{"id":"MGASA-2021-0400","summary":"Updated webkit2 packages fix security vulnerabilities","details":"Updated webkit2 packages fix security vulnerabilities:\n\nA use-after-free vulnerability exists in the way certain events are\nprocessed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A specially\ncrafted web page can lead to a potential information leak and further\nmemory corruption. In order to trigger the vulnerability, a victim must\nbe tricked into visiting a malicious webpage (CVE-2021-21775).\n\nA use-after-free vulnerability exists in the way Webkit GraphicsContext\nhandles certain events in WebKitGTK 2.30.4. A specially crafted web page\ncan lead to a potential information leak and further memory corruption.\nA victim must be tricked into visiting a malicious web page to trigger\nthis vulnerability (CVE-2021-21779).\n\nProcessing maliciously crafted web content may lead to arbitrary code\nexecution (CVE-2021-30663, CVE-2021-30665, CVE-2021-30734, CVE-2021-30749,\nCVE-2021-30758, CVE-2021-30795, CVE-2021-30797, CVE-2021-30799).\n\nProcessing maliciously crafted web content may lead to universal cross\nsite scripting (CVE-2021-30689, CVE-2021-30744).\n\nA malicious website may be able to access restricted ports on arbitrary\nservers (CVE-2021-30720).\n","modified":"2026-04-16T00:08:59.867783626Z","published":"2021-08-14T14:00:09Z","upstream":["CVE-2021-21775","CVE-2021-21779","CVE-2021-30663","CVE-2021-30665","CVE-2021-30689","CVE-2021-30720","CVE-2021-30734","CVE-2021-30744","CVE-2021-30749","CVE-2021-30758","CVE-2021-30795","CVE-2021-30797","CVE-2021-30799"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2021-0400.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=29282"},{"type":"WEB","url":"https://webkitgtk.org/2021/07/09/webkitgtk2.32.2-released.html"},{"type":"WEB","url":"https://webkitgtk.org/2021/07/23/webkitgtk2.32.3-released.html"},{"type":"WEB","url":"https://webkitgtk.org/security/WSA-2021-0004.html"}],"affected":[{"package":{"name":"webkit2","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/webkit2?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.32.3-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0400.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}