ID

VAR-202109-1389


CVE

CVE-2021-30689


TITLE

Apple Safari Cross-site scripting vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202105-1575

DESCRIPTION

A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting. WebKitGTK+ has a cross-site scripting vulnerability that stems from insufficient sanitization of user-supplied data in WebKit. A remote attacker could exploit this vulnerability to perform a cross-site scripting (XSS) attack. The following products and versions are affected: WebKitGTK+: 2.30.0, 2.30.1, 2.30.2, 2.30.3, 2.30.4, 2.30.5, 2.30.6, 2.31.1, 2.31.90, 2.31.91, 2.32 .0, 2.32.1. A security issue has been found in WebKitGTK and WPE WebKit prior to 2.32.3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2021-05-25-1 iOS 14.6 and iPadOS 14.6 iOS 14.6 and iPadOS 14.6 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212528. Audio Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-30707: hjy79425575 working with Trend Micro Zero Day Initiative Audio Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Parsing a maliciously crafted audio file may lead to disclosure of user information Description: This issue was addressed with improved checks. CVE-2021-30685: Mickey Jin (@patch1t) of Trend Micro AVEVideoEncoder Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An application may be able to cause unexpected system termination or write kernel memory Description: A race condition was addressed with improved state handling. CVE-2021-30714: @08Tc3wBB of ZecOps, and George Nosenko CommCenter Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A device may accept invalid activation results Description: A logic issue was addressed with improved restrictions. CVE-2021-30729: CHRISTIAN MINA Core Services Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may be able to gain root privileges Description: A validation issue existed in the handling of symlinks. CVE-2021-30681: Zhongcheng Li (CK01) CoreAudio Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted audio file may disclose restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-30686: Mickey Jin of Trend Micro Crash Reporter Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may be able to modify protected parts of the file system Description: A logic issue was addressed with improved state management. CVE-2021-30727: Cees Elzinga CVMS Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A local attacker may be able to elevate their privileges Description: This issue was addressed with improved checks. CVE-2021-30724: Mickey Jin (@patch1t) of Trend Micro Heimdal Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A local user may be able to leak sensitive user information Description: A logic issue was addressed with improved state management. CVE-2021-30697: Gabe Kirkpatrick (@gabe_k) Heimdal Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may cause a denial of service or potentially disclose memory contents Description: A memory corruption issue was addressed with improved state management. CVE-2021-30710: Gabe Kirkpatrick (@gabe_k) ImageIO Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to disclosure of user information Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-30687: Hou JingYi (@hjy79425575) of Qihoo 360 ImageIO Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to disclosure of user information Description: This issue was addressed with improved checks. CVE-2021-30700: Ye Zhang(@co0py_Cat) of Baidu Security ImageIO Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-30701: Mickey Jin (@patch1t) of Trend Micro and Ye Zhang of Baidu Security ImageIO Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted ASTC file may disclose memory contents Description: This issue was addressed with improved checks. CVE-2021-30705: Ye Zhang of Baidu Security Kernel Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A logic issue was addressed with improved validation. CVE-2021-30740: Linus Henze (pinauten.de) Kernel Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may disclose restricted memory Description: This issue was addressed with improved checks. CVE-2021-30674: Siddharth Aeri (@b1n4r1b01) Kernel Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A logic issue was addressed with improved state management. CVE-2021-30704: an anonymous researcher Kernel Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted message may lead to a denial of service Description: A logic issue was addressed with improved state management. CVE-2021-30715: The UK's National Cyber Security Centre (NCSC) Kernel Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed with improved size validation. CVE-2021-30736: Ian Beer of Google Project Zero LaunchServices Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may be able to break out of its sandbox Description: This issue was addressed with improved environment sanitization. CVE-2021-30677: Ron Waisberg (@epsilan) Mail Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted mail message may lead to unexpected memory modification or application termination Description: A use after free issue was addressed with improved memory management. CVE-2021-30741: SYMaster of ZecOps Mobile EDR Team Model I/O Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted USD file may disclose memory contents Description: An information disclosure issue was addressed with improved state management. CVE-2021-30723: Mickey Jin (@patch1t) of Trend Micro CVE-2021-30691: Mickey Jin (@patch1t) of Trend Micro CVE-2021-30692: Mickey Jin (@patch1t) of Trend Micro CVE-2021-30694: Mickey Jin (@patch1t) of Trend Micro Model I/O Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2021-30725: Mickey Jin (@patch1t) of Trend Micro Model I/O Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted USD file may disclose memory contents Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-30746: Mickey Jin (@patch1t) of Trend Micro Model I/O Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A validation issue was addressed with improved logic. CVE-2021-30693: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend Micro Model I/O Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted USD file may disclose memory contents Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-30695: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend Micro Model I/O Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-30708: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend Micro Model I/O Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted USD file may disclose memory contents Description: This issue was addressed with improved checks. CVE-2021-30709: Mickey Jin (@patch1t) of Trend Micro Notes Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A user may be able to view restricted content from the lockscreen Description: A window management issue was addressed with improved state management. CVE-2021-30699: videosdebarraquito Security Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution Description: A memory corruption issue in the ASN.1 decoder was addressed by removing the vulnerable code. CVE-2021-30737: xerub WebKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. CVE-2021-30744: Dan Hite of jsontop WebKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2021-21779: Marcin Towalski of Cisco Talos WebKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may be able to leak sensitive user information Description: A logic issue was addressed with improved restrictions. CVE-2021-30682: an anonymous researcher and 1lastBr3ath WebKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue was addressed with improved state management. CVE-2021-30689: an anonymous researcher WebKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2021-30749: an anonymous researcher and mipu94 of SEFCOM lab, ASU. working with Trend Micro Zero Day Initiative CVE-2021-30734: Jack Dates of RET2 Systems, Inc. (@ret2systems) working with Trend Micro Zero Day Initiative WebKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious website may be able to access restricted ports on arbitrary servers Description: A logic issue was addressed with improved restrictions. CVE-2021-30720: David Schütz (@xdavidhu) WebRTC Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A remote attacker may be able to cause a denial of service Description: A null pointer dereference was addressed with improved input validation. CVE-2021-23841: Tavis Ormandy of Google CVE-2021-30698: Tavis Ormandy of Google Wi-Fi Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An attacker in WiFi range may be able to force a client to use a less secure authentication mechanism Description: A logic issue was addressed with improved validation. CVE-2021-30667: Raul Siles of DinoSec (@dinosec) Additional recognition AVEVideoEncoder We would like to acknowledge @08Tc3wBB for their assistance. CommCenter We would like to acknowledge CHRISTIAN MINA and Stefan Sterz (@0x7374) of Secure Mobile Networking Lab at TU Darmstadt and Industrial Software at TU Wien for their assistance. CoreCapture We would like to acknowledge Zuozhi Fan (@pattern_F_) of Ant- financial TianQiong Security Lab for their assistance. ImageIO We would like to acknowledge Jzhu working with Trend Micro Zero Day Initiative and an anonymous researcher for their assistance. Kernel We would like to acknowledge Saar Amar (@AmarSaar) for their assistance. Mail Drafts We would like to acknowledge Lauritz Holtmann (@_lauritz_) for their assistance. NetworkExtension We would like to acknowledge Matthias Ortmann of Secure Mobile Networking Lab for their assistance. WebKit We would like to acknowledge Chris Salls (@salls) of Makai Security for their assistance. Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About * The version after applying this update will be "14.6" Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmCtU9AACgkQZcsbuWJ6 jjAtCQ//auqQ5YsUCBz4i00PEoOfnZiFYGfXzFlA4uYymaH0vCABC4KOg9HqjZHa krqB08YNp79k7Q+nXbCy4DHw10Pm2DGoDjvgk+sR46FhNC5kRVvYhNmRQ4sInT31 Nq55YvwU1pSW0Mlvm2x2EAr3qEJZws2snotb9E5cc/i2XAYKzcoia+jGhjJO8uub 4a4Cbg0HkDxpFKDty0RRlCm19DLt2haGjf+HLC0sFlaKMZTG+OPvomszPTB6gXXp RWHc9a6jLg0gi6GRMTTd8Y0QasZrCN17VbjRgM+zXVOq3Q+pZ4/ny6jqs9WW4FCL P//0DKnaYFpOBcGzqGt3fh1BEQGuCcsYhjTP1NifAnviXNC5Q9DOlFbJEBDl6Ngo IlbLSBpllWd+usrAFSxCAaw28xsjJzNbqMlGQfj/xg1l7xHqczmryszBW5n3F92p XXYMJeUrQd7gWJSK3lPmHBjJug0wdHqL0mMkTafyTtbCuDZBAKcPwDQAjv/O6o72 LBCVjFR6AJVoiqhteT5HtRG9S8TItV3p9lizA4Q9Yt93HI9gIe1dwKUgC5Kdoxjd Oo57UvtUooV3aRl4SnBxh0eHiSu76gvBcsv4ZPaNCXT+OzE/cBoGaW5FJ/mB4Gwc 8drcqnRsF1i6qnvmBmcq180ucKmxW1zZyjUqt2Fvigygzl5dwx4= =Q8uh -----END PGP SIGNATURE----- . Apple is aware of a report that this issue may have been actively exploited. Apple is aware of a report that this issue may have been actively exploited. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: GNOME security, bug fix, and enhancement update Advisory ID: RHSA-2021:4381-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:4381 Issue date: 2021-11-09 CVE Names: CVE-2020-13558 CVE-2020-24870 CVE-2020-27918 CVE-2020-29623 CVE-2020-36241 CVE-2021-1765 CVE-2021-1788 CVE-2021-1789 CVE-2021-1799 CVE-2021-1801 CVE-2021-1844 CVE-2021-1870 CVE-2021-1871 CVE-2021-21775 CVE-2021-21779 CVE-2021-21806 CVE-2021-28650 CVE-2021-30663 CVE-2021-30665 CVE-2021-30682 CVE-2021-30689 CVE-2021-30720 CVE-2021-30734 CVE-2021-30744 CVE-2021-30749 CVE-2021-30758 CVE-2021-30795 CVE-2021-30797 CVE-2021-30799 ==================================================================== 1. Summary: An update for GNOME is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux CRB (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: GNOME is the default desktop environment of Red Hat Enterprise Linux. The following packages have been upgraded to a later upstream version: gdm (40.0), webkit2gtk3 (2.32.3). (BZ#1909300) Security Fix(es): * webkitgtk: Use-after-free in AudioSourceProviderGStreamer leading to arbitrary code execution (CVE-2020-13558) * LibRaw: Stack buffer overflow in LibRaw::identify_process_dng_fields() in identify.cpp (CVE-2020-24870) * webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2020-27918) * webkitgtk: IFrame sandboxing policy violation (CVE-2021-1765) * webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2021-1788) * webkitgtk: Type confusion issue leading to arbitrary code execution (CVE-2021-1789) * webkitgtk: Access to restricted ports on arbitrary servers via port redirection (CVE-2021-1799) * webkitgtk: IFrame sandboxing policy violation (CVE-2021-1801) * webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2021-1844) * webkitgtk: Logic issue leading to arbitrary code execution (CVE-2021-1870) * webkitgtk: Logic issue leading to arbitrary code execution (CVE-2021-1871) * webkitgtk: Use-after-free in ImageLoader dispatchPendingErrorEvent leading to information leak and possibly code execution (CVE-2021-21775) * webkitgtk: Use-after-free in WebCore::GraphicsContext leading to information leak and possibly code execution (CVE-2021-21779) * webkitgtk: Use-after-free in fireEventListeners leading to arbitrary code execution (CVE-2021-21806) * webkitgtk: Integer overflow leading to arbitrary code execution (CVE-2021-30663) * webkitgtk: Memory corruption leading to arbitrary code execution (CVE-2021-30665) * webkitgtk: Logic issue leading to leak of sensitive user information (CVE-2021-30682) * webkitgtk: Logic issue leading to universal cross site scripting attack (CVE-2021-30689) * webkitgtk: Logic issue allowing access to restricted ports on arbitrary servers (CVE-2021-30720) * webkitgtk: Memory corruptions leading to arbitrary code execution (CVE-2021-30734) * webkitgtk: Cross-origin issue with iframe elements leading to universal cross site scripting attack (CVE-2021-30744) * webkitgtk: Memory corruptions leading to arbitrary code execution (CVE-2021-30749) * webkitgtk: Type confusion leading to arbitrary code execution (CVE-2021-30758) * webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2021-30795) * webkitgtk: Insufficient checks leading to arbitrary code execution (CVE-2021-30797) * webkitgtk: Memory corruptions leading to arbitrary code execution (CVE-2021-30799) * webkitgtk: User may be unable to fully delete browsing history (CVE-2020-29623) * gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory (CVE-2020-36241) * gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory (incomplete CVE-2020-36241 fix) (CVE-2021-28650) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 GDM must be restarted for this update to take effect. The GNOME session must be restarted (log out, then log back in) for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1651378 - [RFE] Provide a mechanism for persistently showing the security level of a machine at login time 1770302 - disable show text in GDM login/lock screen (patched in RHEL 7.8) 1791478 - Cannot completely disable odrs (Gnome Ratings) from the Software application in Gnome Desktop 1813727 - Files copied from NFS4 to Desktop can't be opened 1854679 - [RFE] Disable left edge gesture 1873297 - Gnome-software coredumps when run as root in terminal 1873488 - GTK3 prints errors with overlay scrollbar disabled 1888404 - Updates page hides ongoing updates on refresh 1894613 - [RFE] Re-inclusion of workspace renaming in GNOME 3. 1897932 - JS ERROR: Error: Extension point conflict: there is already a status indicator for role ... 1904139 - Automatic Logout Feature not working 1905000 - Desktop refresh broken after unlock 1909300 - gdm isn't killing the login screen on login after all, should rebase to latest release 1914925 - RFE: add patch to set grub boot_success flag on shutdown/reboot 1924725 - [Wayland] Double-touch desktop icons fails sometimes 1925640 - CVE-2020-36241 gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory 1928794 - CVE-2020-24870 LibRaw: Stack buffer overflow in LibRaw::identify_process_dng_fields() in identify.cpp 1928886 - CVE-2020-13558 webkitgtk: Use-after-free in AudioSourceProviderGStreamer leading to arbitrary code execution 1935261 - [RFE] Enable connecting to WiFI and VPN connections at the GDM login 1937416 - Rebase WebKitGTK to 2.32 1937866 - Unable to disable onscreen keyboard in touch screen machine [rhel-8.5.0] 1938937 - Mutter: mouse click doesn't work when using 10-bit graphic monitor [rhel-8.5.0] 1940026 - CVE-2021-28650 gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory (incomplete CVE-2020-36241 fix) 1944323 - CVE-2020-27918 webkitgtk: Use-after-free leading to arbitrary code execution 1944329 - CVE-2020-29623 webkitgtk: User may be unable to fully delete browsing history 1944333 - CVE-2021-1765 webkitgtk: IFrame sandboxing policy violation 1944337 - CVE-2021-1789 webkitgtk: Type confusion issue leading to arbitrary code execution 1944340 - CVE-2021-1799 webkitgtk: Access to restricted ports on arbitrary servers via port redirection 1944343 - CVE-2021-1801 webkitgtk: IFrame sandboxing policy violation 1944350 - CVE-2021-1870 webkitgtk: Logic issue leading to arbitrary code execution 1944859 - CVE-2021-1788 webkitgtk: Use-after-free leading to arbitrary code execution 1944862 - CVE-2021-1844 webkitgtk: Memory corruption issue leading to arbitrary code execution 1944867 - CVE-2021-1871 webkitgtk: Logic issue leading to arbitrary code execution 1949176 - GNOME Shell on Wayland does not generate xauth data, needed for X forwarding over SSH 1951086 - Disable the Facebook provider 1952136 - Disable the Foursquare provider 1955754 - gnome-session kiosk-session support still isn't up to muster 1957705 - RFE: make gnome-calculator internet access attemps configurable system-wide 1960705 - Vino nonfunctional in FIPS mode 1962049 - [Hyper-V][RHEL8.5]gdm: Guest with 1 vcpu start GUI failed on Hyper-V 1971507 - gnome-shell JS ERROR Error calling onComplete: TypeError this._dialog.actor is undefined _hideLockScreenComplete updateTweens 1971534 - gnome-shell[2343]: gsignal.c:2642: instance '0x5583c61f9280' has no handler with id '23831' 1972545 - flatpak: Prefer runtime from the same origin as the application 1978287 - gnome-shell to include / Documented - PolicyKit-authentication-agent 1978505 - Gnome Software development package is missing important header files. 1978612 - pt_BR translations for "Register System" panel 1980441 - CVE-2021-21806 webkitgtk: Use-after-free in fireEventListeners leading to arbitrary code execution 1980661 - "Screen Lock disabled" notification appears on first login after disabling gdm and notification pop-up. 1981420 - Improve style of overview close buttons 1986863 - CVE-2021-21775 webkitgtk: Use-after-free in ImageLoader dispatchPendingErrorEvent leading to information leak and possibly code execution 1986866 - CVE-2021-21779 webkitgtk: Use-after-free in WebCore::GraphicsContext leading to information leak and possibly code execution 1986872 - CVE-2021-30663 webkitgtk: Integer overflow leading to arbitrary code execution 1986874 - CVE-2021-30665 webkitgtk: Memory corruption leading to arbitrary code execution 1986879 - CVE-2021-30682 webkitgtk: Logic issue leading to leak of sensitive user information 1986881 - CVE-2021-30689 webkitgtk: Logic issue leading to universal cross site scripting attack 1986883 - CVE-2021-30720 webkitgtk: Logic issue allowing access to restricted ports on arbitrary servers 1986886 - CVE-2021-30734 webkitgtk: Memory corruptions leading to arbitrary code execution 1986888 - CVE-2021-30744 webkitgtk: Cross-origin issue with iframe elements leading to universal cross site scripting attack 1986890 - CVE-2021-30749 webkitgtk: Memory corruptions leading to arbitrary code execution 1986892 - CVE-2021-30758 webkitgtk: Type confusion leading to arbitrary code execution 1986900 - CVE-2021-30795 webkitgtk: Use-after-free leading to arbitrary code execution 1986902 - CVE-2021-30797 webkitgtk: Insufficient checks leading to arbitrary code execution 1986906 - CVE-2021-30799 webkitgtk: Memory corruptions leading to arbitrary code execution 1987233 - [RHEL8.5]Login screen shows dots when entering username 1989035 - terminal don't redraw if partially off screen 1998989 - [RHEL8.5] [Hyper-V]Cannot display GUI after installed RHEL8.5 recent build 1999120 - Gnome file manager crashes Xwayland/Desktop on drag/drop of files 2004170 - Unable to login to session via xdmcp 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: LibRaw-0.19.5-3.el8.src.rpm accountsservice-0.6.55-2.el8.src.rpm gdm-40.0-15.el8.src.rpm gnome-autoar-0.2.3-2.el8.src.rpm gnome-calculator-3.28.2-2.el8.src.rpm gnome-control-center-3.28.2-28.el8.src.rpm gnome-online-accounts-3.28.2-3.el8.src.rpm gnome-session-3.28.1-13.el8.src.rpm gnome-settings-daemon-3.32.0-16.el8.src.rpm gnome-shell-3.32.2-40.el8.src.rpm gnome-shell-extensions-3.32.1-20.el8.src.rpm gnome-software-3.36.1-10.el8.src.rpm gtk3-3.22.30-8.el8.src.rpm mutter-3.32.2-60.el8.src.rpm vino-3.22.0-11.el8.src.rpm webkit2gtk3-2.32.3-2.el8.src.rpm aarch64: accountsservice-0.6.55-2.el8.aarch64.rpm accountsservice-debuginfo-0.6.55-2.el8.aarch64.rpm accountsservice-debugsource-0.6.55-2.el8.aarch64.rpm accountsservice-libs-0.6.55-2.el8.aarch64.rpm accountsservice-libs-debuginfo-0.6.55-2.el8.aarch64.rpm gdm-40.0-15.el8.aarch64.rpm gdm-debuginfo-40.0-15.el8.aarch64.rpm gdm-debugsource-40.0-15.el8.aarch64.rpm gnome-autoar-0.2.3-2.el8.aarch64.rpm gnome-autoar-debuginfo-0.2.3-2.el8.aarch64.rpm gnome-autoar-debugsource-0.2.3-2.el8.aarch64.rpm gnome-calculator-3.28.2-2.el8.aarch64.rpm gnome-calculator-debuginfo-3.28.2-2.el8.aarch64.rpm gnome-calculator-debugsource-3.28.2-2.el8.aarch64.rpm gnome-control-center-3.28.2-28.el8.aarch64.rpm gnome-control-center-debuginfo-3.28.2-28.el8.aarch64.rpm gnome-control-center-debugsource-3.28.2-28.el8.aarch64.rpm gnome-online-accounts-3.28.2-3.el8.aarch64.rpm gnome-online-accounts-debuginfo-3.28.2-3.el8.aarch64.rpm gnome-online-accounts-debugsource-3.28.2-3.el8.aarch64.rpm gnome-online-accounts-devel-3.28.2-3.el8.aarch64.rpm gnome-session-3.28.1-13.el8.aarch64.rpm gnome-session-debuginfo-3.28.1-13.el8.aarch64.rpm gnome-session-debugsource-3.28.1-13.el8.aarch64.rpm gnome-session-kiosk-session-3.28.1-13.el8.aarch64.rpm gnome-session-wayland-session-3.28.1-13.el8.aarch64.rpm gnome-session-xsession-3.28.1-13.el8.aarch64.rpm gnome-settings-daemon-3.32.0-16.el8.aarch64.rpm gnome-settings-daemon-debuginfo-3.32.0-16.el8.aarch64.rpm gnome-settings-daemon-debugsource-3.32.0-16.el8.aarch64.rpm gnome-shell-3.32.2-40.el8.aarch64.rpm gnome-shell-debuginfo-3.32.2-40.el8.aarch64.rpm gnome-shell-debugsource-3.32.2-40.el8.aarch64.rpm gnome-software-3.36.1-10.el8.aarch64.rpm gnome-software-debuginfo-3.36.1-10.el8.aarch64.rpm gnome-software-debugsource-3.36.1-10.el8.aarch64.rpm gsettings-desktop-schemas-devel-3.32.0-6.el8.aarch64.rpm gtk-update-icon-cache-3.22.30-8.el8.aarch64.rpm gtk-update-icon-cache-debuginfo-3.22.30-8.el8.aarch64.rpm gtk3-3.22.30-8.el8.aarch64.rpm gtk3-debuginfo-3.22.30-8.el8.aarch64.rpm gtk3-debugsource-3.22.30-8.el8.aarch64.rpm gtk3-devel-3.22.30-8.el8.aarch64.rpm gtk3-devel-debuginfo-3.22.30-8.el8.aarch64.rpm gtk3-immodule-xim-3.22.30-8.el8.aarch64.rpm gtk3-immodule-xim-debuginfo-3.22.30-8.el8.aarch64.rpm gtk3-immodules-debuginfo-3.22.30-8.el8.aarch64.rpm gtk3-tests-debuginfo-3.22.30-8.el8.aarch64.rpm mutter-3.32.2-60.el8.aarch64.rpm mutter-debuginfo-3.32.2-60.el8.aarch64.rpm mutter-debugsource-3.32.2-60.el8.aarch64.rpm mutter-tests-debuginfo-3.32.2-60.el8.aarch64.rpm vino-3.22.0-11.el8.aarch64.rpm vino-debuginfo-3.22.0-11.el8.aarch64.rpm vino-debugsource-3.22.0-11.el8.aarch64.rpm webkit2gtk3-2.32.3-2.el8.aarch64.rpm webkit2gtk3-debuginfo-2.32.3-2.el8.aarch64.rpm webkit2gtk3-debugsource-2.32.3-2.el8.aarch64.rpm webkit2gtk3-devel-2.32.3-2.el8.aarch64.rpm webkit2gtk3-devel-debuginfo-2.32.3-2.el8.aarch64.rpm webkit2gtk3-jsc-2.32.3-2.el8.aarch64.rpm webkit2gtk3-jsc-debuginfo-2.32.3-2.el8.aarch64.rpm webkit2gtk3-jsc-devel-2.32.3-2.el8.aarch64.rpm webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.aarch64.rpm noarch: gnome-classic-session-3.32.1-20.el8.noarch.rpm gnome-control-center-filesystem-3.28.2-28.el8.noarch.rpm gnome-shell-extension-apps-menu-3.32.1-20.el8.noarch.rpm gnome-shell-extension-auto-move-windows-3.32.1-20.el8.noarch.rpm gnome-shell-extension-common-3.32.1-20.el8.noarch.rpm gnome-shell-extension-dash-to-dock-3.32.1-20.el8.noarch.rpm gnome-shell-extension-desktop-icons-3.32.1-20.el8.noarch.rpm gnome-shell-extension-disable-screenshield-3.32.1-20.el8.noarch.rpm gnome-shell-extension-drive-menu-3.32.1-20.el8.noarch.rpm gnome-shell-extension-gesture-inhibitor-3.32.1-20.el8.noarch.rpm gnome-shell-extension-horizontal-workspaces-3.32.1-20.el8.noarch.rpm gnome-shell-extension-launch-new-instance-3.32.1-20.el8.noarch.rpm gnome-shell-extension-native-window-placement-3.32.1-20.el8.noarch.rpm gnome-shell-extension-no-hot-corner-3.32.1-20.el8.noarch.rpm gnome-shell-extension-panel-favorites-3.32.1-20.el8.noarch.rpm gnome-shell-extension-places-menu-3.32.1-20.el8.noarch.rpm gnome-shell-extension-screenshot-window-sizer-3.32.1-20.el8.noarch.rpm gnome-shell-extension-systemMonitor-3.32.1-20.el8.noarch.rpm gnome-shell-extension-top-icons-3.32.1-20.el8.noarch.rpm gnome-shell-extension-updates-dialog-3.32.1-20.el8.noarch.rpm gnome-shell-extension-user-theme-3.32.1-20.el8.noarch.rpm gnome-shell-extension-window-grouper-3.32.1-20.el8.noarch.rpm