Lucene search

K
osvGoogleOSV:RLSA-2021:1586
HistoryMay 18, 2021 - 5:35 a.m.

Moderate: GNOME security, bug fix, and enhancement update

2021-05-1805:35:26
Google
osv.dev
13
gnome
bug fix
enhancement
security
webkit2gtk3
accountsservice
type confusion
use-after-free
out-of-bounds write
glib2
cve-2020-9948
cve-2020-9951
cve-2020-9983
cve-2020-13543
cve-2020-13584
cve-2019-13012
rocky linux 8.4.

AI Score

9.4

Confidence

High

EPSS

0.017

Percentile

87.9%

GNOME is the default desktop environment of Rocky Linux.

The following packages have been upgraded to a later upstream version: accountsservice (0.6.55), webkit2gtk3 (2.30.4). (BZ#1846376, BZ#1883304)

Security Fix(es):

  • webkitgtk: type confusion may lead to arbitrary code execution (CVE-2020-9948)

  • webkitgtk: use-after-free may lead to arbitrary code execution (CVE-2020-9951)

  • webkitgtk: out-of-bounds write may lead to code execution (CVE-2020-9983)

  • webkitgtk: use-after-free may lead to arbitrary code execution (CVE-2020-13543)

  • webkitgtk: use-after-free may lead to arbitrary code execution (CVE-2020-13584)

  • glib2: insecure permissions for files and directories (CVE-2019-13012)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Rocky Linux 8.4 Release Notes linked from the References section.

References