RHSA-2021:4381-01 -- Redhat LibRaw, accountsservice, gdm, gnome-autoar, gnome-calculator, gnome-control-center, gnome-online-accounts, gnome-session, gnome-settings-daemon, gnome-shell, gnome-software, gtk3, mutter, vino, webkit2gtk3, gsettings-desktop-schemas, gtk-update-icon-cache, gnome-classic-sessionID: oval:org.secpod.oval:def:506478 | Date: (C)2021-11-22 (M)2024-05-22 |
Class: PATCH | Family: unix |
GNOME is the default desktop environment of Red Hat Enterprise Linux. The following packages have been upgraded to a later upstream version: gdm , webkit2gtk3 . Security Fix: * webkitgtk: Use-after-free in AudioSourceProviderGStreamer leading to arbitrary code execution * LibRaw: Stack buffer overflow in LibRaw::identify_process_dng_fields in identify.cpp * webkitgtk: Use-after-free leading to arbitrary code execution * webkitgtk: IFrame sandboxing policy violation * webkitgtk: Use-after-free leading to arbitrary code execution * webkitgtk: Type confusion issue leading to arbitrary code execution * webkitgtk: Access to restricted ports on arbitrary servers via port redirection * webkitgtk: IFrame sandboxing policy violation * webkitgtk: Memory corruption issue leading to arbitrary code execution * webkitgtk: Logic issue leading to arbitrary code execution * webkitgtk: Logic issue leading to arbitrary code execution * webkitgtk: Use-after-free in ImageLoader dispatchPendingErrorEvent leading to information leak and possibly code execution * webkitgtk: Use-after-free in WebCore::GraphicsContext leading to information leak and possibly code execution * webkitgtk: Use-after-free in fireEventListeners leading to arbitrary code execution * webkitgtk: Integer overflow leading to arbitrary code execution * webkitgtk: Memory corruption leading to arbitrary code execution * webkitgtk: Logic issue leading to leak of sensitive user information * webkitgtk: Logic issue leading to universal cross site scripting attack * webkitgtk: Logic issue allowing access to restricted ports on arbitrary servers * webkitgtk: Memory corruptions leading to arbitrary code execution * webkitgtk: Cross-origin issue with iframe elements leading to universal cross site scripting attack * webkitgtk: Memory corruptions leading to arbitrary code execution * webkitgtk: Type confusion leading to arbitrary code execution * webkitgtk: Use-after-free leading to arbitrary code execution * webkitgtk: Insufficient checks leading to arbitrary code execution * webkitgtk: Memory corruptions leading to arbitrary code execution * webkitgtk: User may be unable to fully delete browsing history * gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory * gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.
Platform: |
Red Hat Enterprise Linux 8 |
Product: |
LibRaw |
accountsservice |
gdm |
gnome-autoar |
gnome-calculator |
gnome-control-center |
gnome-online-accounts |
gnome-session |
gnome-settings-daemon |
gnome-shell |
gnome-software |
gtk3 |
mutter |
vino |
webkit2gtk3 |
gsettings-desktop-schemas |
gtk-update-icon-cache |
gnome-classic-session |