gnome-shell-extension-window-list-3.32.1-20.el8.noarch.rpm gnome-shell-extension-windowsNavigator-3.32.1-20.el8.noarch.rpm gnome-shell-extension-workspace-indicator-3.32.1-20.el8.noarch.rpm ppc64le: LibRaw-0.19.5-3.el8.ppc64le.rpm LibRaw-debuginfo-0.19.5-3.el8.ppc64le.rpm LibRaw-debugsource-0.19.5-3.el8.ppc64le.rpm LibRaw-samples-debuginfo-0.19.5-3.el8.ppc64le.rpm accountsservice-0.6.55-2.el8.ppc64le.rpm accountsservice-debuginfo-0.6.55-2.el8.ppc64le.rpm accountsservice-debugsource-0.6.55-2.el8.ppc64le.rpm accountsservice-libs-0.6.55-2.el8.ppc64le.rpm accountsservice-libs-debuginfo-0.6.55-2.el8.ppc64le.rpm gdm-40.0-15.el8.ppc64le.rpm gdm-debuginfo-40.0-15.el8.ppc64le.rpm gdm-debugsource-40.0-15.el8.ppc64le.rpm gnome-autoar-0.2.3-2.el8.ppc64le.rpm gnome-autoar-debuginfo-0.2.3-2.el8.ppc64le.rpm gnome-autoar-debugsource-0.2.3-2.el8.ppc64le.rpm gnome-calculator-3.28.2-2.el8.ppc64le.rpm gnome-calculator-debuginfo-3.28.2-2.el8.ppc64le.rpm gnome-calculator-debugsource-3.28.2-2.el8.ppc64le.rpm gnome-control-center-3.28.2-28.el8.ppc64le.rpm gnome-control-center-debuginfo-3.28.2-28.el8.ppc64le.rpm gnome-control-center-debugsource-3.28.2-28.el8.ppc64le.rpm gnome-online-accounts-3.28.2-3.el8.ppc64le.rpm gnome-online-accounts-debuginfo-3.28.2-3.el8.ppc64le.rpm gnome-online-accounts-debugsource-3.28.2-3.el8.ppc64le.rpm gnome-online-accounts-devel-3.28.2-3.el8.ppc64le.rpm gnome-session-3.28.1-13.el8.ppc64le.rpm gnome-session-debuginfo-3.28.1-13.el8.ppc64le.rpm gnome-session-debugsource-3.28.1-13.el8.ppc64le.rpm gnome-session-kiosk-session-3.28.1-13.el8.ppc64le.rpm gnome-session-wayland-session-3.28.1-13.el8.ppc64le.rpm gnome-session-xsession-3.28.1-13.el8.ppc64le.rpm gnome-settings-daemon-3.32.0-16.el8.ppc64le.rpm gnome-settings-daemon-debuginfo-3.32.0-16.el8.ppc64le.rpm gnome-settings-daemon-debugsource-3.32.0-16.el8.ppc64le.rpm gnome-shell-3.32.2-40.el8.ppc64le.rpm gnome-shell-debuginfo-3.32.2-40.el8.ppc64le.rpm gnome-shell-debugsource-3.32.2-40.el8.ppc64le.rpm gnome-software-3.36.1-10.el8.ppc64le.rpm gnome-software-debuginfo-3.36.1-10.el8.ppc64le.rpm gnome-software-debugsource-3.36.1-10.el8.ppc64le.rpm gsettings-desktop-schemas-devel-3.32.0-6.el8.ppc64le.rpm gtk-update-icon-cache-3.22.30-8.el8.ppc64le.rpm gtk-update-icon-cache-debuginfo-3.22.30-8.el8.ppc64le.rpm gtk3-3.22.30-8.el8.ppc64le.rpm gtk3-debuginfo-3.22.30-8.el8.ppc64le.rpm gtk3-debugsource-3.22.30-8.el8.ppc64le.rpm gtk3-devel-3.22.30-8.el8.ppc64le.rpm gtk3-devel-debuginfo-3.22.30-8.el8.ppc64le.rpm gtk3-immodule-xim-3.22.30-8.el8.ppc64le.rpm gtk3-immodule-xim-debuginfo-3.22.30-8.el8.ppc64le.rpm gtk3-immodules-debuginfo-3.22.30-8.el8.ppc64le.rpm gtk3-tests-debuginfo-3.22.30-8.el8.ppc64le.rpm mutter-3.32.2-60.el8.ppc64le.rpm mutter-debuginfo-3.32.2-60.el8.ppc64le.rpm mutter-debugsource-3.32.2-60.el8.ppc64le.rpm mutter-tests-debuginfo-3.32.2-60.el8.ppc64le.rpm vino-3.22.0-11.el8.ppc64le.rpm vino-debuginfo-3.22.0-11.el8.ppc64le.rpm vino-debugsource-3.22.0-11.el8.ppc64le.rpm webkit2gtk3-2.32.3-2.el8.ppc64le.rpm webkit2gtk3-debuginfo-2.32.3-2.el8.ppc64le.rpm webkit2gtk3-debugsource-2.32.3-2.el8.ppc64le.rpm webkit2gtk3-devel-2.32.3-2.el8.ppc64le.rpm webkit2gtk3-devel-debuginfo-2.32.3-2.el8.ppc64le.rpm webkit2gtk3-jsc-2.32.3-2.el8.ppc64le.rpm webkit2gtk3-jsc-debuginfo-2.32.3-2.el8.ppc64le.rpm webkit2gtk3-jsc-devel-2.32.3-2.el8.ppc64le.rpm webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.ppc64le.rpm s390x: accountsservice-0.6.55-2.el8.s390x.rpm accountsservice-debuginfo-0.6.55-2.el8.s390x.rpm accountsservice-debugsource-0.6.55-2.el8.s390x.rpm accountsservice-libs-0.6.55-2.el8.s390x.rpm accountsservice-libs-debuginfo-0.6.55-2.el8.s390x.rpm gdm-40.0-15.el8.s390x.rpm gdm-debuginfo-40.0-15.el8.s390x.rpm gdm-debugsource-40.0-15.el8.s390x.rpm gnome-autoar-0.2.3-2.el8.s390x.rpm gnome-autoar-debuginfo-0.2.3-2.el8.s390x.rpm gnome-autoar-debugsource-0.2.3-2.el8.s390x.rpm gnome-calculator-3.28.2-2.el8.s390x.rpm gnome-calculator-debuginfo-3.28.2-2.el8.s390x.rpm gnome-calculator-debugsource-3.28.2-2.el8.s390x.rpm gnome-control-center-3.28.2-28.el8.s390x.rpm gnome-control-center-debuginfo-3.28.2-28.el8.s390x.rpm gnome-control-center-debugsource-3.28.2-28.el8.s390x.rpm gnome-online-accounts-3.28.2-3.el8.s390x.rpm gnome-online-accounts-debuginfo-3.28.2-3.el8.s390x.rpm gnome-online-accounts-debugsource-3.28.2-3.el8.s390x.rpm gnome-online-accounts-devel-3.28.2-3.el8.s390x.rpm gnome-session-3.28.1-13.el8.s390x.rpm gnome-session-debuginfo-3.28.1-13.el8.s390x.rpm gnome-session-debugsource-3.28.1-13.el8.s390x.rpm gnome-session-kiosk-session-3.28.1-13.el8.s390x.rpm gnome-session-wayland-session-3.28.1-13.el8.s390x.rpm gnome-session-xsession-3.28.1-13.el8.s390x.rpm gnome-settings-daemon-3.32.0-16.el8.s390x.rpm gnome-settings-daemon-debuginfo-3.32.0-16.el8.s390x.rpm gnome-settings-daemon-debugsource-3.32.0-16.el8.s390x.rpm gnome-shell-3.32.2-40.el8.s390x.rpm gnome-shell-debuginfo-3.32.2-40.el8.s390x.rpm gnome-shell-debugsource-3.32.2-40.el8.s390x.rpm gnome-software-3.36.1-10.el8.s390x.rpm gnome-software-debuginfo-3.36.1-10.el8.s390x.rpm gnome-software-debugsource-3.36.1-10.el8.s390x.rpm gsettings-desktop-schemas-devel-3.32.0-6.el8.s390x.rpm gtk-update-icon-cache-3.22.30-8.el8.s390x.rpm gtk-update-icon-cache-debuginfo-3.22.30-8.el8.s390x.rpm gtk3-3.22.30-8.el8.s390x.rpm gtk3-debuginfo-3.22.30-8.el8.s390x.rpm gtk3-debugsource-3.22.30-8.el8.s390x.rpm gtk3-devel-3.22.30-8.el8.s390x.rpm gtk3-devel-debuginfo-3.22.30-8.el8.s390x.rpm gtk3-immodule-xim-3.22.30-8.el8.s390x.rpm gtk3-immodule-xim-debuginfo-3.22.30-8.el8.s390x.rpm gtk3-immodules-debuginfo-3.22.30-8.el8.s390x.rpm gtk3-tests-debuginfo-3.22.30-8.el8.s390x.rpm mutter-3.32.2-60.el8.s390x.rpm mutter-debuginfo-3.32.2-60.el8.s390x.rpm mutter-debugsource-3.32.2-60.el8.s390x.rpm mutter-tests-debuginfo-3.32.2-60.el8.s390x.rpm vino-3.22.0-11.el8.s390x.rpm vino-debuginfo-3.22.0-11.el8.s390x.rpm vino-debugsource-3.22.0-11.el8.s390x.rpm webkit2gtk3-2.32.3-2.el8.s390x.rpm webkit2gtk3-debuginfo-2.32.3-2.el8.s390x.rpm webkit2gtk3-debugsource-2.32.3-2.el8.s390x.rpm webkit2gtk3-devel-2.32.3-2.el8.s390x.rpm webkit2gtk3-devel-debuginfo-2.32.3-2.el8.s390x.rpm webkit2gtk3-jsc-2.32.3-2.el8.s390x.rpm webkit2gtk3-jsc-debuginfo-2.32.3-2.el8.s390x.rpm webkit2gtk3-jsc-devel-2.32.3-2.el8.s390x.rpm webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.s390x.rpm x86_64: LibRaw-0.19.5-3.el8.i686.rpm LibRaw-0.19.5-3.el8.x86_64.rpm LibRaw-debuginfo-0.19.5-3.el8.i686.rpm LibRaw-debuginfo-0.19.5-3.el8.x86_64.rpm LibRaw-debugsource-0.19.5-3.el8.i686.rpm LibRaw-debugsource-0.19.5-3.el8.x86_64.rpm LibRaw-samples-debuginfo-0.19.5-3.el8.i686.rpm LibRaw-samples-debuginfo-0.19.5-3.el8.x86_64.rpm accountsservice-0.6.55-2.el8.x86_64.rpm accountsservice-debuginfo-0.6.55-2.el8.i686.rpm accountsservice-debuginfo-0.6.55-2.el8.x86_64.rpm accountsservice-debugsource-0.6.55-2.el8.i686.rpm accountsservice-debugsource-0.6.55-2.el8.x86_64.rpm accountsservice-libs-0.6.55-2.el8.i686.rpm accountsservice-libs-0.6.55-2.el8.x86_64.rpm accountsservice-libs-debuginfo-0.6.55-2.el8.i686.rpm accountsservice-libs-debuginfo-0.6.55-2.el8.x86_64.rpm gdm-40.0-15.el8.i686.rpm gdm-40.0-15.el8.x86_64.rpm gdm-debuginfo-40.0-15.el8.i686.rpm gdm-debuginfo-40.0-15.el8.x86_64.rpm gdm-debugsource-40.0-15.el8.i686.rpm gdm-debugsource-40.0-15.el8.x86_64.rpm gnome-autoar-0.2.3-2.el8.i686.rpm gnome-autoar-0.2.3-2.el8.x86_64.rpm gnome-autoar-debuginfo-0.2.3-2.el8.i686.rpm gnome-autoar-debuginfo-0.2.3-2.el8.x86_64.rpm gnome-autoar-debugsource-0.2.3-2.el8.i686.rpm gnome-autoar-debugsource-0.2.3-2.el8.x86_64.rpm gnome-calculator-3.28.2-2.el8.x86_64.rpm gnome-calculator-debuginfo-3.28.2-2.el8.x86_64.rpm gnome-calculator-debugsource-3.28.2-2.el8.x86_64.rpm gnome-control-center-3.28.2-28.el8.x86_64.rpm gnome-control-center-debuginfo-3.28.2-28.el8.x86_64.rpm gnome-control-center-debugsource-3.28.2-28.el8.x86_64.rpm gnome-online-accounts-3.28.2-3.el8.i686.rpm gnome-online-accounts-3.28.2-3.el8.x86_64.rpm gnome-online-accounts-debuginfo-3.28.2-3.el8.i686.rpm gnome-online-accounts-debuginfo-3.28.2-3.el8.x86_64.rpm gnome-online-accounts-debugsource-3.28.2-3.el8.i686.rpm gnome-online-accounts-debugsource-3.28.2-3.el8.x86_64.rpm gnome-online-accounts-devel-3.28.2-3.el8.i686.rpm gnome-online-accounts-devel-3.28.2-3.el8.x86_64.rpm gnome-session-3.28.1-13.el8.x86_64.rpm gnome-session-debuginfo-3.28.1-13.el8.x86_64.rpm gnome-session-debugsource-3.28.1-13.el8.x86_64.rpm gnome-session-kiosk-session-3.28.1-13.el8.x86_64.rpm gnome-session-wayland-session-3.28.1-13.el8.x86_64.rpm gnome-session-xsession-3.28.1-13.el8.x86_64.rpm gnome-settings-daemon-3.32.0-16.el8.x86_64.rpm gnome-settings-daemon-debuginfo-3.32.0-16.el8.x86_64.rpm gnome-settings-daemon-debugsource-3.32.0-16.el8.x86_64.rpm gnome-shell-3.32.2-40.el8.x86_64.rpm gnome-shell-debuginfo-3.32.2-40.el8.x86_64.rpm gnome-shell-debugsource-3.32.2-40.el8.x86_64.rpm gnome-software-3.36.1-10.el8.x86_64.rpm gnome-software-debuginfo-3.36.1-10.el8.x86_64.rpm gnome-software-debugsource-3.36.1-10.el8.x86_64.rpm gsettings-desktop-schemas-3.32.0-6.el8.i686.rpm gsettings-desktop-schemas-devel-3.32.0-6.el8.i686.rpm gsettings-desktop-schemas-devel-3.32.0-6.el8.x86_64.rpm gtk-update-icon-cache-3.22.30-8.el8.x86_64.rpm gtk-update-icon-cache-debuginfo-3.22.30-8.el8.i686.rpm gtk-update-icon-cache-debuginfo-3.22.30-8.el8.x86_64.rpm gtk3-3.22.30-8.el8.i686.rpm gtk3-3.22.30-8.el8.x86_64.rpm gtk3-debuginfo-3.22.30-8.el8.i686.rpm gtk3-debuginfo-3.22.30-8.el8.x86_64.rpm gtk3-debugsource-3.22.30-8.el8.i686.rpm gtk3-debugsource-3.22.30-8.el8.x86_64.rpm gtk3-devel-3.22.30-8.el8.i686.rpm gtk3-devel-3.22.30-8.el8.x86_64.rpm gtk3-devel-debuginfo-3.22.30-8.el8.i686.rpm gtk3-devel-debuginfo-3.22.30-8.el8.x86_64.rpm gtk3-immodule-xim-3.22.30-8.el8.x86_64.rpm gtk3-immodule-xim-debuginfo-3.22.30-8.el8.i686.rpm gtk3-immodule-xim-debuginfo-3.22.30-8.el8.x86_64.rpm gtk3-immodules-debuginfo-3.22.30-8.el8.i686.rpm gtk3-immodules-debuginfo-3.22.30-8.el8.x86_64.rpm gtk3-tests-debuginfo-3.22.30-8.el8.i686.rpm gtk3-tests-debuginfo-3.22.30-8.el8.x86_64.rpm mutter-3.32.2-60.el8.i686.rpm mutter-3.32.2-60.el8.x86_64.rpm mutter-debuginfo-3.32.2-60.el8.i686.rpm mutter-debuginfo-3.32.2-60.el8.x86_64.rpm mutter-debugsource-3.32.2-60.el8.i686.rpm mutter-debugsource-3.32.2-60.el8.x86_64.rpm mutter-tests-debuginfo-3.32.2-60.el8.i686.rpm mutter-tests-debuginfo-3.32.2-60.el8.x86_64.rpm vino-3.22.0-11.el8.x86_64.rpm vino-debuginfo-3.22.0-11.el8.x86_64.rpm vino-debugsource-3.22.0-11.el8.x86_64.rpm webkit2gtk3-2.32.3-2.el8.i686.rpm webkit2gtk3-2.32.3-2.el8.x86_64.rpm webkit2gtk3-debuginfo-2.32.3-2.el8.i686.rpm webkit2gtk3-debuginfo-2.32.3-2.el8.x86_64.rpm webkit2gtk3-debugsource-2.32.3-2.el8.i686.rpm webkit2gtk3-debugsource-2.32.3-2.el8.x86_64.rpm webkit2gtk3-devel-2.32.3-2.el8.i686.rpm webkit2gtk3-devel-2.32.3-2.el8.x86_64.rpm webkit2gtk3-devel-debuginfo-2.32.3-2.el8.i686.rpm webkit2gtk3-devel-debuginfo-2.32.3-2.el8.x86_64.rpm webkit2gtk3-jsc-2.32.3-2.el8.i686.rpm webkit2gtk3-jsc-2.32.3-2.el8.x86_64.rpm webkit2gtk3-jsc-debuginfo-2.32.3-2.el8.i686.rpm webkit2gtk3-jsc-debuginfo-2.32.3-2.el8.x86_64.rpm webkit2gtk3-jsc-devel-2.32.3-2.el8.i686.rpm webkit2gtk3-jsc-devel-2.32.3-2.el8.x86_64.rpm webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.i686.rpm webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.x86_64.rpm Red Hat Enterprise Linux BaseOS (v. 8): Source: gsettings-desktop-schemas-3.32.0-6.el8.src.rpm aarch64: gsettings-desktop-schemas-3.32.0-6.el8.aarch64.rpm ppc64le: gsettings-desktop-schemas-3.32.0-6.el8.ppc64le.rpm s390x: gsettings-desktop-schemas-3.32.0-6.el8.s390x.rpm x86_64: gsettings-desktop-schemas-3.32.0-6.el8.x86_64.rpm Red Hat Enterprise Linux CRB (v. 8): aarch64: accountsservice-debuginfo-0.6.55-2.el8.aarch64.rpm accountsservice-debugsource-0.6.55-2.el8.aarch64.rpm accountsservice-devel-0.6.55-2.el8.aarch64.rpm accountsservice-libs-debuginfo-0.6.55-2.el8.aarch64.rpm gnome-software-debuginfo-3.36.1-10.el8.aarch64.rpm gnome-software-debugsource-3.36.1-10.el8.aarch64.rpm gnome-software-devel-3.36.1-10.el8.aarch64.rpm mutter-debuginfo-3.32.2-60.el8.aarch64.rpm mutter-debugsource-3.32.2-60.el8.aarch64.rpm mutter-devel-3.32.2-60.el8.aarch64.rpm mutter-tests-debuginfo-3.32.2-60.el8.aarch64.rpm ppc64le: LibRaw-debuginfo-0.19.5-3.el8.ppc64le.rpm LibRaw-debugsource-0.19.5-3.el8.ppc64le.rpm LibRaw-devel-0.19.5-3.el8.ppc64le.rpm LibRaw-samples-debuginfo-0.19.5-3.el8.ppc64le.rpm accountsservice-debuginfo-0.6.55-2.el8.ppc64le.rpm accountsservice-debugsource-0.6.55-2.el8.ppc64le.rpm accountsservice-devel-0.6.55-2.el8.ppc64le.rpm accountsservice-libs-debuginfo-0.6.55-2.el8.ppc64le.rpm gnome-software-debuginfo-3.36.1-10.el8.ppc64le.rpm gnome-software-debugsource-3.36.1-10.el8.ppc64le.rpm gnome-software-devel-3.36.1-10.el8.ppc64le.rpm mutter-debuginfo-3.32.2-60.el8.ppc64le.rpm mutter-debugsource-3.32.2-60.el8.ppc64le.rpm mutter-devel-3.32.2-60.el8.ppc64le.rpm mutter-tests-debuginfo-3.32.2-60.el8.ppc64le.rpm s390x: accountsservice-debuginfo-0.6.55-2.el8.s390x.rpm accountsservice-debugsource-0.6.55-2.el8.s390x.rpm accountsservice-devel-0.6.55-2.el8.s390x.rpm accountsservice-libs-debuginfo-0.6.55-2.el8.s390x.rpm gnome-software-debuginfo-3.36.1-10.el8.s390x.rpm gnome-software-debugsource-3.36.1-10.el8.s390x.rpm gnome-software-devel-3.36.1-10.el8.s390x.rpm mutter-debuginfo-3.32.2-60.el8.s390x.rpm mutter-debugsource-3.32.2-60.el8.s390x.rpm mutter-devel-3.32.2-60.el8.s390x.rpm mutter-tests-debuginfo-3.32.2-60.el8.s390x.rpm x86_64: LibRaw-debuginfo-0.19.5-3.el8.i686.rpm LibRaw-debuginfo-0.19.5-3.el8.x86_64.rpm LibRaw-debugsource-0.19.5-3.el8.i686.rpm LibRaw-debugsource-0.19.5-3.el8.x86_64.rpm LibRaw-devel-0.19.5-3.el8.i686.rpm LibRaw-devel-0.19.5-3.el8.x86_64.rpm LibRaw-samples-debuginfo-0.19.5-3.el8.i686.rpm LibRaw-samples-debuginfo-0.19.5-3.el8.x86_64.rpm accountsservice-debuginfo-0.6.55-2.el8.i686.rpm accountsservice-debuginfo-0.6.55-2.el8.x86_64.rpm accountsservice-debugsource-0.6.55-2.el8.i686.rpm accountsservice-debugsource-0.6.55-2.el8.x86_64.rpm accountsservice-devel-0.6.55-2.el8.i686.rpm accountsservice-devel-0.6.55-2.el8.x86_64.rpm accountsservice-libs-debuginfo-0.6.55-2.el8.i686.rpm accountsservice-libs-debuginfo-0.6.55-2.el8.x86_64.rpm gnome-software-3.36.1-10.el8.i686.rpm gnome-software-debuginfo-3.36.1-10.el8.i686.rpm gnome-software-debuginfo-3.36.1-10.el8.x86_64.rpm gnome-software-debugsource-3.36.1-10.el8.i686.rpm gnome-software-debugsource-3.36.1-10.el8.x86_64.rpm gnome-software-devel-3.36.1-10.el8.i686.rpm gnome-software-devel-3.36.1-10.el8.x86_64.rpm mutter-debuginfo-3.32.2-60.el8.i686.rpm mutter-debuginfo-3.32.2-60.el8.x86_64.rpm mutter-debugsource-3.32.2-60.el8.i686.rpm mutter-debugsource-3.32.2-60.el8.x86_64.rpm mutter-devel-3.32.2-60.el8.i686.rpm mutter-devel-3.32.2-60.el8.x86_64.rpm mutter-tests-debuginfo-3.32.2-60.el8.i686.rpm mutter-tests-debuginfo-3.32.2-60.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-13558 https://access.redhat.com/security/cve/CVE-2020-24870 https://access.redhat.com/security/cve/CVE-2020-27918 https://access.redhat.com/security/cve/CVE-2020-29623 https://access.redhat.com/security/cve/CVE-2020-36241 https://access.redhat.com/security/cve/CVE-2021-1765 https://access.redhat.com/security/cve/CVE-2021-1788 https://access.redhat.com/security/cve/CVE-2021-1789 https://access.redhat.com/security/cve/CVE-2021-1799 https://access.redhat.com/security/cve/CVE-2021-1801 https://access.redhat.com/security/cve/CVE-2021-1844 https://access.redhat.com/security/cve/CVE-2021-1870 https://access.redhat.com/security/cve/CVE-2021-1871 https://access.redhat.com/security/cve/CVE-2021-21775 https://access.redhat.com/security/cve/CVE-2021-21779 https://access.redhat.com/security/cve/CVE-2021-21806 https://access.redhat.com/security/cve/CVE-2021-28650 https://access.redhat.com/security/cve/CVE-2021-30663 https://access.redhat.com/security/cve/CVE-2021-30665 https://access.redhat.com/security/cve/CVE-2021-30682 https://access.redhat.com/security/cve/CVE-2021-30689 https://access.redhat.com/security/cve/CVE-2021-30720 https://access.redhat.com/security/cve/CVE-2021-30734 https://access.redhat.com/security/cve/CVE-2021-30744 https://access.redhat.com/security/cve/CVE-2021-30749 https://access.redhat.com/security/cve/CVE-2021-30758 https://access.redhat.com/security/cve/CVE-2021-30795 https://access.redhat.com/security/cve/CVE-2021-30797 https://access.redhat.com/security/cve/CVE-2021-30799 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/ 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYYrdm9zjgjWX9erEAQhgIA/+KzLn8QVHI3X8x9ufH1+nO8QXQqwTGQ0E awNXP8h4qsL7EGugHrz/KVjwaKJs/erPxh5jGl/xE1ZhngGlyStUpQkI2Y3cP2/3 05jDPPS0QEfG5Y0rlnESyPxtwQTCpqped5P7L8VtKuzRae1HV63onsBB8zpcIFF7 sTKcP6wAAjJDltUjlhnEkkE3G6Dxfv14/UowRAWoT9pa9cP0+KqdhuYKHdt3fCD7 tEItM/SFQGoCF8zvXbvAiUXfZsQ/t/Yik9O6WISTWenaxCcP43Xn7aicsvZMVOvQ w+jnH/hnMLBoPhH2k4PClsDapa/D6IrQIUrwxtgfbC4KRs0fbdrEGCPqs4nl/AdD