CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
88.0%
GNOME is the default desktop environment of AlmaLinux.
The following packages have been upgraded to a later upstream version: gdm (40.0), webkit2gtk3 (2.32.3). (BZ#1909300)
Security Fix(es):
webkitgtk: Use-after-free in AudioSourceProviderGStreamer leading to arbitrary code execution (CVE-2020-13558)
LibRaw: Stack buffer overflow in LibRaw::identify_process_dng_fields() in identify.cpp (CVE-2020-24870)
webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2020-27918)
webkitgtk: IFrame sandboxing policy violation (CVE-2021-1765)
webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2021-1788)
webkitgtk: Type confusion issue leading to arbitrary code execution (CVE-2021-1789)
webkitgtk: Access to restricted ports on arbitrary servers via port redirection (CVE-2021-1799)
webkitgtk: IFrame sandboxing policy violation (CVE-2021-1801)
webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2021-1844)
webkitgtk: Logic issue leading to arbitrary code execution (CVE-2021-1870)
webkitgtk: Logic issue leading to arbitrary code execution (CVE-2021-1871)
webkitgtk: Use-after-free in ImageLoader dispatchPendingErrorEvent leading to information leak and possibly code execution (CVE-2021-21775)
webkitgtk: Use-after-free in WebCore::GraphicsContext leading to information leak and possibly code execution (CVE-2021-21779)
webkitgtk: Use-after-free in fireEventListeners leading to arbitrary code execution (CVE-2021-21806)
webkitgtk: Integer overflow leading to arbitrary code execution (CVE-2021-30663)
webkitgtk: Memory corruption leading to arbitrary code execution (CVE-2021-30665)
webkitgtk: Logic issue leading to leak of sensitive user information (CVE-2021-30682)
webkitgtk: Logic issue leading to universal cross site scripting attack (CVE-2021-30689)
webkitgtk: Logic issue allowing access to restricted ports on arbitrary servers (CVE-2021-30720)
webkitgtk: Memory corruptions leading to arbitrary code execution (CVE-2021-30734)
webkitgtk: Cross-origin issue with iframe elements leading to universal cross site scripting attack (CVE-2021-30744)
webkitgtk: Memory corruptions leading to arbitrary code execution (CVE-2021-30749)
webkitgtk: Type confusion leading to arbitrary code execution (CVE-2021-30758)
webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2021-30795)
webkitgtk: Insufficient checks leading to arbitrary code execution (CVE-2021-30797)
webkitgtk: Memory corruptions leading to arbitrary code execution (CVE-2021-30799)
webkitgtk: User may be unable to fully delete browsing history (CVE-2020-29623)
gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory (CVE-2020-36241)
gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory (incomplete CVE-2020-36241 fix) (CVE-2021-28650)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
errata.almalinux.org/8/ALSA-2021-4381.html
vulners.com/cve/CVE-2020-13558
vulners.com/cve/CVE-2020-24870
vulners.com/cve/CVE-2020-27918
vulners.com/cve/CVE-2020-29623
vulners.com/cve/CVE-2020-36241
vulners.com/cve/CVE-2021-1765
vulners.com/cve/CVE-2021-1788
vulners.com/cve/CVE-2021-1789
vulners.com/cve/CVE-2021-1799
vulners.com/cve/CVE-2021-1801
vulners.com/cve/CVE-2021-1844
vulners.com/cve/CVE-2021-1870
vulners.com/cve/CVE-2021-1871
vulners.com/cve/CVE-2021-21775
vulners.com/cve/CVE-2021-21779
vulners.com/cve/CVE-2021-21806
vulners.com/cve/CVE-2021-28650
vulners.com/cve/CVE-2021-30663
vulners.com/cve/CVE-2021-30665
vulners.com/cve/CVE-2021-30682
vulners.com/cve/CVE-2021-30689
vulners.com/cve/CVE-2021-30720
vulners.com/cve/CVE-2021-30734
vulners.com/cve/CVE-2021-30744
vulners.com/cve/CVE-2021-30749
vulners.com/cve/CVE-2021-30758
vulners.com/cve/CVE-2021-30795
vulners.com/cve/CVE-2021-30797
vulners.com/cve/CVE-2021-30799
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
88.0%