitgtk: Integer overflow leading to arbitrary code execution (CVE-2021-30663)
webkitgtk: Memory corruption leading to arbitrary code execution (CVE-2021-30665)
webkitgtk: Logic issue leading to leak of sensitive user information (CVE-2021-30682)
webkitgtk: Logic issue leading to universal cross site scripting attack (CVE-2021-30689)
webkitgtk: Logic issue allowing access to restricted ports on arbitrary servers (CVE-2021-30720)
webkitgtk: Memory corruptions leading to arbitrary code execution (CVE-2021-30734)
webkitgtk: Cross-origin issue with iframe elements leading to universal cross site scripting attack (CVE-2021-30744)
webkitgtk: Memory corruptions leading to arbitrary code execution (CVE-2021-30749)
webkitgtk: Type confusion leading to arbitrary code execution (CVE-2021-30758)
webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2021-30795)
webkitgtk: Insufficient checks leading to arbitrary code execution (CVE-2021-30797)
webkitgtk: Memory corruptions leading to arbitrary code execution (CVE-2021-30799)
webkitgtk: User may be unable to fully delete browsing history (CVE-2020-29623)
gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory (CVE-2020-36241)
gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory (incomplete CVE-2020-36241 fix) (CVE-2021-28650)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Rocky Linux 8.5 Release Notes linked from the References section.
- References
-
- https://errata.rockylinux.org/RLSA-2021:4381
- https://bugzilla.redhat.com/show_bug.cgi?id=1651378
- https://bugzilla.redhat.com/show_bug.cgi?id=1770302
- https://bugzilla.redhat.com/show_bug.cgi?id=1791478
- https://bugzilla.redhat.com/show_bug.cgi?id=1813727
- https://bugzilla.redhat.com/show_bug.cgi?id=1854679
- https://bugzilla.redhat.com/show_bug.cgi?id=1873297
- https://bugzilla.redhat.com/show_bug.cgi?id=1873488
- https://bugzilla.redhat.com/show_bug.cgi?id=1888404
- https://bugzilla.redhat.com/show_bug.cgi?id=1894613
- https://bugzilla.redhat.com/show_bug.cgi?id=1897932
- https://bugzilla.redhat.com/show_bug.cgi?id=1904139
- https://bugzilla.redhat.com/show_bug.cgi?id=1905000
- https://bugzilla.redhat.com/show_bug.cgi?id=1909300
- https://bugzilla.redhat.com/show_bug.cgi?id=1914925
- https://bugzilla.redhat.com/show_bug.cgi?id=1924725
- https://bugzilla.redhat.com/show_bug.cgi?id=1925640
- https://bugzilla.redhat.com/show_bug.cgi?id=1928794
- https://bugzilla.redhat.com/show_bug.cgi?id=1928886
- https://bugzilla.redhat.com/show_bug.cgi?id=1935261
- https://bugzilla.redhat.com/show_bug.cgi?id=1937416
- https://bugzilla.redhat.com/show_bug.cgi?id=1937866
- https://bugzilla.redhat.com/show_bug.cgi?id=1938937
- https://bugzilla.redhat.com/show_bug.cgi?id=1940026
- https://bugzilla.redhat.com/show_bug.cgi?id=1944323
- https://bugzilla.redhat.com/show_bug.cgi?id=1944329
- https://bugzilla.redhat.com/show_bug.cgi?id=1944333
- https://bugzilla.redhat.com/show_bug.cgi?id=1944337
- https://bugzilla.redhat.com/show_bug.cgi?id=1944340
- https://bugzilla.redhat.com/show_bug.cgi?id=1944343
- https://bugzilla.redhat.com/show_bug.cgi?id=1944350
- https://bugzilla.redhat.com/show_bug.cgi?id=1944859
- https://bugzilla.redhat.com/show_bug.cgi?id=1944862
- https://bugzilla.redhat.com/show_bug.cgi?id=1944867
- https://bugzilla.redhat.com/show_bug.cgi?id=1949176
- https://bugzilla.redhat.com/show_bug.cgi?id=1951086
- https://bugzilla.redhat.com/show_bug.cgi?id=1952136
- https://bugzilla.redhat.com/show_bug.cgi?id=1955754
- https://bugzilla.redhat.com/show_bug.cgi?id=1957705
- https://bugzilla.redhat.com/show_bug.cgi?id=1960705
- https://bugzilla.redhat.com/show_bug.cgi?id=1962049
- https://bugzilla.redhat.com/show_bug.cgi?id=1971507
- https://bugzilla.redhat.com/show_bug.cgi?id=1971534
- https://bugzilla.redhat.com/show_bug.cgi?id=1972545
- https://bugzilla.redhat.com/show_bug.cgi?id=1978287
- https://bugzilla.redhat.com/show_bug.cgi?id=1978505
