Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 4976-1] wpewebkit security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 4976-1] wpewebkit security update


Chronologisch Thread 
    < Chronologisch >      < Thread >
  • From: Alberto Garcia <berto AT igalia.com>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 4976-1] wpewebkit security update
  • Date: Tue, 21 Sep 2021 10:17:04 +0000
  • Authentication-results: mail02.piratenpartei.de; dkim=none; spf=none (mail02.piratenpartei.de: domain of "bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org" has no SPF policy when checking 82.195.75.100) smtp.mailfrom="bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org"; dmarc=none
  • List-archive: https://lists.debian.org/msgid-search/20210921101704.GA7293 AT seger.debian.org
  • List-id: <debian-security-announce.lists.debian.org>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-return-path: <berto AT igalia.com>
  • Priority: urgent
  • Resent-date: Tue, 21 Sep 2021 10:17:19 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <EuE7v1NqI-B.A.Q3G.vEbShB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4976-1 security AT debian.org
https://www.debian.org/security/ Alberto Garcia
September 20, 2021 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : wpewebkit
CVE ID : CVE-2021-30858

The following vulnerabilities have been discovered in the webkit2gtk
web engine:

CVE-2021-30858
An anonymous researcher discovered that processing maliciously
crafted web content may lead to arbitrary code execution. Apple is
aware of a report that this issue may have been actively
exploited.

For the stable distribution (bullseye), this problem has been fixed in
version 2.32.4-1~deb11u1.

We recommend that you upgrade your wpewebkit packages.

For the detailed security status of wpewebkit please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/wpewebkit

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEYrwugQBKzlHMYFizAAyEYu0C2AIFAmFJsE8ACgkQAAyEYu0C
2AKV0g//RZZv0o8nec9Qa8kbs6DToqRpxq1+ml5ULyPzBHr0GvFGMv0CgGnySv5E
tzZV3GIxVV913yL0CiAxG1wP2yEpAcnCjcFPbaug5TIdDwDH3ysz2RBy+3vWnFAF
4Y/l60p2VAAwcD7wezGL2mh0AgscD6PAumST1oFr3eS+1JKzkf9qszukZsTbUaTx
+iYLepFyAsPz+TXWtzIm25sP9qXdOhBI/Wpj7mpPB2mzvRyFYB0al8p6JMJdTS4M
zN5tgZdpcUnpB4kp4j2bHxmcYOV18qrBLXG6OGIkse/WZwqQus5/Kui4AlDYfd/M
iq3RK6CTJp5jcMQHwWl/YSnMR7Id1cVBB1kWqlZ9eI4uEIYtxcwSp6bwmj6A7cEk
Ac3GQUKgf58kDuOiUC8G/gVENHMxDg5WM6VqadzyTlLAvIxdbkGizpbzF+3vICmS
7nBQQbOLzJonwyWVHtmSw2Gj6GbxGpkkTcVRBD5OxQO5haVjOeUR7+R2qOLep92N
JvEpr9ubxwBpevBgFAczZnmduF7t7P8FYYBKgGiZJ6rq8g/dk7qgOE5x3qAz4h0j
/L/GfgYVIuIsaFLjRcEZ3PXvzsXQ2TThkNUMGFuZhKyRkpj1QcvoZd4aYPMFK2sd
q9zj9mbQBk3v1//sd8ZgAN/hDma8XoA3Uo30vI+MQkcRPZIHIyI=
=83R+
-----END PGP SIGNATURE-----


  • [IT-SecNots] [SECURITY] [DSA 4976-1] wpewebkit security update, Alberto Garcia, 21.09.2021

Archiv bereitgestellt durch MHonArc 2.6.24.

Seitenanfang