The SUSE SLED15 / SLES15 host is affected by multiple webkit2gtk3 vulnerabilities, leading to potential information leaks, memory corruption, and arbitrary code execution
Reporter | Title | Published | Views | Family All 199 |
---|---|---|---|---|
![]() | webkit2gtk - security update | 28 Jul 202100:00 | – | osv |
![]() | webkit2gtk vulnerabilities | 28 Jul 202116:33 | – | osv |
![]() | Moderate: GNOME security, bug fix, and enhancement update | 9 Nov 202109:15 | – | osv |
![]() | Moderate: GNOME security, bug fix, and enhancement update | 9 Nov 202109:15 | – | osv |
![]() | Red Hat Security Advisory: GNOME security, bug fix, and enhancement update | 16 Sep 202405:48 | – | osv |
![]() | Security update for webkit2gtk3 (important) | 3 Aug 202100:00 | – | suse |
![]() | Security update for webkit2gtk3 (important) | 10 Aug 202100:00 | – | suse |
![]() | SUSE: Security Advisory (SUSE-SU-2021:2598-1) | 4 Aug 202100:00 | – | openvas |
![]() | openSUSE: Security Advisory for webkit2gtk3 (openSUSE-SU-2021:1101-1) | 10 Aug 202100:00 | – | openvas |
![]() | Ubuntu: Security Advisory (USN-5024-1) | 29 Jul 202100:00 | – | openvas |
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# SUSE update advisory SUSE-SU-2021:2598-1. The text itself
# is copyright (C) SUSE.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(152202);
script_version("1.9");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/07/13");
script_cve_id(
"CVE-2021-21775",
"CVE-2021-21779",
"CVE-2021-30663",
"CVE-2021-30665",
"CVE-2021-30689",
"CVE-2021-30720",
"CVE-2021-30734",
"CVE-2021-30744",
"CVE-2021-30749",
"CVE-2021-30758",
"CVE-2021-30795",
"CVE-2021-30797",
"CVE-2021-30799"
);
script_xref(name:"SuSE", value:"SUSE-SU-2021:2598-1");
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2021/11/17");
script_name(english:"SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2021:2598-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as
referenced in the SUSE-SU-2021:2598-1 advisory.
- A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of
Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further
memory corruption. In order to trigger the vulnerability, a victim must be tricked into visiting a
malicious webpage. (CVE-2021-21775)
- A use-after-free vulnerability exists in the way Webkit's GraphicsContext handles certain events in
WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory
corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability.
(CVE-2021-21779)
- An integer overflow was addressed with improved input validation. This issue is fixed in iOS 14.5.1 and
iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, Safari 14.1.1, macOS Big Sur 11.3.1. Processing maliciously crafted
web content may lead to arbitrary code execution. (CVE-2021-30663)
- A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS
7.4.1, iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, macOS Big Sur 11.3.1. Processing maliciously
crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may
have been actively exploited.. (CVE-2021-30665)
- A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and
iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content
may lead to universal cross site scripting. (CVE-2021-30689)
- A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and
iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious website may be able to access
restricted ports on arbitrary servers. (CVE-2021-30720)
- Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in
tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing
maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30734, CVE-2021-30749)
- Description: A cross-origin issue with iframe elements was addressed with improved tracking of security
origins. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4,
watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting.
(CVE-2021-30744)
- A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 14.7, Safari
14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to
arbitrary code execution. (CVE-2021-30758)
- A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.7,
Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may
lead to arbitrary code execution. (CVE-2021-30795)
- This issue was addressed with improved checks. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big
Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to code execution.