Migcf4gCMBq0bk3/yKp+/bi+OWwRMmw3ZdkJsOTNrOAkK1UCyrpF1ULyfs+8/OC5 QnXW88fPCwhFj+KSAq5Cqfwm3hrKTCWIT/T1DQBG+J7Y9NgEx+zEXVmWaaA0z+7T qji5aUsIH+TG3t1EwtXABWGGEBRxC+svUoWNJBW1u6qwxfMx5E+hHUHhRewVYLYu SToRXa3cIX23M/XyHNXBgMCpPPw8DeY5aAA1fvKQsuMCLywDg0N3mYhvk1HUNidb Z6HmsLjLrGbkb1AAhP0V0wUuh5P6YJlL6iM49fQgztlHoBO0OAo56GBjAyT3pAAX 2rgR2Ny0wo4=gfrM -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Summary: The Migration Toolkit for Containers (MTC) 1.6.3 is now available. Description: The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Security Fix(es): * mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC) (CVE-2021-3948) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/): 2019088 - "MigrationController" CR displays syntax error when unquiescing applications 2021666 - Route name longer than 63 characters causes direct volume migration to fail 2021668 - "MigrationController" CR ignores the "cluster_subdomain" value for direct volume migration routes 2022017 - CVE-2021-3948 mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC) 2024966 - Manifests not used by Operator Lifecycle Manager must be removed from the MTC 1.6 Operator image 2027196 - "migration-controller" pod goes into "CrashLoopBackoff" state if an invalid registry route is entered on the "Clusters" page of the web console 2027382 - "Copy oc describe/oc logs" window does not close automatically after timeout 2028841 - "rsync-client" container fails during direct volume migration with "Address family not supported by protocol" error 2031793 - "migration-controller" pod goes into "CrashLoopBackOff" state if "MigPlan" CR contains an invalid "includedResources" resource 2039852 - "migration-controller" pod goes into "CrashLoopBackOff" state if "MigPlan" CR contains an invalid "destMigClusterRef" or "srcMigClusterRef" 5. ========================================================================== Ubuntu Security Notice USN-5024-1 July 28, 2021 webkit2gtk vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 21.04 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in WebKitGTK. Software Description: - webkit2gtk: Web content engine library for GTK+ Details: A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 21.04: libjavascriptcoregtk-4.0-18 2.32.3-0ubuntu0.21.04.1 libwebkit2gtk-4.0-37 2.32.3-0ubuntu0.21.04.1 Ubuntu 20.04 LTS: libjavascriptcoregtk-4.0-18 2.32.3-0ubuntu0.20.04.1 libwebkit2gtk-4.0-37 2.32.3-0ubuntu0.20.04.1 Ubuntu 18.04 LTS: libjavascriptcoregtk-4.0-18 2.32.3-0ubuntu0.18.04.1 libwebkit2gtk-4.0-37 2.32.3-0ubuntu0.18.04.1 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any applications that use WebKitGTK, such as Epiphany, to make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202202-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: WebkitGTK+: Multiple vulnerabilities Date: February 01, 2022 Bugs: #779175, #801400, #813489, #819522, #820434, #829723, #831739 ID: 202202-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in the arbitrary execution of code. Background ========= WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-libs/webkit-gtk < 2.34.4 >= 2.34.4 Description ========== Multiple vulnerabilities have been discovered in WebkitGTK+. Please review the CVE identifiers referenced below for details. Workaround ========= There is no known workaround at this time. Resolution ========= All WebkitGTK+ users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.34.4" References ========= [ 1 ] CVE-2021-30848 https://nvd.nist.gov/vuln/detail/CVE-2021-30848 [ 2 ] CVE-2021-30888 https://nvd.nist.gov/vuln/detail/CVE-2021-30888 [ 3 ] CVE-2021-30682 https://nvd.nist.gov/vuln/detail/CVE-2021-30682 [ 4 ] CVE-2021-30889 https://nvd.nist.gov/vuln/detail/CVE-2021-30889 [ 5 ] CVE-2021-30666 https://nvd.nist.gov/vuln/detail/CVE-2021-30666 [ 6 ] CVE-2021-30665 https://nvd.nist.gov/vuln/detail/CVE-2021-30665 [ 7 ] CVE-2021-30890 https://nvd.nist.gov/vuln/detail/CVE-2021-30890 [ 8 ] CVE-2021-30661 https://nvd.nist.gov/vuln/detail/CVE-2021-30661 [ 9 ] WSA-2021-0005 https://webkitgtk.org/security/WSA-2021-0005.html [ 10 ] CVE-2021-30761 https://nvd.nist.gov/vuln/detail/CVE-2021-30761 [ 11 ] CVE-2021-30897 https://nvd.nist.gov/vuln/detail/CVE-2021-30897 [ 12 ] CVE-2021-30823 https://nvd.nist.gov/vuln/detail/CVE-2021-30823 [ 13 ] CVE-2021-30734 https://nvd.nist.gov/vuln/detail/CVE-2021-30734 [ 14 ] CVE-2021-30934 https://nvd.nist.gov/vuln/detail/CVE-2021-30934 [ 15 ] CVE-2021-1871 https://nvd.nist.gov/vuln/detail/CVE-2021-1871 [ 16 ] CVE-2021-30762 https://nvd.nist.gov/vuln/detail/CVE-2021-30762 [ 17 ] WSA-2021-0006 https://webkitgtk.org/security/WSA-2021-0006.html [ 18 ] CVE-2021-30797 https://nvd.nist.gov/vuln/detail/CVE-2021-30797 [ 19 ] CVE-2021-30936 https://nvd.nist.gov/vuln/detail/CVE-2021-30936 [ 20 ] CVE-2021-30663 https://nvd.nist.gov/vuln/detail/CVE-2021-30663 [ 21 ] CVE-2021-1825 https://nvd.nist.gov/vuln/detail/CVE-2021-1825 [ 22 ] CVE-2021-30951 https://nvd.nist.gov/vuln/detail/CVE-2021-30951 [ 23 ] CVE-2021-30952 https://nvd.nist.gov/vuln/detail/CVE-2021-30952 [ 24 ] CVE-2021-1788 https://nvd.nist.gov/vuln/detail/CVE-2021-1788 [ 25 ] CVE-2021-1820 https://nvd.nist.gov/vuln/detail/CVE-2021-1820 [ 26 ] CVE-2021-30953 https://nvd.nist.gov/vuln/detail/CVE-2021-30953 [ 27 ] CVE-2021-30749 https://nvd.nist.gov/vuln/detail/CVE-2021-30749 [ 28 ] CVE-2021-30849 https://nvd.nist.gov/vuln/detail/CVE-2021-30849 [ 29 ] CVE-2021-1826 https://nvd.nist.gov/vuln/detail/CVE-2021-1826 [ 30 ] CVE-2021-30836 https://nvd.nist.gov/vuln/detail/CVE-2021-30836 [ 31 ] CVE-2021-30954 https://nvd.nist.gov/vuln/detail/CVE-2021-30954 [ 32 ] CVE-2021-30984 https://nvd.nist.gov/vuln/detail/CVE-2021-30984 [ 33 ] CVE-2021-30851 https://nvd.nist.gov/vuln/detail/CVE-2021-30851 [ 34 ] CVE-2021-30758 https://nvd.nist.gov/vuln/detail/CVE-2021-30758 [ 35 ] CVE-2021-42762 https://nvd.nist.gov/vuln/detail/CVE-2021-42762 [ 36 ] CVE-2021-1844 https://nvd.nist.gov/vuln/detail/CVE-2021-1844 [ 37 ] CVE-2021-30689 https://nvd.nist.gov/vuln/detail/CVE-2021-30689 [ 38 ] CVE-2021-45482 https://nvd.nist.gov/vuln/detail/CVE-2021-45482 [ 39 ] CVE-2021-30858 https://nvd.nist.gov/vuln/detail/CVE-2021-30858 [ 40 ] CVE-2021-21779 https://nvd.nist.gov/vuln/detail/CVE-2021-21779 [ 41 ] WSA-2021-0004 https://webkitgtk.org/security/WSA-2021-0004.html [ 42 ] CVE-2021-30846 https://nvd.nist.gov/vuln/detail/CVE-2021-30846 [ 43 ] CVE-2021-30744 https://nvd.nist.gov/vuln/detail/CVE-2021-30744 [ 44 ] CVE-2021-30809 https://nvd.nist.gov/vuln/detail/CVE-2021-30809 [ 45 ] CVE-2021-30884 https://nvd.nist.gov/vuln/detail/CVE-2021-30884 [ 46 ] CVE-2021-30720 https://nvd.nist.gov/vuln/detail/CVE-2021-30720 [ 47 ] CVE-2021-30799 https://nvd.nist.gov/vuln/detail/CVE-2021-30799 [ 48 ] CVE-2021-30795 https://nvd.nist.gov/vuln/detail/CVE-2021-30795 [ 49 ] CVE-2021-1817 https://nvd.nist.gov/vuln/detail/CVE-2021-1817 [ 50 ] CVE-2021-21775 https://nvd.nist.gov/vuln/detail/CVE-2021-21775 [ 51 ] CVE-2021-30887 https://nvd.nist.gov/vuln/detail/CVE-2021-30887 [ 52 ] CVE-2021-21806 https://nvd.nist.gov/vuln/detail/CVE-2021-21806 [ 53 ] CVE-2021-30818 https://nvd.nist.gov/vuln/detail/CVE-2021-30818 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202202-01 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4945-1 security@debian.org https://www.debian.org/security/ Alberto Garcia July 28, 2021 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : webkit2gtk CVE ID : CVE-2021-21775 CVE-2021-21779 CVE-2021-30663 CVE-2021-30665 CVE-2021-30689 CVE-2021-30720 CVE-2021-30734 CVE-2021-30744 CVE-2021-30749 CVE-2021-30758 CVE-2021-30795 CVE-2021-30797 CVE-2021-30799 The following vulnerabilities have been discovered in the webkit2gtk web engine: CVE-2021-21775 Marcin Towalski discovered that a specially crafted web page can lead to a potential information leak and further memory corruption. In order to trigger the vulnerability, a victim must be tricked into visiting a malicious webpage. CVE-2021-21779 Marcin Towalski discovered that a specially crafted web page can lead to a potential information leak and further memory corruption. In order to trigger the vulnerability, a victim must be tricked into visiting a malicious webpage. CVE-2021-30720 David Schutz discovered that a malicious website may be able to access restricted ports on arbitrary servers. For the stable distribution (buster), these problems have been fixed in version 2.32.3-1~deb10u1. We recommend that you upgrade your webkit2gtk packages