- https://bugzilla.redhat.com/show_bug.cgi?id=1978612
- https://bugzilla.redhat.com/show_bug.cgi?id=1980441
- https://bugzilla.redhat.com/show_bug.cgi?id=1980661
- https://bugzilla.redhat.com/show_bug.cgi?id=1981420
- https://bugzilla.redhat.com/show_bug.cgi?id=1986863
- https://bugzilla.redhat.com/show_bug.cgi?id=1986866
- https://bugzilla.redhat.com/show_bug.cgi?id=1986872
- https://bugzilla.redhat.com/show_bug.cgi?id=1986874
- https://bugzilla.redhat.com/show_bug.cgi?id=1986879
- https://bugzilla.redhat.com/show_bug.cgi?id=1986881
- https://bugzilla.redhat.com/show_bug.cgi?id=1986883
- https://bugzilla.redhat.com/show_bug.cgi?id=1986886
- https://bugzilla.redhat.com/show_bug.cgi?id=1986888
- https://bugzilla.redhat.com/show_bug.cgi?id=1986890
- https://bugzilla.redhat.com/show_bug.cgi?id=1986892
- https://bugzilla.redhat.com/show_bug.cgi?id=1986900
- https://bugzilla.redhat.com/show_bug.cgi?id=1986902
- https://bugzilla.redhat.com/show_bug.cgi?id=1986906
- https://bugzilla.redhat.com/show_bug.cgi?id=1987233
- https://bugzilla.redhat.com/show_bug.cgi?id=1989035
- https://bugzilla.redhat.com/show_bug.cgi?id=1998989
- https://bugzilla.redhat.com/show_bug.cgi?id=1999120
- https://bugzilla.redhat.com/show_bug.cgi?id=2004170
- Credits
-
-
- Rocky Enterprise Software Foundation
-
- Red Hat
-
Affected packages
Rocky Linux:8 / accountsservice
Package
- Name
- accountsservice
- Purl
- pkg:rpm/rocky-linux/accountsservice?distro=rocky-linux-8-5-legacy&epoch=0
Rocky Linux:8 / gdm
Package
- Name
- gdm
- Purl
- pkg:rpm/rocky-linux/gdm?distro=rocky-linux-8-5-legacy&epoch=1
Rocky Linux:8 / gnome-autoar
Package
- Name
- gnome-autoar
- Purl
- pkg:rpm/rocky-linux/gnome-autoar?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / gnome-calculator
Package
- Name
- gnome-calculator
- Purl
- pkg:rpm/rocky-linux/gnome-calculator?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / gnome-control-center
Package
- Name
- gnome-control-center
- Purl
- pkg:rpm/rocky-linux/gnome-control-center?distro=rocky-linux-8-5-legacy&epoch=0
Rocky Linux:8 / gnome-online-accounts
Package
- Name
- gnome-online-accounts
- Purl
- pkg:rpm/rocky-linux/gnome-online-accounts?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / gnome-session
Package
- Name
- gnome-session
- Purl
- pkg:rpm/rocky-linux/gnome-session?distro=rocky-linux-8-5-legacy&epoch=0
Rocky Linux:8 / gnome-settings-daemon
Package
- Name
- gnome-settings-daemon
- Purl
- pkg:rpm/rocky-linux/gnome-settings-daemon?distro=rocky-linux-8-5-legacy&epoch=0
Rocky Linux:8 / gnome-settings-daemon
Package
- Name
- gnome-settings-daemon
- Purl
- pkg:rpm/rocky-linux/gnome-settings-daemon?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / gnome-shell
Package
- Name
- gnome-shell
- Purl
- pkg:rpm/rocky-linux/gnome-shell?distro=rocky-linux-8-5-legacy&epoch=0
Rocky Linux:8 / gnome-shell-extensions
Package
- Name
- gnome-shell-extensions
- Purl
- pkg:rpm/rocky-linux/gnome-shell-extensions?distro=rocky-linux-8-5-legacy&epoch=0
Rocky Linux:8 / gnome-software
Package
- Name
- gnome-software
- Purl
- pkg:rpm/rocky-linux/gnome-software?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / gsettings-desktop-schemas
Package
- Name
- gsettings-desktop-schemas
- Purl
- pkg:rpm/rocky-linux/gsettings-desktop-schemas?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / gtk3
Package
- Name
- gtk3
- Purl
- pkg:rpm/rocky-linux/gtk3?distro=rocky-linux-8-5-legacy&epoch=0
Rocky Linux:8 / LibRaw
Package
- Name
- LibRaw
- Purl
- pkg:rpm/rocky-linux/LibRaw?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / mutter
Package
- Name
- mutter
- Purl
- pkg:rpm/rocky-linux/mutter?distro=rocky-linux-8-5-legacy&epoch=0
Rocky Linux:8 / vino
Package
- Name
- vino
- Purl
- pkg:rpm/rocky-linux/vino?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / webkit2gtk3
Package
- Name
- webkit2gtk3
- Purl
- pkg:rpm/rocky-linux/webkit2gtk3?distro=rocky-linux-8-5-legacy&epoch=0