Amazon Linux 2022 : webkit2gtk3, webkit2gtk3-devel, webkit2gtk3-jsc (ALAS2022-2022-015)

high Nessus Plugin ID 212457

Synopsis

The remote Amazon Linux 2022 host is missing a security update.

Description

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-015 advisory.

A use-after-free flaw was found in WebKitGTK. Specially crafted web content could use this flaw to trigger an arbitrary code execution when processed. (CVE-2021-30809)

A confusion type flaw was found in WebKitGTK. Specially crafted web content could use this flaw to trigger an arbitrary code execution when processed. (CVE-2021-30818)

A logic issue was found in WebKitGTK. An attacker in a privileged network position could use this flaw to bypass HSTS. (CVE-2021-30823)

An out-of-bounds read flaw was found in WebKitGTK. A specially crafted audio file could use this flaw to trigger a disclosure of memory when processed. (CVE-2021-30836)

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30846)

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, Safari 15, iOS 15 and iPadOS 15. Processing maliciously crafted web content may lead to code execution. (CVE-2021-30848)

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, watchOS 8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, iTunes 12.12 for Windows.
Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30849)

A memory corruption vulnerability was addressed with improved locking. This issue is fixed in Safari 15, tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing maliciously crafted web content may lead to code execution. (CVE-2021-30851)

A flaw was found in webkitgtk. This flaw could allow an attacker to use maliciously crafted web content leading to arbitrary code execution. (CVE-2021-30858)

A flaw was found in the way WebKitGTK performed CSS compositing. A malicious web site could possibly use this flaw to reveal user's browsing history. (CVE-2021-30884)

An information leak flaw was found in WebKitGTK. A malicious web site using Content Security Policy reports could use this flaw to leak information via redirects. (CVE-2021-30888)

A buffer overflow flaw was found in WebKitGTK. Specially crafted web content could use this flaw to trigger an arbitrary code execution when processed. (CVE-2021-30889)

A flaw was found in the resource timing API specification and its implementation in WebKitGTK. A malicious web site could use this flaw to trigger a cross-domain data exfiltration. (CVE-2021-30897)

BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace. The impact is limited to host services that create UNIX sockets that WebKit mounts inside its sandbox, and the sandboxed process remains otherwise confined. NOTE: this is similar to CVE-2021-41133. (CVE-2021-42762)

A segmentation violation vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. (CVE-2021-45481)

A use-after-free vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. (CVE-2021-45482)

A use-after-free vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. (CVE-2021-45483)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'dnf update --releasever=2022.0.20220125 webkit2gtk3' to update your system.

Plugin Details

Severity: High

ID: 212457

File Name: al2022_ALAS2022-2022-015.nasl

Version: 1.2

Type: local

Agent: unix

Family: Amazon Linux Local Security Checks

Published: 12/11/2024

Updated: 12/12/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.6

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2021-30889

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 8.2

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:amazon:linux:webkit2gtk3-jsc-devel-debuginfo, p-cpe:/a:amazon:linux:webkit2gtk3-devel-debuginfo, p-cpe:/a:amazon:linux:webkit2gtk3, p-cpe:/a:amazon:linux:webkit2gtk3-debuginfo, p-cpe:/a:amazon:linux:webkit2gtk3-jsc, cpe:/o:amazon:linux:2022, p-cpe:/a:amazon:linux:webkit2gtk3-debugsource, p-cpe:/a:amazon:linux:webkit2gtk3-jsc-debuginfo, p-cpe:/a:amazon:linux:webkit2gtk3-jsc-devel, p-cpe:/a:amazon:linux:webkit2gtk3-devel, p-cpe:/a:amazon:linux:webkit2gtk3-doc

Required KB Items: Host/local_checks_enabled, Host/AmazonLinux/release, Host/AmazonLinux/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/25/2022

Vulnerability Publication Date: 8/24/2021

CISA Known Exploited Vulnerability Due Dates: 11/17/2021

Reference Information

CVE: CVE-2021-30809, CVE-2021-30818, CVE-2021-30823, CVE-2021-30836, CVE-2021-30846, CVE-2021-30848, CVE-2021-30849, CVE-2021-30851, CVE-2021-30858, CVE-2021-30884, CVE-2021-30888, CVE-2021-30889, CVE-2021-30897, CVE-2021-42762, CVE-2021-45481, CVE-2021-45482, CVE-2021-45483

Detections

Analytics