Trust: 1.8

sources: NVD: CVE-2021-30689 // VULHUB: VHN-390422 // VULMON: CVE-2021-30689 // PACKETSTORM: 162823 // PACKETSTORM: 162824 // PACKETSTORM: 162825 // PACKETSTORM: 164872 // PACKETSTORM: 165631 // PACKETSTORM: 163696 // PACKETSTORM: 165794 // PACKETSTORM: 169087

AFFECTED PRODUCTS

vendor:applemodel:tvosscope:ltversion:14.6

Trust: 1.0

vendor:applemodel:safariscope:ltversion:14.1.1

Trust: 1.0

vendor:applemodel:watchosscope:ltversion:7.5

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:14.6

Trust: 1.0

vendor:applemodel:macosscope:gteversion:11.0

Trust: 1.0

vendor:applemodel:macosscope:ltversion:11.4

Trust: 1.0

vendor:applemodel:ipadosscope:ltversion:14.6

Trust: 1.0

sources: NVD: CVE-2021-30689

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-30689
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202105-1575
value: MEDIUM

Trust: 0.6

VULHUB: VHN-390422
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-30689
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-390422
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-30689
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-390422 // CNNVD: CNNVD-202105-1575 // NVD: CVE-2021-30689

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.1

sources: VULHUB: VHN-390422 // NVD: CVE-2021-30689

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 163696 // CNNVD: CNNVD-202105-1575

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202105-1575

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-390422

PATCH

title:Apple Safari Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=152062

Trust: 0.6

title:Arch Linux Issues: url:https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2021-30689 log

Trust: 0.1

title:Apple: iOS 14.6 and iPadOS 14.6url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=aebc753d2fbbe6784a52339b16fd5417

Trust: 0.1

sources: VULMON: CVE-2021-30689 // CNNVD: CNNVD-202105-1575

EXTERNAL IDS

db:NVDid:CVE-2021-30689

Trust: 2.6

db:PACKETSTORMid:165794

Trust: 0.8

db:PACKETSTORMid:164872

Trust: 0.8

db:PACKETSTORMid:162823

Trust: 0.8

db:CNNVDid:CNNVD-202105-1575

Trust: 0.7

db:PACKETSTORMid:163696

Trust: 0.7

db:CS-HELPid:SB2021052508

Trust: 0.6

db:CS-HELPid:SB2021052506

Trust: 0.6

db:CS-HELPid:SB2021080506

Trust: 0.6

db:CS-HELPid:SB2021072711

Trust: 0.6

db:CS-HELPid:SB2021072919

Trust: 0.6

db:AUSCERTid:ESB-2021.2563

Trust: 0.6

db:AUSCERTid:ESB-2021.2622

Trust: 0.6

db:AUSCERTid:ESB-2021.2787

Trust: 0.6

db:AUSCERTid:ESB-2021.3779

Trust: 0.6

db:AUSCERTid:ESB-2022.0245

Trust: 0.6

db:AUSCERTid:ESB-2021.1794

Trust: 0.6

db:PACKETSTORMid:162825

Trust: 0.2

db:PACKETSTORMid:162824

Trust: 0.2

db:PACKETSTORMid:162827

Trust: 0.1

db:VULHUBid:VHN-390422

Trust: 0.1

db:VULMONid:CVE-2021-30689

Trust: 0.1

db:PACKETSTORMid:165631

Trust: 0.1

db:PACKETSTORMid:169087

Trust: 0.1

sources: VULHUB: VHN-390422 // VULMON: CVE-2021-30689 // PACKETSTORM: 162823 // PACKETSTORM: 162824 // PACKETSTORM: 162825 // PACKETSTORM: 164872 // PACKETSTORM: 165631 // PACKETSTORM: 163696 // PACKETSTORM: 165794 // PACKETSTORM: 169087 // CNNVD: CNNVD-202105-1575 // NVD: CVE-2021-30689

REFERENCES

url:https://support.apple.com/en-us/ht212534

Trust: 2.3

url:https://support.apple.com/en-us/ht212528

Trust: 1.7

url:https://support.apple.com/en-us/ht212529

Trust: 1.7

url:https://support.apple.com/en-us/ht212532

Trust: 1.7

url:https://support.apple.com/en-us/ht212533

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-30689

Trust: 1.3

url:https://access.redhat.com/security/cve/cve-2021-30689

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-21779

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-30749

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.0245

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021080506

Trust: 0.6

url:https://packetstormsecurity.com/files/162823/apple-security-advisory-2021-05-25-1.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021072711

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3779

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2622

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2787

Trust: 0.6

url:https://packetstormsecurity.com/files/163696/ubuntu-security-notice-usn-5024-1.html

Trust: 0.6

url:https://packetstormsecurity.com/files/164872/red-hat-security-advisory-2021-4381-05.html

Trust: 0.6

url:https://vigilance.fr/vulnerability/apple-ios-multiple-vulnerabilities-35513

Trust: 0.6

url:https://vigilance.fr/vulnerability/webkitgtk-multiple-vulnerabilities-36009

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1794

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2563

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021052508

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021052506

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021072919

Trust: 0.6

url:https://packetstormsecurity.com/files/165794/gentoo-linux-security-advisory-202202-01.html

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-30682

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2021-30744

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2021-30663

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2021-30720

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2021-30734

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2021-30665

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-21775

Trust: 0.4

url:https://www.apple.com/support/security/pgp/

Trust: 0.3

url:https://support.apple.com/kb/ht201222

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-30795

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-30758

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-30799

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-30705

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30697

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30698

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30685

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30704

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30707

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30686

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-23841

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30687

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30677

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30700

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30701

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-30744

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-1844

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-21775

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-1871

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-21806

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-30734

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-1871

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-30758

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-1870

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-1801

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-1844

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-36241

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-30797

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-1765

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-30720

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-13558

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-13558

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-28650

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-24870

Trust: 0.2

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-1799

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-21779

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-29623

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-1789

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-27918

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-30749

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-30795

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-30663

Trust: 0.2

url:https://access.redhat.com/security/team/contact/

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-1788

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-30799

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-30665

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-21806

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-30682

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-1788

Trust: 0.2

url:https://bugzilla.redhat.com/):

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30797

Trust: 0.2

url:https://security.archlinux.org/cve-2021-30689

Trust: 0.1

url:https://support.apple.com/kb/ht212528

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30709

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30695

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30708

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30699

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30694

Trust: 0.1

url:https://www.apple.com/itunes/

Trust: 0.1

url:https://support.apple.com/ht212528.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30674

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30693

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30667

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30681

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30691

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30692

Trust: 0.1

url:https://support.apple.com/ht212534.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30715

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30740

Trust: 0.1

url:https://support.apple.com/ht212532.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30710

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30737

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30736

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30727

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30724

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-1765

Trust: 0.1

url:https://access.redhat.com/articles/11258

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:4381

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-1801

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-1870

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-29623

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-1799

Trust: 0.1

url:https://access.redhat.com/security/team/key/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-24870

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-27918

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-1789

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36241

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-28650

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-16135

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3200

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-25013

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-37750

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-25012

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27823

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-35522

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-5827

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3733

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-35524

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3575

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-25013

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-15389

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-25009

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33938

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-27645

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33574

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-5727

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-13435

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-5827

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33929

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-24370

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-43527

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14145

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-5785

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-41617

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-12973

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-20847

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-13751

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33928

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-10001

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-25014

Trust: 0.1

url:https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22946

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-19603

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14145

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-25012

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-35521

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-35942

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-17594

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-18032

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3572

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12762

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-36086

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3778

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-13750

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-13751

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33930

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4658

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22898

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-12762

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-20845

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-16135

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-26927

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-36084

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-20847

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-17541

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3800

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-17594

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-36087

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36331

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3712

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-5785

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-31535

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-5727

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3445

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-13435

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-19603

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22925

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27814

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36330

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-18218

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20232

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4658

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20266

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20321

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-20838

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22876

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27842

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20231

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36332

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14155

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-25010

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-20838

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-10001

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20271

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3948

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22947

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-25014

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27828

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-36085

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-12973

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-20845

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33560

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-17595

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3481

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-42574

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14155

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-25009

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-25010

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-29338

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-35523

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-28153

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-26926

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-13750

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3426

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-18218

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3580

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27843

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3796

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-17595

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27845

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3272

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:0202

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-15389

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27824

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/webkit2gtk/2.32.3-0ubuntu0.20.04.1

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-5024-1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/webkit2gtk/2.32.3-0ubuntu0.18.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/webkit2gtk/2.32.3-0ubuntu0.21.04.1

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30984

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30849

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30953

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-1820

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30851

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30952

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30887

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30762

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30846

Trust: 0.1

url:https://webkitgtk.org/security/wsa-2021-0005.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30884

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30858

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30897

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30936

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30954

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30890

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-1817

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-42762

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30818

Trust: 0.1

url:https://security.gentoo.org/glsa/202202-01

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-45482

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30809

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-1825

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30661

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30666

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-1826

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30951

Trust: 0.1

url:https://webkitgtk.org/security/wsa-2021-0004.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30889

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30823

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30761

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30888

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30934

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30848

Trust: 0.1

url:https://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:https://webkitgtk.org/security/wsa-2021-0006.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30836

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://security-tracker.debian.org/tracker/webkit2gtk

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

sources: VULHUB: VHN-390422 // VULMON: CVE-2021-30689 // PACKETSTORM: 162823 // PACKETSTORM: 162824 // PACKETSTORM: 162825 // PACKETSTORM: 164872 // PACKETSTORM: 165631 // PACKETSTORM: 163696 // PACKETSTORM: 165794 // PACKETSTORM: 169087 // CNNVD: CNNVD-202105-1575 // NVD: CVE-2021-30689

CREDITS

Apple

Trust: 0.3

sources: PACKETSTORM: 162823 // PACKETSTORM: 162824 // PACKETSTORM: 162825

SOURCES

db:VULHUBid:VHN-390422
db:VULMONid:CVE-2021-30689
db:PACKETSTORMid:162823
db:PACKETSTORMid:162824
db:PACKETSTORMid:162825
db:PACKETSTORMid:164872
db:PACKETSTORMid:165631
db:PACKETSTORMid:163696
db:PACKETSTORMid:165794
db:PACKETSTORMid:169087
db:CNNVDid:CNNVD-202105-1575
db:NVDid:CVE-2021-30689

LAST UPDATE DATE

2024-11-11T22:40:41.132000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-390422date:2021-09-17T00:00:00
db:CNNVDid:CNNVD-202105-1575date:2022-07-01T00:00:00
db:NVDid:CVE-2021-30689date:2021-09-17T17:38:11.483

SOURCES RELEASE DATE

db:VULHUBid:VHN-390422date:2021-09-08T00:00:00
db:PACKETSTORMid:162823date:2021-05-26T17:48:03
db:PACKETSTORMid:162824date:2021-05-26T17:48:26
db:PACKETSTORMid:162825date:2021-05-26T17:50:13
db:PACKETSTORMid:164872date:2021-11-10T17:09:58
db:PACKETSTORMid:165631date:2022-01-20T17:48:29
db:PACKETSTORMid:163696date:2021-07-29T13:40:59
db:PACKETSTORMid:165794date:2022-02-01T17:03:05
db:PACKETSTORMid:169087date:2021-07-28T19:12:00
db:CNNVDid:CNNVD-202105-1575date:2021-05-25T00:00:00
db:NVDid:CVE-2021-30689date:2021-09-08T15:15:14.733