(CVE-2021-30797)
- Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS
14.7, macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Processing
maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30799)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1188697");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-21775");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-21779");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-30663");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-30665");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-30689");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-30720");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-30734");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-30744");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-30749");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-30758");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-30795");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-30797");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-30799");
# https://lists.suse.com/pipermail/sle-security-updates/2021-August/009247.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?7e605200");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-30799");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2021/04/29");
script_set_attribute(attribute:"patch_publication_date", value:"2021/08/03");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/08/04");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libwebkit2gtk3-lang");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore-4_0");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2-4_0");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension-4_0");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:webkit2gtk3-devel");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item("Host/SuSE/release");
if (isnull(os_release) || os_release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
var os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');
os_ver = os_ver[1];
if (! preg(pattern:"^(SLED15|SLES15)$", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED15 / SLES15', 'SUSE (' + os_ver + ')');
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);
var service_pack = get_kb_item("Host/SuSE/patchlevel");
if (isnull(service_pack)) service_pack = "0";
if (os_ver == "SLED15" && (! preg(pattern:"^(2|3)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLED15 SP2/3", os_ver + " SP" + service_pack);
if (os_ver == "SLES15" && (! preg(pattern:"^(2|3)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLES15 SP2/3", os_ver + " SP" + service_pack);
var pkgs = [
{'reference':'libjavascriptcoregtk-4_0-18-2.32.3-9.1', 'sp':'2', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.2']},
{'reference':'libjavascriptcoregtk-4_0-18-2.32.3-9.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.2']},
{'reference':'libwebkit2gtk-4_0-37-2.32.3-9.1', 'sp':'2', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.2']},
{'reference':'libwebkit2gtk-4_0-37-2.32.3-9.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.2']},
{'reference':'libwebkit2gtk3-lang-2.32.3-9.1', 'sp':'2', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.2']},
{'reference':'libwebkit2gtk3-lang-2.32.3-9.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.2']},
{'reference':'webkit2gtk-4_0-injected-bundles-2.32.3-9.1', 'sp':'2', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.2']},
{'reference':'webkit2gtk-4_0-injected-bundles-2.32.3-9.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.2']},
{'reference':'libjavascriptcoregtk-4_0-18-2.32.3-9.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},
{'reference':'libjavascriptcoregtk-4_0-18-2.32.3-9.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},
{'reference':'libwebkit2gtk-4_0-37-2.32.3-9.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},
{'reference':'libwebkit2gtk-4_0-37-2.32.3-9.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},
{'reference':'libwebkit2gtk3-lang-2.32.3-9.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},
{'reference':'libwebkit2gtk3-lang-2.32.3-9.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},
{'reference':'webkit2gtk-4_0-injected-bundles-2.32.3-9.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},
{'reference':'webkit2gtk-4_0-injected-bundles-2.32.3-9.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},
{'reference':'typelib-1_0-JavaScriptCore-4_0-2.32.3-9.1', 'sp':'2', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-desktop-applications-release-15.2']},
{'reference':'typelib-1_0-JavaScriptCore-4_0-2.32.3-9.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-desktop-applications-release-15.2']},
{'reference':'typelib-1_0-WebKit2-4_0-2.32.3-9.1', 'sp':'2', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-desktop-applications-release-15.2']},
{'reference':'typelib-1_0-WebKit2-4_0-2.32.3-9.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-desktop-applications-release-15.2']},
{'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.32.3-9.1', 'sp':'2', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-desktop-applications-release-15.2']},
{'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.32.3-9.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-desktop-applications-release-15.2']},
{'reference':'webkit2gtk3-devel-2.32.3-9.1', 'sp':'2', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-desktop-applications-release-15.2']},
{'reference':'webkit2gtk3-devel-2.32.3-9.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-desktop-applications-release-15.2']},
{'reference':'typelib-1_0-JavaScriptCore-4_0-2.32.3-9.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-desktop-applications-release-15.3']},
{'reference':'typelib-1_0-JavaScriptCore-4_0-2.32.3-9.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-desktop-applications-release-15.3']},
{'reference':'typelib-1_0-WebKit2-4_0-2.32.3-9.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-desktop-applications-release-15.3']},
{'reference':'typelib-1_0-WebKit2-4_0-2.32.3-9.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-desktop-applications-release-15.3']},
{'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.32.3-9.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-desktop-applications-release-15.3']},
{'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.32.3-9.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-desktop-applications-release-15.3']},
{'reference':'webkit2gtk3-devel-2.32.3-9.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-desktop-applications-release-15.3']},
{'reference':'webkit2gtk3-devel-2.32.3-9.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-desktop-applications-release-15.3']}
];
var ltss_caveat_required = FALSE;
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var exists_check = NULL;
var rpm_spec_vers_cmp = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (reference && _release) {
if (exists_check) {
var check_flag = 0;
foreach var check (exists_check) {
if (!rpm_exists(release:_release, rpm:check)) continue;
check_flag++;
}
if (!check_flag) continue;
}
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libjavascriptcoregtk-4_0-18 / libwebkit2gtk-4_0-37 / etc');
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo