var-202109-1315
Vulnerability from variot
A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 7.4.1, iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. Apple Safari is a web browser of Apple (Apple), the default browser included with Mac OS X and iOS operating systems. A buffer error vulnerability exists in Apple Safari that stems from a bounds error in WebKit. A remote attacker could exploit this vulnerability to execute arbitrary code on the target system. The following products and versions are affected: Apple Safari: 14.0, 14.0.1, 14.0.2, 14.0.3, 14.0.3-14610.4.3.1.7, 14.0.3-15610.4.3.1.7, 14.1. APPLE-SA-2021-05-03-3 watchOS 7.4.1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Debian Security Advisory DSA-4945-1 security@debian.org https://www.debian.org/security/ Alberto Garcia July 28, 2021 https://www.debian.org/security/faq
Package : webkit2gtk CVE ID : CVE-2021-21775 CVE-2021-21779 CVE-2021-30663 CVE-2021-30665 CVE-2021-30689 CVE-2021-30720 CVE-2021-30734 CVE-2021-30744 CVE-2021-30749 CVE-2021-30758 CVE-2021-30795 CVE-2021-30797 CVE-2021-30799
The following vulnerabilities have been discovered in the webkit2gtk web engine:
CVE-2021-21775
Marcin Towalski discovered that a specially crafted web page can
lead to a potential information leak and further memory
corruption. In order to trigger the vulnerability, a victim must
be tricked into visiting a malicious webpage.
CVE-2021-21779
Marcin Towalski discovered that a specially crafted web page can
lead to a potential information leak and further memory
corruption. In order to trigger the vulnerability, a victim must
be tricked into visiting a malicious webpage.
CVE-2021-30720
David Schutz discovered that a malicious website may be able to
access restricted ports on arbitrary servers.
For the stable distribution (buster), these problems have been fixed in version 2.32.3-1~deb10u1.
We recommend that you upgrade your webkit2gtk packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: GNOME security, bug fix, and enhancement update Advisory ID: RHSA-2021:4381-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:4381 Issue date: 2021-11-09 CVE Names: CVE-2020-13558 CVE-2020-24870 CVE-2020-27918 CVE-2020-29623 CVE-2020-36241 CVE-2021-1765 CVE-2021-1788 CVE-2021-1789 CVE-2021-1799 CVE-2021-1801 CVE-2021-1844 CVE-2021-1870 CVE-2021-1871 CVE-2021-21775 CVE-2021-21779 CVE-2021-21806 CVE-2021-28650 CVE-2021-30663 CVE-2021-30665 CVE-2021-30682 CVE-2021-30689 CVE-2021-30720 CVE-2021-30734 CVE-2021-30744 CVE-2021-30749 CVE-2021-30758 CVE-2021-30795 CVE-2021-30797 CVE-2021-30799 ==================================================================== 1. Summary:
An update for GNOME is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux CRB (v. 8) - aarch64, ppc64le, s390x, x86_64
- Description:
GNOME is the default desktop environment of Red Hat Enterprise Linux.
The following packages have been upgraded to a later upstream version: gdm (40.0), webkit2gtk3 (2.32.3).
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
GDM must be restarted for this update to take effect. The GNOME session must be restarted (log out, then log back in) for this update to take effect.
- Bugs fixed (https://bugzilla.redhat.com/):
1651378 - [RFE] Provide a mechanism for persistently showing the security level of a machine at login time 1770302 - disable show text in GDM login/lock screen (patched in RHEL 7.8) 1791478 - Cannot completely disable odrs (Gnome Ratings) from the Software application in Gnome Desktop 1813727 - Files copied from NFS4 to Desktop can't be opened 1854679 - [RFE] Disable left edge gesture 1873297 - Gnome-software coredumps when run as root in terminal 1873488 - GTK3 prints errors with overlay scrollbar disabled 1888404 - Updates page hides ongoing updates on refresh 1894613 - [RFE] Re-inclusion of workspace renaming in GNOME 3. 1897932 - JS ERROR: Error: Extension point conflict: there is already a status indicator for role ... 1904139 - Automatic Logout Feature not working 1905000 - Desktop refresh broken after unlock 1909300 - gdm isn't killing the login screen on login after all, should rebase to latest release 1914925 - RFE: add patch to set grub boot_success flag on shutdown/reboot 1924725 - [Wayland] Double-touch desktop icons fails sometimes 1925640 - CVE-2020-36241 gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory 1928794 - CVE-2020-24870 LibRaw: Stack buffer overflow in LibRaw::identify_process_dng_fields() in identify.cpp 1928886 - CVE-2020-13558 webkitgtk: Use-after-free in AudioSourceProviderGStreamer leading to arbitrary code execution 1935261 - [RFE] Enable connecting to WiFI and VPN connections at the GDM login 1937416 - Rebase WebKitGTK to 2.32 1937866 - Unable to disable onscreen keyboard in touch screen machine [rhel-8.5.0] 1938937 - Mutter: mouse click doesn't work when using 10-bit graphic monitor [rhel-8.5.0] 1940026 - CVE-2021-28650 gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory (incomplete CVE-2020-36241 fix) 1944323 - CVE-2020-27918 webkitgtk: Use-after-free leading to arbitrary code execution 1944329 - CVE-2020-29623 webkitgtk: User may be unable to fully delete browsing history 1944333 - CVE-2021-1765 webkitgtk: IFrame sandboxing policy violation 1944337 - CVE-2021-1789 webkitgtk: Type confusion issue leading to arbitrary code execution 1944340 - CVE-2021-1799 webkitgtk: Access to restricted ports on arbitrary servers via port redirection 1944343 - CVE-2021-1801 webkitgtk: IFrame sandboxing policy violation 1944350 - CVE-2021-1870 webkitgtk: Logic issue leading to arbitrary code execution 1944859 - CVE-2021-1788 webkitgtk: Use-after-free leading to arbitrary code execution 1944862 - CVE-2021-1844 webkitgtk: Memory corruption issue leading to arbitrary code execution 1944867 - CVE-2021-1871 webkitgtk: Logic issue leading to arbitrary code execution 1949176 - GNOME Shell on Wayland does not generate xauth data, needed for X forwarding over SSH 1951086 - Disable the Facebook provider 1952136 - Disable the Foursquare provider 1955754 - gnome-session kiosk-session support still isn't up to muster 1957705 - RFE: make gnome-calculator internet access attemps configurable system-wide 1960705 - Vino nonfunctional in FIPS mode 1962049 - [Hyper-V][RHEL8.5]gdm: Guest with 1 vcpu start GUI failed on Hyper-V 1971507 - gnome-shell JS ERROR Error calling onComplete: TypeError this._dialog.actor is undefined _hideLockScreenComplete updateTweens 1971534 - gnome-shell[2343]: gsignal.c:2642: instance '0x5583c61f9280' has no handler with id '23831' 1972545 - flatpak: Prefer runtime from the same origin as the application 1978287 - gnome-shell to include / Documented - PolicyKit-authentication-agent 1978505 - Gnome Software development package is missing important header files. 1978612 - pt_BR translations for "Register System" panel 1980441 - CVE-2021-21806 webkitgtk: Use-after-free in fireEventListeners leading to arbitrary code execution 1980661 - "Screen Lock disabled" notification appears on first login after disabling gdm and notification pop-up. Package List:
Red Hat Enterprise Linux AppStream (v. 8):
Source: LibRaw-0.19.5-3.el8.src.rpm accountsservice-0.6.55-2.el8.src.rpm gdm-40.0-15.el8.src.rpm gnome-autoar-0.2.3-2.el8.src.rpm gnome-calculator-3.28.2-2.el8.src.rpm gnome-control-center-3.28.2-28.el8.src.rpm gnome-online-accounts-3.28.2-3.el8.src.rpm gnome-session-3.28.1-13.el8.src.rpm gnome-settings-daemon-3.32.0-16.el8.src.rpm gnome-shell-3.32.2-40.el8.src.rpm gnome-shell-extensions-3.32.1-20.el8.src.rpm gnome-software-3.36.1-10.el8.src.rpm gtk3-3.22.30-8.el8.src.rpm mutter-3.32.2-60.el8.src.rpm vino-3.22.0-11.el8.src.rpm webkit2gtk3-2.32.3-2.el8.src.rpm
aarch64: accountsservice-0.6.55-2.el8.aarch64.rpm accountsservice-debuginfo-0.6.55-2.el8.aarch64.rpm accountsservice-debugsource-0.6.55-2.el8.aarch64.rpm accountsservice-libs-0.6.55-2.el8.aarch64.rpm accountsservice-libs-debuginfo-0.6.55-2.el8.aarch64.rpm gdm-40.0-15.el8.aarch64.rpm gdm-debuginfo-40.0-15.el8.aarch64.rpm gdm-debugsource-40.0-15.el8.aarch64.rpm gnome-autoar-0.2.3-2.el8.aarch64.rpm gnome-autoar-debuginfo-0.2.3-2.el8.aarch64.rpm gnome-autoar-debugsource-0.2.3-2.el8.aarch64.rpm gnome-calculator-3.28.2-2.el8.aarch64.rpm gnome-calculator-debuginfo-3.28.2-2.el8.aarch64.rpm gnome-calculator-debugsource-3.28.2-2.el8.aarch64.rpm gnome-control-center-3.28.2-28.el8.aarch64.rpm gnome-control-center-debuginfo-3.28.2-28.el8.aarch64.rpm gnome-control-center-debugsource-3.28.2-28.el8.aarch64.rpm gnome-online-accounts-3.28.2-3.el8.aarch64.rpm gnome-online-accounts-debuginfo-3.28.2-3.el8.aarch64.rpm gnome-online-accounts-debugsource-3.28.2-3.el8.aarch64.rpm gnome-online-accounts-devel-3.28.2-3.el8.aarch64.rpm gnome-session-3.28.1-13.el8.aarch64.rpm gnome-session-debuginfo-3.28.1-13.el8.aarch64.rpm gnome-session-debugsource-3.28.1-13.el8.aarch64.rpm gnome-session-kiosk-session-3.28.1-13.el8.aarch64.rpm gnome-session-wayland-session-3.28.1-13.el8.aarch64.rpm gnome-session-xsession-3.28.1-13.el8.aarch64.rpm gnome-settings-daemon-3.32.0-16.el8.aarch64.rpm gnome-settings-daemon-debuginfo-3.32.0-16.el8.aarch64.rpm gnome-settings-daemon-debugsource-3.32.0-16.el8.aarch64.rpm gnome-shell-3.32.2-40.el8.aarch64.rpm gnome-shell-debuginfo-3.32.2-40.el8.aarch64.rpm gnome-shell-debugsource-3.32.2-40.el8.aarch64.rpm gnome-software-3.36.1-10.el8.aarch64.rpm gnome-software-debuginfo-3.36.1-10.el8.aarch64.rpm gnome-software-debugsource-3.36.1-10.el8.aarch64.rpm gsettings-desktop-schemas-devel-3.32.0-6.el8.aarch64.rpm gtk-update-icon-cache-3.22.30-8.el8.aarch64.rpm gtk-update-icon-cache-debuginfo-3.22.30-8.el8.aarch64.rpm gtk3-3.22.30-8.el8.aarch64.rpm gtk3-debuginfo-3.22.30-8.el8.aarch64.rpm gtk3-debugsource-3.22.30-8.el8.aarch64.rpm gtk3-devel-3.22.30-8.el8.aarch64.rpm gtk3-devel-debuginfo-3.22.30-8.el8.aarch64.rpm gtk3-immodule-xim-3.22.30-8.el8.aarch64.rpm gtk3-immodule-xim-debuginfo-3.22.30-8.el8.aarch64.rpm gtk3-immodules-debuginfo-3.22.30-8.el8.aarch64.rpm gtk3-tests-debuginfo-3.22.30-8.el8.aarch64.rpm mutter-3.32.2-60.el8.aarch64.rpm mutter-debuginfo-3.32.2-60.el8.aarch64.rpm mutter-debugsource-3.32.2-60.el8.aarch64.rpm mutter-tests-debuginfo-3.32.2-60.el8.aarch64.rpm vino-3.22.0-11.el8.aarch64.rpm vino-debuginfo-3.22.0-11.el8.aarch64.rpm vino-debugsource-3.22.0-11.el8.aarch64.rpm webkit2gtk3-2.32.3-2.el8.aarch64.rpm webkit2gtk3-debuginfo-2.32.3-2.el8.aarch64.rpm webkit2gtk3-debugsource-2.32.3-2.el8.aarch64.rpm webkit2gtk3-devel-2.32.3-2.el8.aarch64.rpm webkit2gtk3-devel-debuginfo-2.32.3-2.el8.aarch64.rpm webkit2gtk3-jsc-2.32.3-2.el8.aarch64.rpm webkit2gtk3-jsc-debuginfo-2.32.3-2.el8.aarch64.rpm webkit2gtk3-jsc-devel-2.32.3-2.el8.aarch64.rpm webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.aarch64.rpm
noarch: gnome-classic-session-3.32.1-20.el8.noarch.rpm gnome-control-center-filesystem-3.28.2-28.el8.noarch.rpm gnome-shell-extension-apps-menu-3.32.1-20.el8.noarch.rpm gnome-shell-extension-auto-move-windows-3.32.1-20.el8.noarch.rpm gnome-shell-extension-common-3.32.1-20.el8.noarch.rpm gnome-shell-extension-dash-to-dock-3.32.1-20.el8.noarch.rpm gnome-shell-extension-desktop-icons-3.32.1-20.el8.noarch.rpm gnome-shell-extension-disable-screenshield-3.32.1-20.el8.noarch.rpm gnome-shell-extension-drive-menu-3.32.1-20.el8.noarch.rpm gnome-shell-extension-gesture-inhibitor-3.32.1-20.el8.noarch.rpm gnome-shell-extension-horizontal-workspaces-3.32.1-20.el8.noarch.rpm gnome-shell-extension-launch-new-instance-3.32.1-20.el8.noarch.rpm gnome-shell-extension-native-window-placement-3.32.1-20.el8.noarch.rpm gnome-shell-extension-no-hot-corner-3.32.1-20.el8.noarch.rpm gnome-shell-extension-panel-favorites-3.32.1-20.el8.noarch.rpm gnome-shell-extension-places-menu-3.32.1-20.el8.noarch.rpm gnome-shell-extension-screenshot-window-sizer-3.32.1-20.el8.noarch.rpm gnome-shell-extension-systemMonitor-3.32.1-20.el8.noarch.rpm gnome-shell-extension-top-icons-3.32.1-20.el8.noarch.rpm gnome-shell-extension-updates-dialog-3.32.1-20.el8.noarch.rpm gnome-shell-extension-user-theme-3.32.1-20.el8.noarch.rpm gnome-shell-extension-window-grouper-3.32.1-20.el8.noarch.rpm gnome-shell-extension-window-list-3.32.1-20.el8.noarch.rpm gnome-shell-extension-windowsNavigator-3.32.1-20.el8.noarch.rpm gnome-shell-extension-workspace-indicator-3.32.1-20.el8.noarch.rpm
ppc64le: LibRaw-0.19.5-3.el8.ppc64le.rpm LibRaw-debuginfo-0.19.5-3.el8.ppc64le.rpm LibRaw-debugsource-0.19.5-3.el8.ppc64le.rpm LibRaw-samples-debuginfo-0.19.5-3.el8.ppc64le.rpm accountsservice-0.6.55-2.el8.ppc64le.rpm accountsservice-debuginfo-0.6.55-2.el8.ppc64le.rpm accountsservice-debugsource-0.6.55-2.el8.ppc64le.rpm accountsservice-libs-0.6.55-2.el8.ppc64le.rpm accountsservice-libs-debuginfo-0.6.55-2.el8.ppc64le.rpm gdm-40.0-15.el8.ppc64le.rpm gdm-debuginfo-40.0-15.el8.ppc64le.rpm gdm-debugsource-40.0-15.el8.ppc64le.rpm gnome-autoar-0.2.3-2.el8.ppc64le.rpm gnome-autoar-debuginfo-0.2.3-2.el8.ppc64le.rpm gnome-autoar-debugsource-0.2.3-2.el8.ppc64le.rpm gnome-calculator-3.28.2-2.el8.ppc64le.rpm gnome-calculator-debuginfo-3.28.2-2.el8.ppc64le.rpm gnome-calculator-debugsource-3.28.2-2.el8.ppc64le.rpm gnome-control-center-3.28.2-28.el8.ppc64le.rpm gnome-control-center-debuginfo-3.28.2-28.el8.ppc64le.rpm gnome-control-center-debugsource-3.28.2-28.el8.ppc64le.rpm gnome-online-accounts-3.28.2-3.el8.ppc64le.rpm gnome-online-accounts-debuginfo-3.28.2-3.el8.ppc64le.rpm gnome-online-accounts-debugsource-3.28.2-3.el8.ppc64le.rpm gnome-online-accounts-devel-3.28.2-3.el8.ppc64le.rpm gnome-session-3.28.1-13.el8.ppc64le.rpm gnome-session-debuginfo-3.28.1-13.el8.ppc64le.rpm gnome-session-debugsource-3.28.1-13.el8.ppc64le.rpm gnome-session-kiosk-session-3.28.1-13.el8.ppc64le.rpm gnome-session-wayland-session-3.28.1-13.el8.ppc64le.rpm gnome-session-xsession-3.28.1-13.el8.ppc64le.rpm gnome-settings-daemon-3.32.0-16.el8.ppc64le.rpm gnome-settings-daemon-debuginfo-3.32.0-16.el8.ppc64le.rpm gnome-settings-daemon-debugsource-3.32.0-16.el8.ppc64le.rpm gnome-shell-3.32.2-40.el8.ppc64le.rpm gnome-shell-debuginfo-3.32.2-40.el8.ppc64le.rpm gnome-shell-debugsource-3.32.2-40.el8.ppc64le.rpm gnome-software-3.36.1-10.el8.ppc64le.rpm gnome-software-debuginfo-3.36.1-10.el8.ppc64le.rpm gnome-software-debugsource-3.36.1-10.el8.ppc64le.rpm gsettings-desktop-schemas-devel-3.32.0-6.el8.ppc64le.rpm gtk-update-icon-cache-3.22.30-8.el8.ppc64le.rpm gtk-update-icon-cache-debuginfo-3.22.30-8.el8.ppc64le.rpm gtk3-3.22.30-8.el8.ppc64le.rpm gtk3-debuginfo-3.22.30-8.el8.ppc64le.rpm gtk3-debugsource-3.22.30-8.el8.ppc64le.rpm gtk3-devel-3.22.30-8.el8.ppc64le.rpm gtk3-devel-debuginfo-3.22.30-8.el8.ppc64le.rpm gtk3-immodule-xim-3.22.30-8.el8.ppc64le.rpm gtk3-immodule-xim-debuginfo-3.22.30-8.el8.ppc64le.rpm gtk3-immodules-debuginfo-3.22.30-8.el8.ppc64le.rpm gtk3-tests-debuginfo-3.22.30-8.el8.ppc64le.rpm mutter-3.32.2-60.el8.ppc64le.rpm mutter-debuginfo-3.32.2-60.el8.ppc64le.rpm mutter-debugsource-3.32.2-60.el8.ppc64le.rpm mutter-tests-debuginfo-3.32.2-60.el8.ppc64le.rpm vino-3.22.0-11.el8.ppc64le.rpm vino-debuginfo-3.22.0-11.el8.ppc64le.rpm vino-debugsource-3.22.0-11.el8.ppc64le.rpm webkit2gtk3-2.32.3-2.el8.ppc64le.rpm webkit2gtk3-debuginfo-2.32.3-2.el8.ppc64le.rpm webkit2gtk3-debugsource-2.32.3-2.el8.ppc64le.rpm webkit2gtk3-devel-2.32.3-2.el8.ppc64le.rpm webkit2gtk3-devel-debuginfo-2.32.3-2.el8.ppc64le.rpm webkit2gtk3-jsc-2.32.3-2.el8.ppc64le.rpm webkit2gtk3-jsc-debuginfo-2.32.3-2.el8.ppc64le.rpm webkit2gtk3-jsc-devel-2.32.3-2.el8.ppc64le.rpm webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.ppc64le.rpm
s390x: accountsservice-0.6.55-2.el8.s390x.rpm accountsservice-debuginfo-0.6.55-2.el8.s390x.rpm accountsservice-debugsource-0.6.55-2.el8.s390x.rpm accountsservice-libs-0.6.55-2.el8.s390x.rpm accountsservice-libs-debuginfo-0.6.55-2.el8.s390x.rpm gdm-40.0-15.el8.s390x.rpm gdm-debuginfo-40.0-15.el8.s390x.rpm gdm-debugsource-40.0-15.el8.s390x.rpm gnome-autoar-0.2.3-2.el8.s390x.rpm gnome-autoar-debuginfo-0.2.3-2.el8.s390x.rpm gnome-autoar-debugsource-0.2.3-2.el8.s390x.rpm gnome-calculator-3.28.2-2.el8.s390x.rpm gnome-calculator-debuginfo-3.28.2-2.el8.s390x.rpm gnome-calculator-debugsource-3.28.2-2.el8.s390x.rpm gnome-control-center-3.28.2-28.el8.s390x.rpm gnome-control-center-debuginfo-3.28.2-28.el8.s390x.rpm gnome-control-center-debugsource-3.28.2-28.el8.s390x.rpm gnome-online-accounts-3.28.2-3.el8.s390x.rpm gnome-online-accounts-debuginfo-3.28.2-3.el8.s390x.rpm gnome-online-accounts-debugsource-3.28.2-3.el8.s390x.rpm gnome-online-accounts-devel-3.28.2-3.el8.s390x.rpm gnome-session-3.28.1-13.el8.s390x.rpm gnome-session-debuginfo-3.28.1-13.el8.s390x.rpm gnome-session-debugsource-3.28.1-13.el8.s390x.rpm gnome-session-kiosk-session-3.28.1-13.el8.s390x.rpm gnome-session-wayland-session-3.28.1-13.el8.s390x.rpm gnome-session-xsession-3.28.1-13.el8.s390x.rpm gnome-settings-daemon-3.32.0-16.el8.s390x.rpm gnome-settings-daemon-debuginfo-3.32.0-16.el8.s390x.rpm gnome-settings-daemon-debugsource-3.32.0-16.el8.s390x.rpm gnome-shell-3.32.2-40.el8.s390x.rpm gnome-shell-debuginfo-3.32.2-40.el8.s390x.rpm gnome-shell-debugsource-3.32.2-40.el8.s390x.rpm gnome-software-3.36.1-10.el8.s390x.rpm gnome-software-debuginfo-3.36.1-10.el8.s390x.rpm gnome-software-debugsource-3.36.1-10.el8.s390x.rpm gsettings-desktop-schemas-devel-3.32.0-6.el8.s390x.rpm gtk-update-icon-cache-3.22.30-8.el8.s390x.rpm gtk-update-icon-cache-debuginfo-3.22.30-8.el8.s390x.rpm gtk3-3.22.30-8.el8.s390x.rpm gtk3-debuginfo-3.22.30-8.el8.s390x.rpm gtk3-debugsource-3.22.30-8.el8.s390x.rpm gtk3-devel-3.22.30-8.el8.s390x.rpm gtk3-devel-debuginfo-3.22.30-8.el8.s390x.rpm gtk3-immodule-xim-3.22.30-8.el8.s390x.rpm gtk3-immodule-xim-debuginfo-3.22.30-8.el8.s390x.rpm gtk3-immodules-debuginfo-3.22.30-8.el8.s390x.rpm gtk3-tests-debuginfo-3.22.30-8.el8.s390x.rpm mutter-3.32.2-60.el8.s390x.rpm mutter-debuginfo-3.32.2-60.el8.s390x.rpm mutter-debugsource-3.32.2-60.el8.s390x.rpm mutter-tests-debuginfo-3.32.2-60.el8.s390x.rpm vino-3.22.0-11.el8.s390x.rpm vino-debuginfo-3.22.0-11.el8.s390x.rpm vino-debugsource-3.22.0-11.el8.s390x.rpm webkit2gtk3-2.32.3-2.el8.s390x.rpm webkit2gtk3-debuginfo-2.32.3-2.el8.s390x.rpm webkit2gtk3-debugsource-2.32.3-2.el8.s390x.rpm webkit2gtk3-devel-2.32.3-2.el8.s390x.rpm webkit2gtk3-devel-debuginfo-2.32.3-2.el8.s390x.rpm webkit2gtk3-jsc-2.32.3-2.el8.s390x.rpm webkit2gtk3-jsc-debuginfo-2.32.3-2.el8.s390x.rpm webkit2gtk3-jsc-devel-2.32.3-2.el8.s390x.rpm webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.s390x.rpm
x86_64: LibRaw-0.19.5-3.el8.i686.rpm LibRaw-0.19.5-3.el8.x86_64.rpm LibRaw-debuginfo-0.19.5-3.el8.i686.rpm LibRaw-debuginfo-0.19.5-3.el8.x86_64.rpm LibRaw-debugsource-0.19.5-3.el8.i686.rpm LibRaw-debugsource-0.19.5-3.el8.x86_64.rpm LibRaw-samples-debuginfo-0.19.5-3.el8.i686.rpm LibRaw-samples-debuginfo-0.19.5-3.el8.x86_64.rpm accountsservice-0.6.55-2.el8.x86_64.rpm accountsservice-debuginfo-0.6.55-2.el8.i686.rpm accountsservice-debuginfo-0.6.55-2.el8.x86_64.rpm accountsservice-debugsource-0.6.55-2.el8.i686.rpm accountsservice-debugsource-0.6.55-2.el8.x86_64.rpm accountsservice-libs-0.6.55-2.el8.i686.rpm accountsservice-libs-0.6.55-2.el8.x86_64.rpm accountsservice-libs-debuginfo-0.6.55-2.el8.i686.rpm accountsservice-libs-debuginfo-0.6.55-2.el8.x86_64.rpm gdm-40.0-15.el8.i686.rpm gdm-40.0-15.el8.x86_64.rpm gdm-debuginfo-40.0-15.el8.i686.rpm gdm-debuginfo-40.0-15.el8.x86_64.rpm gdm-debugsource-40.0-15.el8.i686.rpm gdm-debugsource-40.0-15.el8.x86_64.rpm gnome-autoar-0.2.3-2.el8.i686.rpm gnome-autoar-0.2.3-2.el8.x86_64.rpm gnome-autoar-debuginfo-0.2.3-2.el8.i686.rpm gnome-autoar-debuginfo-0.2.3-2.el8.x86_64.rpm gnome-autoar-debugsource-0.2.3-2.el8.i686.rpm gnome-autoar-debugsource-0.2.3-2.el8.x86_64.rpm gnome-calculator-3.28.2-2.el8.x86_64.rpm gnome-calculator-debuginfo-3.28.2-2.el8.x86_64.rpm gnome-calculator-debugsource-3.28.2-2.el8.x86_64.rpm gnome-control-center-3.28.2-28.el8.x86_64.rpm gnome-control-center-debuginfo-3.28.2-28.el8.x86_64.rpm gnome-control-center-debugsource-3.28.2-28.el8.x86_64.rpm gnome-online-accounts-3.28.2-3.el8.i686.rpm gnome-online-accounts-3.28.2-3.el8.x86_64.rpm gnome-online-accounts-debuginfo-3.28.2-3.el8.i686.rpm gnome-online-accounts-debuginfo-3.28.2-3.el8.x86_64.rpm gnome-online-accounts-debugsource-3.28.2-3.el8.i686.rpm gnome-online-accounts-debugsource-3.28.2-3.el8.x86_64.rpm gnome-online-accounts-devel-3.28.2-3.el8.i686.rpm gnome-online-accounts-devel-3.28.2-3.el8.x86_64.rpm gnome-session-3.28.1-13.el8.x86_64.rpm gnome-session-debuginfo-3.28.1-13.el8.x86_64.rpm gnome-session-debugsource-3.28.1-13.el8.x86_64.rpm gnome-session-kiosk-session-3.28.1-13.el8.x86_64.rpm gnome-session-wayland-session-3.28.1-13.el8.x86_64.rpm gnome-session-xsession-3.28.1-13.el8.x86_64.rpm gnome-settings-daemon-3.32.0-16.el8.x86_64.rpm gnome-settings-daemon-debuginfo-3.32.0-16.el8.x86_64.rpm gnome-settings-daemon-debugsource-3.32.0-16.el8.x86_64.rpm gnome-shell-3.32.2-40.el8.x86_64.rpm gnome-shell-debuginfo-3.32.2-40.el8.x86_64.rpm gnome-shell-debugsource-3.32.2-40.el8.x86_64.rpm gnome-software-3.36.1-10.el8.x86_64.rpm gnome-software-debuginfo-3.36.1-10.el8.x86_64.rpm gnome-software-debugsource-3.36.1-10.el8.x86_64.rpm gsettings-desktop-schemas-3.32.0-6.el8.i686.rpm gsettings-desktop-schemas-devel-3.32.0-6.el8.i686.rpm gsettings-desktop-schemas-devel-3.32.0-6.el8.x86_64.rpm gtk-update-icon-cache-3.22.30-8.el8.x86_64.rpm gtk-update-icon-cache-debuginfo-3.22.30-8.el8.i686.rpm gtk-update-icon-cache-debuginfo-3.22.30-8.el8.x86_64.rpm gtk3-3.22.30-8.el8.i686.rpm gtk3-3.22.30-8.el8.x86_64.rpm gtk3-debuginfo-3.22.30-8.el8.i686.rpm gtk3-debuginfo-3.22.30-8.el8.x86_64.rpm gtk3-debugsource-3.22.30-8.el8.i686.rpm gtk3-debugsource-3.22.30-8.el8.x86_64.rpm gtk3-devel-3.22.30-8.el8.i686.rpm gtk3-devel-3.22.30-8.el8.x86_64.rpm gtk3-devel-debuginfo-3.22.30-8.el8.i686.rpm gtk3-devel-debuginfo-3.22.30-8.el8.x86_64.rpm gtk3-immodule-xim-3.22.30-8.el8.x86_64.rpm gtk3-immodule-xim-debuginfo-3.22.30-8.el8.i686.rpm gtk3-immodule-xim-debuginfo-3.22.30-8.el8.x86_64.rpm gtk3-immodules-debuginfo-3.22.30-8.el8.i686.rpm gtk3-immodules-debuginfo-3.22.30-8.el8.x86_64.rpm gtk3-tests-debuginfo-3.22.30-8.el8.i686.rpm gtk3-tests-debuginfo-3.22.30-8.el8.x86_64.rpm mutter-3.32.2-60.el8.i686.rpm mutter-3.32.2-60.el8.x86_64.rpm mutter-debuginfo-3.32.2-60.el8.i686.rpm mutter-debuginfo-3.32.2-60.el8.x86_64.rpm mutter-debugsource-3.32.2-60.el8.i686.rpm mutter-debugsource-3.32.2-60.el8.x86_64.rpm mutter-tests-debuginfo-3.32.2-60.el8.i686.rpm mutter-tests-debuginfo-3.32.2-60.el8.x86_64.rpm vino-3.22.0-11.el8.x86_64.rpm vino-debuginfo-3.22.0-11.el8.x86_64.rpm vino-debugsource-3.22.0-11.el8.x86_64.rpm webkit2gtk3-2.32.3-2.el8.i686.rpm webkit2gtk3-2.32.3-2.el8.x86_64.rpm webkit2gtk3-debuginfo-2.32.3-2.el8.i686.rpm webkit2gtk3-debuginfo-2.32.3-2.el8.x86_64.rpm webkit2gtk3-debugsource-2.32.3-2.el8.i686.rpm webkit2gtk3-debugsource-2.32.3-2.el8.x86_64.rpm webkit2gtk3-devel-2.32.3-2.el8.i686.rpm webkit2gtk3-devel-2.32.3-2.el8.x86_64.rpm webkit2gtk3-devel-debuginfo-2.32.3-2.el8.i686.rpm webkit2gtk3-devel-debuginfo-2.32.3-2.el8.x86_64.rpm webkit2gtk3-jsc-2.32.3-2.el8.i686.rpm webkit2gtk3-jsc-2.32.3-2.el8.x86_64.rpm webkit2gtk3-jsc-debuginfo-2.32.3-2.el8.i686.rpm webkit2gtk3-jsc-debuginfo-2.32.3-2.el8.x86_64.rpm webkit2gtk3-jsc-devel-2.32.3-2.el8.i686.rpm webkit2gtk3-jsc-devel-2.32.3-2.el8.x86_64.rpm webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.i686.rpm webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.x86_64.rpm
Red Hat Enterprise Linux BaseOS (v. 8):
Source: gsettings-desktop-schemas-3.32.0-6.el8.src.rpm
aarch64: gsettings-desktop-schemas-3.32.0-6.el8.aarch64.rpm
ppc64le: gsettings-desktop-schemas-3.32.0-6.el8.ppc64le.rpm
s390x: gsettings-desktop-schemas-3.32.0-6.el8.s390x.rpm
x86_64: gsettings-desktop-schemas-3.32.0-6.el8.x86_64.rpm
Red Hat Enterprise Linux CRB (v. 8):
aarch64: accountsservice-debuginfo-0.6.55-2.el8.aarch64.rpm accountsservice-debugsource-0.6.55-2.el8.aarch64.rpm accountsservice-devel-0.6.55-2.el8.aarch64.rpm accountsservice-libs-debuginfo-0.6.55-2.el8.aarch64.rpm gnome-software-debuginfo-3.36.1-10.el8.aarch64.rpm gnome-software-debugsource-3.36.1-10.el8.aarch64.rpm gnome-software-devel-3.36.1-10.el8.aarch64.rpm mutter-debuginfo-3.32.2-60.el8.aarch64.rpm mutter-debugsource-3.32.2-60.el8.aarch64.rpm mutter-devel-3.32.2-60.el8.aarch64.rpm mutter-tests-debuginfo-3.32.2-60.el8.aarch64.rpm
ppc64le: LibRaw-debuginfo-0.19.5-3.el8.ppc64le.rpm LibRaw-debugsource-0.19.5-3.el8.ppc64le.rpm LibRaw-devel-0.19.5-3.el8.ppc64le.rpm LibRaw-samples-debuginfo-0.19.5-3.el8.ppc64le.rpm accountsservice-debuginfo-0.6.55-2.el8.ppc64le.rpm accountsservice-debugsource-0.6.55-2.el8.ppc64le.rpm accountsservice-devel-0.6.55-2.el8.ppc64le.rpm accountsservice-libs-debuginfo-0.6.55-2.el8.ppc64le.rpm gnome-software-debuginfo-3.36.1-10.el8.ppc64le.rpm gnome-software-debugsource-3.36.1-10.el8.ppc64le.rpm gnome-software-devel-3.36.1-10.el8.ppc64le.rpm mutter-debuginfo-3.32.2-60.el8.ppc64le.rpm mutter-debugsource-3.32.2-60.el8.ppc64le.rpm mutter-devel-3.32.2-60.el8.ppc64le.rpm mutter-tests-debuginfo-3.32.2-60.el8.ppc64le.rpm
s390x: accountsservice-debuginfo-0.6.55-2.el8.s390x.rpm accountsservice-debugsource-0.6.55-2.el8.s390x.rpm accountsservice-devel-0.6.55-2.el8.s390x.rpm accountsservice-libs-debuginfo-0.6.55-2.el8.s390x.rpm gnome-software-debuginfo-3.36.1-10.el8.s390x.rpm gnome-software-debugsource-3.36.1-10.el8.s390x.rpm gnome-software-devel-3.36.1-10.el8.s390x.rpm mutter-debuginfo-3.32.2-60.el8.s390x.rpm mutter-debugsource-3.32.2-60.el8.s390x.rpm mutter-devel-3.32.2-60.el8.s390x.rpm mutter-tests-debuginfo-3.32.2-60.el8.s390x.rpm
x86_64: LibRaw-debuginfo-0.19.5-3.el8.i686.rpm LibRaw-debuginfo-0.19.5-3.el8.x86_64.rpm LibRaw-debugsource-0.19.5-3.el8.i686.rpm LibRaw-debugsource-0.19.5-3.el8.x86_64.rpm LibRaw-devel-0.19.5-3.el8.i686.rpm LibRaw-devel-0.19.5-3.el8.x86_64.rpm LibRaw-samples-debuginfo-0.19.5-3.el8.i686.rpm LibRaw-samples-debuginfo-0.19.5-3.el8.x86_64.rpm accountsservice-debuginfo-0.6.55-2.el8.i686.rpm accountsservice-debuginfo-0.6.55-2.el8.x86_64.rpm accountsservice-debugsource-0.6.55-2.el8.i686.rpm accountsservice-debugsource-0.6.55-2.el8.x86_64.rpm accountsservice-devel-0.6.55-2.el8.i686.rpm accountsservice-devel-0.6.55-2.el8.x86_64.rpm accountsservice-libs-debuginfo-0.6.55-2.el8.i686.rpm accountsservice-libs-debuginfo-0.6.55-2.el8.x86_64.rpm gnome-software-3.36.1-10.el8.i686.rpm gnome-software-debuginfo-3.36.1-10.el8.i686.rpm gnome-software-debuginfo-3.36.1-10.el8.x86_64.rpm gnome-software-debugsource-3.36.1-10.el8.i686.rpm gnome-software-debugsource-3.36.1-10.el8.x86_64.rpm gnome-software-devel-3.36.1-10.el8.i686.rpm gnome-software-devel-3.36.1-10.el8.x86_64.rpm mutter-debuginfo-3.32.2-60.el8.i686.rpm mutter-debuginfo-3.32.2-60.el8.x86_64.rpm mutter-debugsource-3.32.2-60.el8.i686.rpm mutter-debugsource-3.32.2-60.el8.x86_64.rpm mutter-devel-3.32.2-60.el8.i686.rpm mutter-devel-3.32.2-60.el8.x86_64.rpm mutter-tests-debuginfo-3.32.2-60.el8.i686.rpm mutter-tests-debuginfo-3.32.2-60.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2020-13558 https://access.redhat.com/security/cve/CVE-2020-24870 https://access.redhat.com/security/cve/CVE-2020-27918 https://access.redhat.com/security/cve/CVE-2020-29623 https://access.redhat.com/security/cve/CVE-2020-36241 https://access.redhat.com/security/cve/CVE-2021-1765 https://access.redhat.com/security/cve/CVE-2021-1788 https://access.redhat.com/security/cve/CVE-2021-1789 https://access.redhat.com/security/cve/CVE-2021-1799 https://access.redhat.com/security/cve/CVE-2021-1801 https://access.redhat.com/security/cve/CVE-2021-1844 https://access.redhat.com/security/cve/CVE-2021-1870 https://access.redhat.com/security/cve/CVE-2021-1871 https://access.redhat.com/security/cve/CVE-2021-21775 https://access.redhat.com/security/cve/CVE-2021-21779 https://access.redhat.com/security/cve/CVE-2021-21806 https://access.redhat.com/security/cve/CVE-2021-28650 https://access.redhat.com/security/cve/CVE-2021-30663 https://access.redhat.com/security/cve/CVE-2021-30665 https://access.redhat.com/security/cve/CVE-2021-30682 https://access.redhat.com/security/cve/CVE-2021-30689 https://access.redhat.com/security/cve/CVE-2021-30720 https://access.redhat.com/security/cve/CVE-2021-30734 https://access.redhat.com/security/cve/CVE-2021-30744 https://access.redhat.com/security/cve/CVE-2021-30749 https://access.redhat.com/security/cve/CVE-2021-30758 https://access.redhat.com/security/cve/CVE-2021-30795 https://access.redhat.com/security/cve/CVE-2021-30797 https://access.redhat.com/security/cve/CVE-2021-30799 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYYrdm9zjgjWX9erEAQhgIA/+KzLn8QVHI3X8x9ufH1+nO8QXQqwTGQ0E awNXP8h4qsL7EGugHrz/KVjwaKJs/erPxh5jGl/xE1ZhngGlyStUpQkI2Y3cP2/3 05jDPPS0QEfG5Y0rlnESyPxtwQTCpqped5P7L8VtKuzRae1HV63onsBB8zpcIFF7 sTKcP6wAAjJDltUjlhnEkkE3G6Dxfv14/UowRAWoT9pa9cP0+KqdhuYKHdt3fCD7 tEItM/SFQGoCF8zvXbvAiUXfZsQ/t/Yik9O6WISTWenaxCcP43Xn7aicsvZMVOvQ w+jnH/hnMLBoPhH2k4PClsDapa/D6IrQIUrwxtgfbC4KRs0fbdrEGCPqs4nl/AdD Migcf4gCMBq0bk3/yKp+/bi+OWwRMmw3ZdkJsOTNrOAkK1UCyrpF1ULyfs+8/OC5 QnXW88fPCwhFj+KSAq5Cqfwm3hrKTCWIT/T1DQBG+J7Y9NgEx+zEXVmWaaA0z+7T qji5aUsIH+TG3t1EwtXABWGGEBRxC+svUoWNJBW1u6qwxfMx5E+hHUHhRewVYLYu SToRXa3cIX23M/XyHNXBgMCpPPw8DeY5aAA1fvKQsuMCLywDg0N3mYhvk1HUNidb Z6HmsLjLrGbkb1AAhP0V0wUuh5P6YJlL6iM49fQgztlHoBO0OAo56GBjAyT3pAAX 2rgR2Ny0wo4=gfrM -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2021-05-25-7 tvOS 14.6
tvOS 14.6 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212532.
Audio Available for: Apple TV 4K and Apple TV HD Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-30707: hjy79425575 working with Trend Micro Zero Day Initiative
Audio Available for: Apple TV 4K and Apple TV HD Impact: Parsing a maliciously crafted audio file may lead to disclosure of user information Description: This issue was addressed with improved checks. CVE-2021-30685: Mickey Jin (@patch1t) of Trend Micro
CoreAudio Available for: Apple TV 4K and Apple TV HD Impact: Processing a maliciously crafted audio file may disclose restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-30686: Mickey Jin of Trend Micro
Crash Reporter Available for: Apple TV 4K and Apple TV HD Impact: A malicious application may be able to modify protected parts of the file system Description: A logic issue was addressed with improved state management. CVE-2021-30727: Cees Elzinga
CVMS Available for: Apple TV 4K and Apple TV HD Impact: A local attacker may be able to elevate their privileges Description: This issue was addressed with improved checks. CVE-2021-30724: Mickey Jin (@patch1t) of Trend Micro
Heimdal Available for: Apple TV 4K and Apple TV HD Impact: A local user may be able to leak sensitive user information Description: A logic issue was addressed with improved state management. CVE-2021-30697: Gabe Kirkpatrick (@gabe_k)
Heimdal Available for: Apple TV 4K and Apple TV HD Impact: A malicious application may cause a denial of service or potentially disclose memory contents Description: A memory corruption issue was addressed with improved state management. CVE-2021-30710: Gabe Kirkpatrick (@gabe_k)
ImageIO Available for: Apple TV 4K and Apple TV HD Impact: Processing a maliciously crafted image may lead to disclosure of user information Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-30687: Hou JingYi (@hjy79425575) of Qihoo 360
ImageIO Available for: Apple TV 4K and Apple TV HD Impact: Processing a maliciously crafted image may lead to disclosure of user information Description: This issue was addressed with improved checks. CVE-2021-30700: Ye Zhang(@co0py_Cat) of Baidu Security
ImageIO Available for: Apple TV 4K and Apple TV HD Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-30701: Mickey Jin (@patch1t) of Trend Micro and Ye Zhang of Baidu Security
ImageIO Available for: Apple TV 4K and Apple TV HD Impact: Processing a maliciously crafted ASTC file may disclose memory contents Description: This issue was addressed with improved checks. CVE-2021-30705: Ye Zhang of Baidu Security
Kernel Available for: Apple TV 4K and Apple TV HD Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A logic issue was addressed with improved validation. CVE-2021-30740: Linus Henze (pinauten.de)
Kernel Available for: Apple TV 4K and Apple TV HD Impact: An application may be able to execute arbitrary code with kernel privileges Description: A logic issue was addressed with improved state management. CVE-2021-30704: an anonymous researcher
Kernel Available for: Apple TV 4K and Apple TV HD Impact: Processing a maliciously crafted message may lead to a denial of service Description: A logic issue was addressed with improved state management. CVE-2021-30715: The UK's National Cyber Security Centre (NCSC)
Kernel Available for: Apple TV 4K and Apple TV HD Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed with improved size validation. CVE-2021-30736: Ian Beer of Google Project Zero
LaunchServices Available for: Apple TV 4K and Apple TV HD Impact: A malicious application may be able to break out of its sandbox Description: This issue was addressed with improved environment sanitization. CVE-2021-30677: Ron Waisberg (@epsilan)
Security Available for: Apple TV 4K and Apple TV HD Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution Description: A memory corruption issue in the ASN.1 decoder was addressed by removing the vulnerable code. CVE-2021-30665: yangkang (@dnpushme)&zerokeeper&bianliang of 360 ATA
WebKit Available for: Apple TV 4K and Apple TV HD Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. CVE-2021-21779: Marcin Towalski of Cisco Talos
WebKit Available for: Apple TV 4K and Apple TV HD Impact: A malicious application may be able to leak sensitive user information Description: A logic issue was addressed with improved restrictions. CVE-2021-30682: an anonymous researcher and 1lastBr3ath
WebKit Available for: Apple TV 4K and Apple TV HD Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue was addressed with improved state management. CVE-2021-30749: an anonymous researcher and mipu94 of SEFCOM lab, ASU. working with Trend Micro Zero Day Initiative CVE-2021-30734: Jack Dates of RET2 Systems, Inc. (@ret2systems) working with Trend Micro Zero Day Initiative
WebKit Available for: Apple TV 4K and Apple TV HD Impact: A malicious website may be able to access restricted ports on arbitrary servers Description: A logic issue was addressed with improved restrictions. Description: An integer overflow was addressed with improved input validation. CVE-2021-30663: an anonymous researcher
Additional recognition
ImageIO We would like to acknowledge Jzhu working with Trend Micro Zero Day Initiative and an anonymous researcher for their assistance.
WebKit We would like to acknowledge Chris Salls (@salls) of Makai Security for their assistance.
Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> System -> Software Update -> Update Software."
To check the current version of software, select "Settings -> General -> About." Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmCtU9MACgkQZcsbuWJ6 jjBzuhAAmXJik2L+PmRMzs6dd1QcCSwHYi0KLG0ERapHKJsFcm5+xpv87a4AFO4p 3E6+5w9wQSWVEsQG1PIvuyV3M81xuu8xY88tAD1ce1qGA4Dny4E7RU08Y0l43j/x d1RemCf0TjwYpvX34/GaOspxFQYnRo1gWsU1v7bieF8vMHZmUOlgiNep0UEG3Kuq 7IAAsfzWS43a+nkefSDWEujMNwbg1SZKua/+BXgZC7AOXdAHItqyNBFIerUc2uSf ReHLZ5BNBKw9OsL9qoJsiLCmwxKrpUTzpQahu2gybZf65nza6QPOTohqqWq79EOD mIqOW4SQ5mVSrzMh+GB9EovMY+l5YgyHwObTUjRW+4znLU7fqNXBgwzgWoIpJdF0 rpkjP3phOGXZWwiBhRmm5iYI08HFoBfF+EoPFN5Ucl7ZWz2uF0bQlbp3yqRoGRaO ZWY2LzPIdP5zSq7rqXDaVnNFuKF93J4ouZZwVMXA4yf5wmQ3silIeJlvxxphlet8 oXv2pkewq9A81RGMlgMDZMvawQvPGkOVgeBm1coajN1swNY8esW7N6J1+rtDL0mI sulaGZCeSM9ndg5VRU2lpClFdGEUZXT2hZ8NoMV6jj48c0gZBW3M82snGD4zeRqM dcezqg6o22ZxpogRJuRf41Y87ktE5o73wgj0xu72MQoxK86+Ek0= =BeQR -----END PGP SIGNATURE-----
.
Alternatively, on your watch, select "My Watch > General > About". CVE-2021-30661: yangkang (@dnpushme)&zerokeeper&bianliang of 360 ATA
Installation note:
This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202202-01
https://security.gentoo.org/
Severity: High Title: WebkitGTK+: Multiple vulnerabilities Date: February 01, 2022 Bugs: #779175, #801400, #813489, #819522, #820434, #829723, #831739 ID: 202202-01
Synopsis
Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in the arbitrary execution of code.
Background
WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/webkit-gtk < 2.34.4 >= 2.34.4
Description
Multiple vulnerabilities have been discovered in WebkitGTK+. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All WebkitGTK+ users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.34.4"
References
[ 1 ] CVE-2021-30848 https://nvd.nist.gov/vuln/detail/CVE-2021-30848 [ 2 ] CVE-2021-30888 https://nvd.nist.gov/vuln/detail/CVE-2021-30888 [ 3 ] CVE-2021-30682 https://nvd.nist.gov/vuln/detail/CVE-2021-30682 [ 4 ] CVE-2021-30889 https://nvd.nist.gov/vuln/detail/CVE-2021-30889 [ 5 ] CVE-2021-30666 https://nvd.nist.gov/vuln/detail/CVE-2021-30666 [ 6 ] CVE-2021-30665 https://nvd.nist.gov/vuln/detail/CVE-2021-30665 [ 7 ] CVE-2021-30890 https://nvd.nist.gov/vuln/detail/CVE-2021-30890 [ 8 ] CVE-2021-30661 https://nvd.nist.gov/vuln/detail/CVE-2021-30661 [ 9 ] WSA-2021-0005 https://webkitgtk.org/security/WSA-2021-0005.html [ 10 ] CVE-2021-30761 https://nvd.nist.gov/vuln/detail/CVE-2021-30761 [ 11 ] CVE-2021-30897 https://nvd.nist.gov/vuln/detail/CVE-2021-30897 [ 12 ] CVE-2021-30823 https://nvd.nist.gov/vuln/detail/CVE-2021-30823 [ 13 ] CVE-2021-30734 https://nvd.nist.gov/vuln/detail/CVE-2021-30734 [ 14 ] CVE-2021-30934 https://nvd.nist.gov/vuln/detail/CVE-2021-30934 [ 15 ] CVE-2021-1871 https://nvd.nist.gov/vuln/detail/CVE-2021-1871 [ 16 ] CVE-2021-30762 https://nvd.nist.gov/vuln/detail/CVE-2021-30762 [ 17 ] WSA-2021-0006 https://webkitgtk.org/security/WSA-2021-0006.html [ 18 ] CVE-2021-30797 https://nvd.nist.gov/vuln/detail/CVE-2021-30797 [ 19 ] CVE-2021-30936 https://nvd.nist.gov/vuln/detail/CVE-2021-30936 [ 20 ] CVE-2021-30663 https://nvd.nist.gov/vuln/detail/CVE-2021-30663 [ 21 ] CVE-2021-1825 https://nvd.nist.gov/vuln/detail/CVE-2021-1825 [ 22 ] CVE-2021-30951 https://nvd.nist.gov/vuln/detail/CVE-2021-30951 [ 23 ] CVE-2021-30952 https://nvd.nist.gov/vuln/detail/CVE-2021-30952 [ 24 ] CVE-2021-1788 https://nvd.nist.gov/vuln/detail/CVE-2021-1788 [ 25 ] CVE-2021-1820 https://nvd.nist.gov/vuln/detail/CVE-2021-1820 [ 26 ] CVE-2021-30953 https://nvd.nist.gov/vuln/detail/CVE-2021-30953 [ 27 ] CVE-2021-30749 https://nvd.nist.gov/vuln/detail/CVE-2021-30749 [ 28 ] CVE-2021-30849 https://nvd.nist.gov/vuln/detail/CVE-2021-30849 [ 29 ] CVE-2021-1826 https://nvd.nist.gov/vuln/detail/CVE-2021-1826 [ 30 ] CVE-2021-30836 https://nvd.nist.gov/vuln/detail/CVE-2021-30836 [ 31 ] CVE-2021-30954 https://nvd.nist.gov/vuln/detail/CVE-2021-30954 [ 32 ] CVE-2021-30984 https://nvd.nist.gov/vuln/detail/CVE-2021-30984 [ 33 ] CVE-2021-30851 https://nvd.nist.gov/vuln/detail/CVE-2021-30851 [ 34 ] CVE-2021-30758 https://nvd.nist.gov/vuln/detail/CVE-2021-30758 [ 35 ] CVE-2021-42762 https://nvd.nist.gov/vuln/detail/CVE-2021-42762 [ 36 ] CVE-2021-1844 https://nvd.nist.gov/vuln/detail/CVE-2021-1844 [ 37 ] CVE-2021-30689 https://nvd.nist.gov/vuln/detail/CVE-2021-30689 [ 38 ] CVE-2021-45482 https://nvd.nist.gov/vuln/detail/CVE-2021-45482 [ 39 ] CVE-2021-30858 https://nvd.nist.gov/vuln/detail/CVE-2021-30858 [ 40 ] CVE-2021-21779 https://nvd.nist.gov/vuln/detail/CVE-2021-21779 [ 41 ] WSA-2021-0004 https://webkitgtk.org/security/WSA-2021-0004.html [ 42 ] CVE-2021-30846 https://nvd.nist.gov/vuln/detail/CVE-2021-30846 [ 43 ] CVE-2021-30744 https://nvd.nist.gov/vuln/detail/CVE-2021-30744 [ 44 ] CVE-2021-30809 https://nvd.nist.gov/vuln/detail/CVE-2021-30809 [ 45 ] CVE-2021-30884 https://nvd.nist.gov/vuln/detail/CVE-2021-30884 [ 46 ] CVE-2021-30720 https://nvd.nist.gov/vuln/detail/CVE-2021-30720 [ 47 ] CVE-2021-30799 https://nvd.nist.gov/vuln/detail/CVE-2021-30799 [ 48 ] CVE-2021-30795 https://nvd.nist.gov/vuln/detail/CVE-2021-30795 [ 49 ] CVE-2021-1817 https://nvd.nist.gov/vuln/detail/CVE-2021-1817 [ 50 ] CVE-2021-21775 https://nvd.nist.gov/vuln/detail/CVE-2021-21775 [ 51 ] CVE-2021-30887 https://nvd.nist.gov/vuln/detail/CVE-2021-30887 [ 52 ] CVE-2021-21806 https://nvd.nist.gov/vuln/detail/CVE-2021-21806 [ 53 ] CVE-2021-30818 https://nvd.nist.gov/vuln/detail/CVE-2021-30818
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202202-01
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202109-1315", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ipados", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "14.5.1" }, { "model": "iphone os", "scope": "gte", "trust": 1.0, "vendor": "apple", "version": "13.0" }, { "model": "tvos", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "14.6" }, { "model": "watchos", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "7.4.1" }, { "model": "iphone os", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "12.5.3" }, { "model": "iphone os", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "14.5.1" }, { "model": "macos", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "11.3.1" } ], "sources": [ { "db": "NVD", "id": "CVE-2021-30665" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apple", "sources": [ { "db": "PACKETSTORM", "id": "162825" }, { "db": "PACKETSTORM", "id": "162448" }, { "db": "PACKETSTORM", "id": "162452" }, { "db": "PACKETSTORM", "id": "162447" }, { "db": "CNNVD", "id": "CNNVD-202105-060" } ], "trust": 1.0 }, "cve": "CVE-2021-30665", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2021-30665", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.0, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-390398", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "id": "CVE-2021-30665", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2021-30665", "trust": 1.0, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202105-060", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-390398", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-390398" }, { "db": "CNNVD", "id": "CNNVD-202105-060" }, { "db": "NVD", "id": "CVE-2021-30665" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 7.4.1, iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. Apple Safari is a web browser of Apple (Apple), the default browser included with Mac OS X and iOS operating systems. A buffer error vulnerability exists in Apple Safari that stems from a bounds error in WebKit. A remote attacker could exploit this vulnerability to execute arbitrary code on the target system. The following products and versions are affected: Apple Safari: 14.0, 14.0.1, 14.0.2, 14.0.3, 14.0.3-14610.4.3.1.7, 14.0.3-15610.4.3.1.7, 14.1. APPLE-SA-2021-05-03-3 watchOS 7.4.1. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4945-1 security@debian.org\nhttps://www.debian.org/security/ Alberto Garcia\nJuly 28, 2021 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : webkit2gtk\nCVE ID : CVE-2021-21775 CVE-2021-21779 CVE-2021-30663 CVE-2021-30665\n CVE-2021-30689 CVE-2021-30720 CVE-2021-30734 CVE-2021-30744\n CVE-2021-30749 CVE-2021-30758 CVE-2021-30795 CVE-2021-30797\n CVE-2021-30799\n\nThe following vulnerabilities have been discovered in the webkit2gtk\nweb engine:\n\nCVE-2021-21775\n\n Marcin Towalski discovered that a specially crafted web page can\n lead to a potential information leak and further memory\n corruption. In order to trigger the vulnerability, a victim must\n be tricked into visiting a malicious webpage. \n\nCVE-2021-21779\n\n Marcin Towalski discovered that a specially crafted web page can\n lead to a potential information leak and further memory\n corruption. In order to trigger the vulnerability, a victim must\n be tricked into visiting a malicious webpage. \n\nCVE-2021-30720\n\n David Schutz discovered that a malicious website may be able to\n access restricted ports on arbitrary servers. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 2.32.3-1~deb10u1. \n\nWe recommend that you upgrade your webkit2gtk packages. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: GNOME security, bug fix, and enhancement update\nAdvisory ID: RHSA-2021:4381-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:4381\nIssue date: 2021-11-09\nCVE Names: CVE-2020-13558 CVE-2020-24870 CVE-2020-27918\n CVE-2020-29623 CVE-2020-36241 CVE-2021-1765\n CVE-2021-1788 CVE-2021-1789 CVE-2021-1799\n CVE-2021-1801 CVE-2021-1844 CVE-2021-1870\n CVE-2021-1871 CVE-2021-21775 CVE-2021-21779\n CVE-2021-21806 CVE-2021-28650 CVE-2021-30663\n CVE-2021-30665 CVE-2021-30682 CVE-2021-30689\n CVE-2021-30720 CVE-2021-30734 CVE-2021-30744\n CVE-2021-30749 CVE-2021-30758 CVE-2021-30795\n CVE-2021-30797 CVE-2021-30799\n====================================================================\n1. Summary:\n\nAn update for GNOME is now available for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux CRB (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nGNOME is the default desktop environment of Red Hat Enterprise Linux. \n\nThe following packages have been upgraded to a later upstream version: gdm\n(40.0), webkit2gtk3 (2.32.3). \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.5 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nGDM must be restarted for this update to take effect. The GNOME session\nmust be restarted (log out, then log back in) for this update to take\neffect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1651378 - [RFE] Provide a mechanism for persistently showing the security level of a machine at login time\n1770302 - disable show text in GDM login/lock screen (patched in RHEL 7.8)\n1791478 - Cannot completely disable odrs (Gnome Ratings) from the Software application in Gnome Desktop\n1813727 - Files copied from NFS4 to Desktop can\u0027t be opened\n1854679 - [RFE] Disable left edge gesture\n1873297 - Gnome-software coredumps when run as root in terminal\n1873488 - GTK3 prints errors with overlay scrollbar disabled\n1888404 - Updates page hides ongoing updates on refresh\n1894613 - [RFE] Re-inclusion of workspace renaming in GNOME 3. \n1897932 - JS ERROR: Error: Extension point conflict: there is already a status indicator for role ... \n1904139 - Automatic Logout Feature not working\n1905000 - Desktop refresh broken after unlock\n1909300 - gdm isn\u0027t killing the login screen on login after all, should rebase to latest release\n1914925 - RFE: add patch to set grub boot_success flag on shutdown/reboot\n1924725 - [Wayland] Double-touch desktop icons fails sometimes\n1925640 - CVE-2020-36241 gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory\n1928794 - CVE-2020-24870 LibRaw: Stack buffer overflow in LibRaw::identify_process_dng_fields() in identify.cpp\n1928886 - CVE-2020-13558 webkitgtk: Use-after-free in AudioSourceProviderGStreamer leading to arbitrary code execution\n1935261 - [RFE] Enable connecting to WiFI and VPN connections at the GDM login\n1937416 - Rebase WebKitGTK to 2.32\n1937866 - Unable to disable onscreen keyboard in touch screen machine [rhel-8.5.0]\n1938937 - Mutter: mouse click doesn\u0027t work when using 10-bit graphic monitor [rhel-8.5.0]\n1940026 - CVE-2021-28650 gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory (incomplete CVE-2020-36241 fix)\n1944323 - CVE-2020-27918 webkitgtk: Use-after-free leading to arbitrary code execution\n1944329 - CVE-2020-29623 webkitgtk: User may be unable to fully delete browsing history\n1944333 - CVE-2021-1765 webkitgtk: IFrame sandboxing policy violation\n1944337 - CVE-2021-1789 webkitgtk: Type confusion issue leading to arbitrary code execution\n1944340 - CVE-2021-1799 webkitgtk: Access to restricted ports on arbitrary servers via port redirection\n1944343 - CVE-2021-1801 webkitgtk: IFrame sandboxing policy violation\n1944350 - CVE-2021-1870 webkitgtk: Logic issue leading to arbitrary code execution\n1944859 - CVE-2021-1788 webkitgtk: Use-after-free leading to arbitrary code execution\n1944862 - CVE-2021-1844 webkitgtk: Memory corruption issue leading to arbitrary code execution\n1944867 - CVE-2021-1871 webkitgtk: Logic issue leading to arbitrary code execution\n1949176 - GNOME Shell on Wayland does not generate xauth data, needed for X forwarding over SSH\n1951086 - Disable the Facebook provider\n1952136 - Disable the Foursquare provider\n1955754 - gnome-session kiosk-session support still isn\u0027t up to muster\n1957705 - RFE: make gnome-calculator internet access attemps configurable system-wide\n1960705 - Vino nonfunctional in FIPS mode\n1962049 - [Hyper-V][RHEL8.5]gdm: Guest with 1 vcpu start GUI failed on Hyper-V\n1971507 - gnome-shell JS ERROR Error calling onComplete: TypeError this._dialog.actor is undefined _hideLockScreenComplete updateTweens\n1971534 - gnome-shell[2343]: gsignal.c:2642: instance \u00270x5583c61f9280\u0027 has no handler with id \u002723831\u0027\n1972545 - flatpak: Prefer runtime from the same origin as the application\n1978287 - gnome-shell to include / Documented - PolicyKit-authentication-agent\n1978505 - Gnome Software development package is missing important header files. \n1978612 - pt_BR translations for \"Register System\" panel\n1980441 - CVE-2021-21806 webkitgtk: Use-after-free in fireEventListeners leading to arbitrary code execution\n1980661 - \"Screen Lock disabled\" notification appears on first login after disabling gdm and notification pop-up. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 8):\n\nSource:\nLibRaw-0.19.5-3.el8.src.rpm\naccountsservice-0.6.55-2.el8.src.rpm\ngdm-40.0-15.el8.src.rpm\ngnome-autoar-0.2.3-2.el8.src.rpm\ngnome-calculator-3.28.2-2.el8.src.rpm\ngnome-control-center-3.28.2-28.el8.src.rpm\ngnome-online-accounts-3.28.2-3.el8.src.rpm\ngnome-session-3.28.1-13.el8.src.rpm\ngnome-settings-daemon-3.32.0-16.el8.src.rpm\ngnome-shell-3.32.2-40.el8.src.rpm\ngnome-shell-extensions-3.32.1-20.el8.src.rpm\ngnome-software-3.36.1-10.el8.src.rpm\ngtk3-3.22.30-8.el8.src.rpm\nmutter-3.32.2-60.el8.src.rpm\nvino-3.22.0-11.el8.src.rpm\nwebkit2gtk3-2.32.3-2.el8.src.rpm\n\naarch64:\naccountsservice-0.6.55-2.el8.aarch64.rpm\naccountsservice-debuginfo-0.6.55-2.el8.aarch64.rpm\naccountsservice-debugsource-0.6.55-2.el8.aarch64.rpm\naccountsservice-libs-0.6.55-2.el8.aarch64.rpm\naccountsservice-libs-debuginfo-0.6.55-2.el8.aarch64.rpm\ngdm-40.0-15.el8.aarch64.rpm\ngdm-debuginfo-40.0-15.el8.aarch64.rpm\ngdm-debugsource-40.0-15.el8.aarch64.rpm\ngnome-autoar-0.2.3-2.el8.aarch64.rpm\ngnome-autoar-debuginfo-0.2.3-2.el8.aarch64.rpm\ngnome-autoar-debugsource-0.2.3-2.el8.aarch64.rpm\ngnome-calculator-3.28.2-2.el8.aarch64.rpm\ngnome-calculator-debuginfo-3.28.2-2.el8.aarch64.rpm\ngnome-calculator-debugsource-3.28.2-2.el8.aarch64.rpm\ngnome-control-center-3.28.2-28.el8.aarch64.rpm\ngnome-control-center-debuginfo-3.28.2-28.el8.aarch64.rpm\ngnome-control-center-debugsource-3.28.2-28.el8.aarch64.rpm\ngnome-online-accounts-3.28.2-3.el8.aarch64.rpm\ngnome-online-accounts-debuginfo-3.28.2-3.el8.aarch64.rpm\ngnome-online-accounts-debugsource-3.28.2-3.el8.aarch64.rpm\ngnome-online-accounts-devel-3.28.2-3.el8.aarch64.rpm\ngnome-session-3.28.1-13.el8.aarch64.rpm\ngnome-session-debuginfo-3.28.1-13.el8.aarch64.rpm\ngnome-session-debugsource-3.28.1-13.el8.aarch64.rpm\ngnome-session-kiosk-session-3.28.1-13.el8.aarch64.rpm\ngnome-session-wayland-session-3.28.1-13.el8.aarch64.rpm\ngnome-session-xsession-3.28.1-13.el8.aarch64.rpm\ngnome-settings-daemon-3.32.0-16.el8.aarch64.rpm\ngnome-settings-daemon-debuginfo-3.32.0-16.el8.aarch64.rpm\ngnome-settings-daemon-debugsource-3.32.0-16.el8.aarch64.rpm\ngnome-shell-3.32.2-40.el8.aarch64.rpm\ngnome-shell-debuginfo-3.32.2-40.el8.aarch64.rpm\ngnome-shell-debugsource-3.32.2-40.el8.aarch64.rpm\ngnome-software-3.36.1-10.el8.aarch64.rpm\ngnome-software-debuginfo-3.36.1-10.el8.aarch64.rpm\ngnome-software-debugsource-3.36.1-10.el8.aarch64.rpm\ngsettings-desktop-schemas-devel-3.32.0-6.el8.aarch64.rpm\ngtk-update-icon-cache-3.22.30-8.el8.aarch64.rpm\ngtk-update-icon-cache-debuginfo-3.22.30-8.el8.aarch64.rpm\ngtk3-3.22.30-8.el8.aarch64.rpm\ngtk3-debuginfo-3.22.30-8.el8.aarch64.rpm\ngtk3-debugsource-3.22.30-8.el8.aarch64.rpm\ngtk3-devel-3.22.30-8.el8.aarch64.rpm\ngtk3-devel-debuginfo-3.22.30-8.el8.aarch64.rpm\ngtk3-immodule-xim-3.22.30-8.el8.aarch64.rpm\ngtk3-immodule-xim-debuginfo-3.22.30-8.el8.aarch64.rpm\ngtk3-immodules-debuginfo-3.22.30-8.el8.aarch64.rpm\ngtk3-tests-debuginfo-3.22.30-8.el8.aarch64.rpm\nmutter-3.32.2-60.el8.aarch64.rpm\nmutter-debuginfo-3.32.2-60.el8.aarch64.rpm\nmutter-debugsource-3.32.2-60.el8.aarch64.rpm\nmutter-tests-debuginfo-3.32.2-60.el8.aarch64.rpm\nvino-3.22.0-11.el8.aarch64.rpm\nvino-debuginfo-3.22.0-11.el8.aarch64.rpm\nvino-debugsource-3.22.0-11.el8.aarch64.rpm\nwebkit2gtk3-2.32.3-2.el8.aarch64.rpm\nwebkit2gtk3-debuginfo-2.32.3-2.el8.aarch64.rpm\nwebkit2gtk3-debugsource-2.32.3-2.el8.aarch64.rpm\nwebkit2gtk3-devel-2.32.3-2.el8.aarch64.rpm\nwebkit2gtk3-devel-debuginfo-2.32.3-2.el8.aarch64.rpm\nwebkit2gtk3-jsc-2.32.3-2.el8.aarch64.rpm\nwebkit2gtk3-jsc-debuginfo-2.32.3-2.el8.aarch64.rpm\nwebkit2gtk3-jsc-devel-2.32.3-2.el8.aarch64.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.aarch64.rpm\n\nnoarch:\ngnome-classic-session-3.32.1-20.el8.noarch.rpm\ngnome-control-center-filesystem-3.28.2-28.el8.noarch.rpm\ngnome-shell-extension-apps-menu-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-auto-move-windows-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-common-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-dash-to-dock-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-desktop-icons-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-disable-screenshield-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-drive-menu-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-gesture-inhibitor-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-horizontal-workspaces-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-launch-new-instance-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-native-window-placement-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-no-hot-corner-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-panel-favorites-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-places-menu-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-screenshot-window-sizer-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-systemMonitor-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-top-icons-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-updates-dialog-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-user-theme-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-window-grouper-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-window-list-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-windowsNavigator-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-workspace-indicator-3.32.1-20.el8.noarch.rpm\n\nppc64le:\nLibRaw-0.19.5-3.el8.ppc64le.rpm\nLibRaw-debuginfo-0.19.5-3.el8.ppc64le.rpm\nLibRaw-debugsource-0.19.5-3.el8.ppc64le.rpm\nLibRaw-samples-debuginfo-0.19.5-3.el8.ppc64le.rpm\naccountsservice-0.6.55-2.el8.ppc64le.rpm\naccountsservice-debuginfo-0.6.55-2.el8.ppc64le.rpm\naccountsservice-debugsource-0.6.55-2.el8.ppc64le.rpm\naccountsservice-libs-0.6.55-2.el8.ppc64le.rpm\naccountsservice-libs-debuginfo-0.6.55-2.el8.ppc64le.rpm\ngdm-40.0-15.el8.ppc64le.rpm\ngdm-debuginfo-40.0-15.el8.ppc64le.rpm\ngdm-debugsource-40.0-15.el8.ppc64le.rpm\ngnome-autoar-0.2.3-2.el8.ppc64le.rpm\ngnome-autoar-debuginfo-0.2.3-2.el8.ppc64le.rpm\ngnome-autoar-debugsource-0.2.3-2.el8.ppc64le.rpm\ngnome-calculator-3.28.2-2.el8.ppc64le.rpm\ngnome-calculator-debuginfo-3.28.2-2.el8.ppc64le.rpm\ngnome-calculator-debugsource-3.28.2-2.el8.ppc64le.rpm\ngnome-control-center-3.28.2-28.el8.ppc64le.rpm\ngnome-control-center-debuginfo-3.28.2-28.el8.ppc64le.rpm\ngnome-control-center-debugsource-3.28.2-28.el8.ppc64le.rpm\ngnome-online-accounts-3.28.2-3.el8.ppc64le.rpm\ngnome-online-accounts-debuginfo-3.28.2-3.el8.ppc64le.rpm\ngnome-online-accounts-debugsource-3.28.2-3.el8.ppc64le.rpm\ngnome-online-accounts-devel-3.28.2-3.el8.ppc64le.rpm\ngnome-session-3.28.1-13.el8.ppc64le.rpm\ngnome-session-debuginfo-3.28.1-13.el8.ppc64le.rpm\ngnome-session-debugsource-3.28.1-13.el8.ppc64le.rpm\ngnome-session-kiosk-session-3.28.1-13.el8.ppc64le.rpm\ngnome-session-wayland-session-3.28.1-13.el8.ppc64le.rpm\ngnome-session-xsession-3.28.1-13.el8.ppc64le.rpm\ngnome-settings-daemon-3.32.0-16.el8.ppc64le.rpm\ngnome-settings-daemon-debuginfo-3.32.0-16.el8.ppc64le.rpm\ngnome-settings-daemon-debugsource-3.32.0-16.el8.ppc64le.rpm\ngnome-shell-3.32.2-40.el8.ppc64le.rpm\ngnome-shell-debuginfo-3.32.2-40.el8.ppc64le.rpm\ngnome-shell-debugsource-3.32.2-40.el8.ppc64le.rpm\ngnome-software-3.36.1-10.el8.ppc64le.rpm\ngnome-software-debuginfo-3.36.1-10.el8.ppc64le.rpm\ngnome-software-debugsource-3.36.1-10.el8.ppc64le.rpm\ngsettings-desktop-schemas-devel-3.32.0-6.el8.ppc64le.rpm\ngtk-update-icon-cache-3.22.30-8.el8.ppc64le.rpm\ngtk-update-icon-cache-debuginfo-3.22.30-8.el8.ppc64le.rpm\ngtk3-3.22.30-8.el8.ppc64le.rpm\ngtk3-debuginfo-3.22.30-8.el8.ppc64le.rpm\ngtk3-debugsource-3.22.30-8.el8.ppc64le.rpm\ngtk3-devel-3.22.30-8.el8.ppc64le.rpm\ngtk3-devel-debuginfo-3.22.30-8.el8.ppc64le.rpm\ngtk3-immodule-xim-3.22.30-8.el8.ppc64le.rpm\ngtk3-immodule-xim-debuginfo-3.22.30-8.el8.ppc64le.rpm\ngtk3-immodules-debuginfo-3.22.30-8.el8.ppc64le.rpm\ngtk3-tests-debuginfo-3.22.30-8.el8.ppc64le.rpm\nmutter-3.32.2-60.el8.ppc64le.rpm\nmutter-debuginfo-3.32.2-60.el8.ppc64le.rpm\nmutter-debugsource-3.32.2-60.el8.ppc64le.rpm\nmutter-tests-debuginfo-3.32.2-60.el8.ppc64le.rpm\nvino-3.22.0-11.el8.ppc64le.rpm\nvino-debuginfo-3.22.0-11.el8.ppc64le.rpm\nvino-debugsource-3.22.0-11.el8.ppc64le.rpm\nwebkit2gtk3-2.32.3-2.el8.ppc64le.rpm\nwebkit2gtk3-debuginfo-2.32.3-2.el8.ppc64le.rpm\nwebkit2gtk3-debugsource-2.32.3-2.el8.ppc64le.rpm\nwebkit2gtk3-devel-2.32.3-2.el8.ppc64le.rpm\nwebkit2gtk3-devel-debuginfo-2.32.3-2.el8.ppc64le.rpm\nwebkit2gtk3-jsc-2.32.3-2.el8.ppc64le.rpm\nwebkit2gtk3-jsc-debuginfo-2.32.3-2.el8.ppc64le.rpm\nwebkit2gtk3-jsc-devel-2.32.3-2.el8.ppc64le.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.ppc64le.rpm\n\ns390x:\naccountsservice-0.6.55-2.el8.s390x.rpm\naccountsservice-debuginfo-0.6.55-2.el8.s390x.rpm\naccountsservice-debugsource-0.6.55-2.el8.s390x.rpm\naccountsservice-libs-0.6.55-2.el8.s390x.rpm\naccountsservice-libs-debuginfo-0.6.55-2.el8.s390x.rpm\ngdm-40.0-15.el8.s390x.rpm\ngdm-debuginfo-40.0-15.el8.s390x.rpm\ngdm-debugsource-40.0-15.el8.s390x.rpm\ngnome-autoar-0.2.3-2.el8.s390x.rpm\ngnome-autoar-debuginfo-0.2.3-2.el8.s390x.rpm\ngnome-autoar-debugsource-0.2.3-2.el8.s390x.rpm\ngnome-calculator-3.28.2-2.el8.s390x.rpm\ngnome-calculator-debuginfo-3.28.2-2.el8.s390x.rpm\ngnome-calculator-debugsource-3.28.2-2.el8.s390x.rpm\ngnome-control-center-3.28.2-28.el8.s390x.rpm\ngnome-control-center-debuginfo-3.28.2-28.el8.s390x.rpm\ngnome-control-center-debugsource-3.28.2-28.el8.s390x.rpm\ngnome-online-accounts-3.28.2-3.el8.s390x.rpm\ngnome-online-accounts-debuginfo-3.28.2-3.el8.s390x.rpm\ngnome-online-accounts-debugsource-3.28.2-3.el8.s390x.rpm\ngnome-online-accounts-devel-3.28.2-3.el8.s390x.rpm\ngnome-session-3.28.1-13.el8.s390x.rpm\ngnome-session-debuginfo-3.28.1-13.el8.s390x.rpm\ngnome-session-debugsource-3.28.1-13.el8.s390x.rpm\ngnome-session-kiosk-session-3.28.1-13.el8.s390x.rpm\ngnome-session-wayland-session-3.28.1-13.el8.s390x.rpm\ngnome-session-xsession-3.28.1-13.el8.s390x.rpm\ngnome-settings-daemon-3.32.0-16.el8.s390x.rpm\ngnome-settings-daemon-debuginfo-3.32.0-16.el8.s390x.rpm\ngnome-settings-daemon-debugsource-3.32.0-16.el8.s390x.rpm\ngnome-shell-3.32.2-40.el8.s390x.rpm\ngnome-shell-debuginfo-3.32.2-40.el8.s390x.rpm\ngnome-shell-debugsource-3.32.2-40.el8.s390x.rpm\ngnome-software-3.36.1-10.el8.s390x.rpm\ngnome-software-debuginfo-3.36.1-10.el8.s390x.rpm\ngnome-software-debugsource-3.36.1-10.el8.s390x.rpm\ngsettings-desktop-schemas-devel-3.32.0-6.el8.s390x.rpm\ngtk-update-icon-cache-3.22.30-8.el8.s390x.rpm\ngtk-update-icon-cache-debuginfo-3.22.30-8.el8.s390x.rpm\ngtk3-3.22.30-8.el8.s390x.rpm\ngtk3-debuginfo-3.22.30-8.el8.s390x.rpm\ngtk3-debugsource-3.22.30-8.el8.s390x.rpm\ngtk3-devel-3.22.30-8.el8.s390x.rpm\ngtk3-devel-debuginfo-3.22.30-8.el8.s390x.rpm\ngtk3-immodule-xim-3.22.30-8.el8.s390x.rpm\ngtk3-immodule-xim-debuginfo-3.22.30-8.el8.s390x.rpm\ngtk3-immodules-debuginfo-3.22.30-8.el8.s390x.rpm\ngtk3-tests-debuginfo-3.22.30-8.el8.s390x.rpm\nmutter-3.32.2-60.el8.s390x.rpm\nmutter-debuginfo-3.32.2-60.el8.s390x.rpm\nmutter-debugsource-3.32.2-60.el8.s390x.rpm\nmutter-tests-debuginfo-3.32.2-60.el8.s390x.rpm\nvino-3.22.0-11.el8.s390x.rpm\nvino-debuginfo-3.22.0-11.el8.s390x.rpm\nvino-debugsource-3.22.0-11.el8.s390x.rpm\nwebkit2gtk3-2.32.3-2.el8.s390x.rpm\nwebkit2gtk3-debuginfo-2.32.3-2.el8.s390x.rpm\nwebkit2gtk3-debugsource-2.32.3-2.el8.s390x.rpm\nwebkit2gtk3-devel-2.32.3-2.el8.s390x.rpm\nwebkit2gtk3-devel-debuginfo-2.32.3-2.el8.s390x.rpm\nwebkit2gtk3-jsc-2.32.3-2.el8.s390x.rpm\nwebkit2gtk3-jsc-debuginfo-2.32.3-2.el8.s390x.rpm\nwebkit2gtk3-jsc-devel-2.32.3-2.el8.s390x.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.s390x.rpm\n\nx86_64:\nLibRaw-0.19.5-3.el8.i686.rpm\nLibRaw-0.19.5-3.el8.x86_64.rpm\nLibRaw-debuginfo-0.19.5-3.el8.i686.rpm\nLibRaw-debuginfo-0.19.5-3.el8.x86_64.rpm\nLibRaw-debugsource-0.19.5-3.el8.i686.rpm\nLibRaw-debugsource-0.19.5-3.el8.x86_64.rpm\nLibRaw-samples-debuginfo-0.19.5-3.el8.i686.rpm\nLibRaw-samples-debuginfo-0.19.5-3.el8.x86_64.rpm\naccountsservice-0.6.55-2.el8.x86_64.rpm\naccountsservice-debuginfo-0.6.55-2.el8.i686.rpm\naccountsservice-debuginfo-0.6.55-2.el8.x86_64.rpm\naccountsservice-debugsource-0.6.55-2.el8.i686.rpm\naccountsservice-debugsource-0.6.55-2.el8.x86_64.rpm\naccountsservice-libs-0.6.55-2.el8.i686.rpm\naccountsservice-libs-0.6.55-2.el8.x86_64.rpm\naccountsservice-libs-debuginfo-0.6.55-2.el8.i686.rpm\naccountsservice-libs-debuginfo-0.6.55-2.el8.x86_64.rpm\ngdm-40.0-15.el8.i686.rpm\ngdm-40.0-15.el8.x86_64.rpm\ngdm-debuginfo-40.0-15.el8.i686.rpm\ngdm-debuginfo-40.0-15.el8.x86_64.rpm\ngdm-debugsource-40.0-15.el8.i686.rpm\ngdm-debugsource-40.0-15.el8.x86_64.rpm\ngnome-autoar-0.2.3-2.el8.i686.rpm\ngnome-autoar-0.2.3-2.el8.x86_64.rpm\ngnome-autoar-debuginfo-0.2.3-2.el8.i686.rpm\ngnome-autoar-debuginfo-0.2.3-2.el8.x86_64.rpm\ngnome-autoar-debugsource-0.2.3-2.el8.i686.rpm\ngnome-autoar-debugsource-0.2.3-2.el8.x86_64.rpm\ngnome-calculator-3.28.2-2.el8.x86_64.rpm\ngnome-calculator-debuginfo-3.28.2-2.el8.x86_64.rpm\ngnome-calculator-debugsource-3.28.2-2.el8.x86_64.rpm\ngnome-control-center-3.28.2-28.el8.x86_64.rpm\ngnome-control-center-debuginfo-3.28.2-28.el8.x86_64.rpm\ngnome-control-center-debugsource-3.28.2-28.el8.x86_64.rpm\ngnome-online-accounts-3.28.2-3.el8.i686.rpm\ngnome-online-accounts-3.28.2-3.el8.x86_64.rpm\ngnome-online-accounts-debuginfo-3.28.2-3.el8.i686.rpm\ngnome-online-accounts-debuginfo-3.28.2-3.el8.x86_64.rpm\ngnome-online-accounts-debugsource-3.28.2-3.el8.i686.rpm\ngnome-online-accounts-debugsource-3.28.2-3.el8.x86_64.rpm\ngnome-online-accounts-devel-3.28.2-3.el8.i686.rpm\ngnome-online-accounts-devel-3.28.2-3.el8.x86_64.rpm\ngnome-session-3.28.1-13.el8.x86_64.rpm\ngnome-session-debuginfo-3.28.1-13.el8.x86_64.rpm\ngnome-session-debugsource-3.28.1-13.el8.x86_64.rpm\ngnome-session-kiosk-session-3.28.1-13.el8.x86_64.rpm\ngnome-session-wayland-session-3.28.1-13.el8.x86_64.rpm\ngnome-session-xsession-3.28.1-13.el8.x86_64.rpm\ngnome-settings-daemon-3.32.0-16.el8.x86_64.rpm\ngnome-settings-daemon-debuginfo-3.32.0-16.el8.x86_64.rpm\ngnome-settings-daemon-debugsource-3.32.0-16.el8.x86_64.rpm\ngnome-shell-3.32.2-40.el8.x86_64.rpm\ngnome-shell-debuginfo-3.32.2-40.el8.x86_64.rpm\ngnome-shell-debugsource-3.32.2-40.el8.x86_64.rpm\ngnome-software-3.36.1-10.el8.x86_64.rpm\ngnome-software-debuginfo-3.36.1-10.el8.x86_64.rpm\ngnome-software-debugsource-3.36.1-10.el8.x86_64.rpm\ngsettings-desktop-schemas-3.32.0-6.el8.i686.rpm\ngsettings-desktop-schemas-devel-3.32.0-6.el8.i686.rpm\ngsettings-desktop-schemas-devel-3.32.0-6.el8.x86_64.rpm\ngtk-update-icon-cache-3.22.30-8.el8.x86_64.rpm\ngtk-update-icon-cache-debuginfo-3.22.30-8.el8.i686.rpm\ngtk-update-icon-cache-debuginfo-3.22.30-8.el8.x86_64.rpm\ngtk3-3.22.30-8.el8.i686.rpm\ngtk3-3.22.30-8.el8.x86_64.rpm\ngtk3-debuginfo-3.22.30-8.el8.i686.rpm\ngtk3-debuginfo-3.22.30-8.el8.x86_64.rpm\ngtk3-debugsource-3.22.30-8.el8.i686.rpm\ngtk3-debugsource-3.22.30-8.el8.x86_64.rpm\ngtk3-devel-3.22.30-8.el8.i686.rpm\ngtk3-devel-3.22.30-8.el8.x86_64.rpm\ngtk3-devel-debuginfo-3.22.30-8.el8.i686.rpm\ngtk3-devel-debuginfo-3.22.30-8.el8.x86_64.rpm\ngtk3-immodule-xim-3.22.30-8.el8.x86_64.rpm\ngtk3-immodule-xim-debuginfo-3.22.30-8.el8.i686.rpm\ngtk3-immodule-xim-debuginfo-3.22.30-8.el8.x86_64.rpm\ngtk3-immodules-debuginfo-3.22.30-8.el8.i686.rpm\ngtk3-immodules-debuginfo-3.22.30-8.el8.x86_64.rpm\ngtk3-tests-debuginfo-3.22.30-8.el8.i686.rpm\ngtk3-tests-debuginfo-3.22.30-8.el8.x86_64.rpm\nmutter-3.32.2-60.el8.i686.rpm\nmutter-3.32.2-60.el8.x86_64.rpm\nmutter-debuginfo-3.32.2-60.el8.i686.rpm\nmutter-debuginfo-3.32.2-60.el8.x86_64.rpm\nmutter-debugsource-3.32.2-60.el8.i686.rpm\nmutter-debugsource-3.32.2-60.el8.x86_64.rpm\nmutter-tests-debuginfo-3.32.2-60.el8.i686.rpm\nmutter-tests-debuginfo-3.32.2-60.el8.x86_64.rpm\nvino-3.22.0-11.el8.x86_64.rpm\nvino-debuginfo-3.22.0-11.el8.x86_64.rpm\nvino-debugsource-3.22.0-11.el8.x86_64.rpm\nwebkit2gtk3-2.32.3-2.el8.i686.rpm\nwebkit2gtk3-2.32.3-2.el8.x86_64.rpm\nwebkit2gtk3-debuginfo-2.32.3-2.el8.i686.rpm\nwebkit2gtk3-debuginfo-2.32.3-2.el8.x86_64.rpm\nwebkit2gtk3-debugsource-2.32.3-2.el8.i686.rpm\nwebkit2gtk3-debugsource-2.32.3-2.el8.x86_64.rpm\nwebkit2gtk3-devel-2.32.3-2.el8.i686.rpm\nwebkit2gtk3-devel-2.32.3-2.el8.x86_64.rpm\nwebkit2gtk3-devel-debuginfo-2.32.3-2.el8.i686.rpm\nwebkit2gtk3-devel-debuginfo-2.32.3-2.el8.x86_64.rpm\nwebkit2gtk3-jsc-2.32.3-2.el8.i686.rpm\nwebkit2gtk3-jsc-2.32.3-2.el8.x86_64.rpm\nwebkit2gtk3-jsc-debuginfo-2.32.3-2.el8.i686.rpm\nwebkit2gtk3-jsc-debuginfo-2.32.3-2.el8.x86_64.rpm\nwebkit2gtk3-jsc-devel-2.32.3-2.el8.i686.rpm\nwebkit2gtk3-jsc-devel-2.32.3-2.el8.x86_64.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.i686.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.x86_64.rpm\n\nRed Hat Enterprise Linux BaseOS (v. 8):\n\nSource:\ngsettings-desktop-schemas-3.32.0-6.el8.src.rpm\n\naarch64:\ngsettings-desktop-schemas-3.32.0-6.el8.aarch64.rpm\n\nppc64le:\ngsettings-desktop-schemas-3.32.0-6.el8.ppc64le.rpm\n\ns390x:\ngsettings-desktop-schemas-3.32.0-6.el8.s390x.rpm\n\nx86_64:\ngsettings-desktop-schemas-3.32.0-6.el8.x86_64.rpm\n\nRed Hat Enterprise Linux CRB (v. 8):\n\naarch64:\naccountsservice-debuginfo-0.6.55-2.el8.aarch64.rpm\naccountsservice-debugsource-0.6.55-2.el8.aarch64.rpm\naccountsservice-devel-0.6.55-2.el8.aarch64.rpm\naccountsservice-libs-debuginfo-0.6.55-2.el8.aarch64.rpm\ngnome-software-debuginfo-3.36.1-10.el8.aarch64.rpm\ngnome-software-debugsource-3.36.1-10.el8.aarch64.rpm\ngnome-software-devel-3.36.1-10.el8.aarch64.rpm\nmutter-debuginfo-3.32.2-60.el8.aarch64.rpm\nmutter-debugsource-3.32.2-60.el8.aarch64.rpm\nmutter-devel-3.32.2-60.el8.aarch64.rpm\nmutter-tests-debuginfo-3.32.2-60.el8.aarch64.rpm\n\nppc64le:\nLibRaw-debuginfo-0.19.5-3.el8.ppc64le.rpm\nLibRaw-debugsource-0.19.5-3.el8.ppc64le.rpm\nLibRaw-devel-0.19.5-3.el8.ppc64le.rpm\nLibRaw-samples-debuginfo-0.19.5-3.el8.ppc64le.rpm\naccountsservice-debuginfo-0.6.55-2.el8.ppc64le.rpm\naccountsservice-debugsource-0.6.55-2.el8.ppc64le.rpm\naccountsservice-devel-0.6.55-2.el8.ppc64le.rpm\naccountsservice-libs-debuginfo-0.6.55-2.el8.ppc64le.rpm\ngnome-software-debuginfo-3.36.1-10.el8.ppc64le.rpm\ngnome-software-debugsource-3.36.1-10.el8.ppc64le.rpm\ngnome-software-devel-3.36.1-10.el8.ppc64le.rpm\nmutter-debuginfo-3.32.2-60.el8.ppc64le.rpm\nmutter-debugsource-3.32.2-60.el8.ppc64le.rpm\nmutter-devel-3.32.2-60.el8.ppc64le.rpm\nmutter-tests-debuginfo-3.32.2-60.el8.ppc64le.rpm\n\ns390x:\naccountsservice-debuginfo-0.6.55-2.el8.s390x.rpm\naccountsservice-debugsource-0.6.55-2.el8.s390x.rpm\naccountsservice-devel-0.6.55-2.el8.s390x.rpm\naccountsservice-libs-debuginfo-0.6.55-2.el8.s390x.rpm\ngnome-software-debuginfo-3.36.1-10.el8.s390x.rpm\ngnome-software-debugsource-3.36.1-10.el8.s390x.rpm\ngnome-software-devel-3.36.1-10.el8.s390x.rpm\nmutter-debuginfo-3.32.2-60.el8.s390x.rpm\nmutter-debugsource-3.32.2-60.el8.s390x.rpm\nmutter-devel-3.32.2-60.el8.s390x.rpm\nmutter-tests-debuginfo-3.32.2-60.el8.s390x.rpm\n\nx86_64:\nLibRaw-debuginfo-0.19.5-3.el8.i686.rpm\nLibRaw-debuginfo-0.19.5-3.el8.x86_64.rpm\nLibRaw-debugsource-0.19.5-3.el8.i686.rpm\nLibRaw-debugsource-0.19.5-3.el8.x86_64.rpm\nLibRaw-devel-0.19.5-3.el8.i686.rpm\nLibRaw-devel-0.19.5-3.el8.x86_64.rpm\nLibRaw-samples-debuginfo-0.19.5-3.el8.i686.rpm\nLibRaw-samples-debuginfo-0.19.5-3.el8.x86_64.rpm\naccountsservice-debuginfo-0.6.55-2.el8.i686.rpm\naccountsservice-debuginfo-0.6.55-2.el8.x86_64.rpm\naccountsservice-debugsource-0.6.55-2.el8.i686.rpm\naccountsservice-debugsource-0.6.55-2.el8.x86_64.rpm\naccountsservice-devel-0.6.55-2.el8.i686.rpm\naccountsservice-devel-0.6.55-2.el8.x86_64.rpm\naccountsservice-libs-debuginfo-0.6.55-2.el8.i686.rpm\naccountsservice-libs-debuginfo-0.6.55-2.el8.x86_64.rpm\ngnome-software-3.36.1-10.el8.i686.rpm\ngnome-software-debuginfo-3.36.1-10.el8.i686.rpm\ngnome-software-debuginfo-3.36.1-10.el8.x86_64.rpm\ngnome-software-debugsource-3.36.1-10.el8.i686.rpm\ngnome-software-debugsource-3.36.1-10.el8.x86_64.rpm\ngnome-software-devel-3.36.1-10.el8.i686.rpm\ngnome-software-devel-3.36.1-10.el8.x86_64.rpm\nmutter-debuginfo-3.32.2-60.el8.i686.rpm\nmutter-debuginfo-3.32.2-60.el8.x86_64.rpm\nmutter-debugsource-3.32.2-60.el8.i686.rpm\nmutter-debugsource-3.32.2-60.el8.x86_64.rpm\nmutter-devel-3.32.2-60.el8.i686.rpm\nmutter-devel-3.32.2-60.el8.x86_64.rpm\nmutter-tests-debuginfo-3.32.2-60.el8.i686.rpm\nmutter-tests-debuginfo-3.32.2-60.el8.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-13558\nhttps://access.redhat.com/security/cve/CVE-2020-24870\nhttps://access.redhat.com/security/cve/CVE-2020-27918\nhttps://access.redhat.com/security/cve/CVE-2020-29623\nhttps://access.redhat.com/security/cve/CVE-2020-36241\nhttps://access.redhat.com/security/cve/CVE-2021-1765\nhttps://access.redhat.com/security/cve/CVE-2021-1788\nhttps://access.redhat.com/security/cve/CVE-2021-1789\nhttps://access.redhat.com/security/cve/CVE-2021-1799\nhttps://access.redhat.com/security/cve/CVE-2021-1801\nhttps://access.redhat.com/security/cve/CVE-2021-1844\nhttps://access.redhat.com/security/cve/CVE-2021-1870\nhttps://access.redhat.com/security/cve/CVE-2021-1871\nhttps://access.redhat.com/security/cve/CVE-2021-21775\nhttps://access.redhat.com/security/cve/CVE-2021-21779\nhttps://access.redhat.com/security/cve/CVE-2021-21806\nhttps://access.redhat.com/security/cve/CVE-2021-28650\nhttps://access.redhat.com/security/cve/CVE-2021-30663\nhttps://access.redhat.com/security/cve/CVE-2021-30665\nhttps://access.redhat.com/security/cve/CVE-2021-30682\nhttps://access.redhat.com/security/cve/CVE-2021-30689\nhttps://access.redhat.com/security/cve/CVE-2021-30720\nhttps://access.redhat.com/security/cve/CVE-2021-30734\nhttps://access.redhat.com/security/cve/CVE-2021-30744\nhttps://access.redhat.com/security/cve/CVE-2021-30749\nhttps://access.redhat.com/security/cve/CVE-2021-30758\nhttps://access.redhat.com/security/cve/CVE-2021-30795\nhttps://access.redhat.com/security/cve/CVE-2021-30797\nhttps://access.redhat.com/security/cve/CVE-2021-30799\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYYrdm9zjgjWX9erEAQhgIA/+KzLn8QVHI3X8x9ufH1+nO8QXQqwTGQ0E\nawNXP8h4qsL7EGugHrz/KVjwaKJs/erPxh5jGl/xE1ZhngGlyStUpQkI2Y3cP2/3\n05jDPPS0QEfG5Y0rlnESyPxtwQTCpqped5P7L8VtKuzRae1HV63onsBB8zpcIFF7\nsTKcP6wAAjJDltUjlhnEkkE3G6Dxfv14/UowRAWoT9pa9cP0+KqdhuYKHdt3fCD7\ntEItM/SFQGoCF8zvXbvAiUXfZsQ/t/Yik9O6WISTWenaxCcP43Xn7aicsvZMVOvQ\nw+jnH/hnMLBoPhH2k4PClsDapa/D6IrQIUrwxtgfbC4KRs0fbdrEGCPqs4nl/AdD\nMigcf4gCMBq0bk3/yKp+/bi+OWwRMmw3ZdkJsOTNrOAkK1UCyrpF1ULyfs+8/OC5\nQnXW88fPCwhFj+KSAq5Cqfwm3hrKTCWIT/T1DQBG+J7Y9NgEx+zEXVmWaaA0z+7T\nqji5aUsIH+TG3t1EwtXABWGGEBRxC+svUoWNJBW1u6qwxfMx5E+hHUHhRewVYLYu\nSToRXa3cIX23M/XyHNXBgMCpPPw8DeY5aAA1fvKQsuMCLywDg0N3mYhvk1HUNidb\nZ6HmsLjLrGbkb1AAhP0V0wUuh5P6YJlL6iM49fQgztlHoBO0OAo56GBjAyT3pAAX\n2rgR2Ny0wo4=gfrM\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2021-05-25-7 tvOS 14.6\n\ntvOS 14.6 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT212532. \n\nAudio\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Processing a maliciously crafted audio file may lead to\narbitrary code execution\nDescription: This issue was addressed with improved checks. \nCVE-2021-30707: hjy79425575 working with Trend Micro Zero Day\nInitiative\n\nAudio\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Parsing a maliciously crafted audio file may lead to\ndisclosure of user information\nDescription: This issue was addressed with improved checks. \nCVE-2021-30685: Mickey Jin (@patch1t) of Trend Micro\n\nCoreAudio\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Processing a maliciously crafted audio file may disclose\nrestricted memory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2021-30686: Mickey Jin of Trend Micro\n\nCrash Reporter\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: A malicious application may be able to modify protected parts\nof the file system\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30727: Cees Elzinga\n\nCVMS\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: A local attacker may be able to elevate their privileges\nDescription: This issue was addressed with improved checks. \nCVE-2021-30724: Mickey Jin (@patch1t) of Trend Micro\n\nHeimdal\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: A local user may be able to leak sensitive user information\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30697: Gabe Kirkpatrick (@gabe_k)\n\nHeimdal\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: A malicious application may cause a denial of service or\npotentially disclose memory contents\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2021-30710: Gabe Kirkpatrick (@gabe_k)\n\nImageIO\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Processing a maliciously crafted image may lead to disclosure\nof user information\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2021-30687: Hou JingYi (@hjy79425575) of Qihoo 360\n\nImageIO\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Processing a maliciously crafted image may lead to disclosure\nof user information\nDescription: This issue was addressed with improved checks. \nCVE-2021-30700: Ye Zhang(@co0py_Cat) of Baidu Security\n\nImageIO\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: This issue was addressed with improved checks. \nCVE-2021-30701: Mickey Jin (@patch1t) of Trend Micro and Ye Zhang of\nBaidu Security\n\nImageIO\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Processing a maliciously crafted ASTC file may disclose\nmemory contents\nDescription: This issue was addressed with improved checks. \nCVE-2021-30705: Ye Zhang of Baidu Security\n\nKernel\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A logic issue was addressed with improved validation. \nCVE-2021-30740: Linus Henze (pinauten.de)\n\nKernel\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30704: an anonymous researcher\n\nKernel\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Processing a maliciously crafted message may lead to a denial\nof service\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30715: The UK\u0027s National Cyber Security Centre (NCSC)\n\nKernel\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A buffer overflow was addressed with improved size\nvalidation. \nCVE-2021-30736: Ian Beer of Google Project Zero\n\nLaunchServices\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: A malicious application may be able to break out of its\nsandbox\nDescription: This issue was addressed with improved environment\nsanitization. \nCVE-2021-30677: Ron Waisberg (@epsilan)\n\nSecurity\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Processing a maliciously crafted certificate may lead to\narbitrary code execution\nDescription: A memory corruption issue in the ASN.1 decoder was\naddressed by removing the vulnerable code. \nCVE-2021-30665: yangkang (@dnpushme)\u0026zerokeeper\u0026bianliang of 360 ATA\n\nWebKit\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Processing maliciously crafted web content may lead to\nuniversal cross site scripting\nDescription: A cross-origin issue with iframe elements was addressed\nwith improved tracking of security origins. \nCVE-2021-21779: Marcin Towalski of Cisco Talos\n\nWebKit\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: A malicious application may be able to leak sensitive user\ninformation\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2021-30682: an anonymous researcher and 1lastBr3ath\n\nWebKit\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Processing maliciously crafted web content may lead to\nuniversal cross site scripting\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30749: an anonymous researcher and mipu94 of SEFCOM lab,\nASU. working with Trend Micro Zero Day Initiative\nCVE-2021-30734: Jack Dates of RET2 Systems, Inc. (@ret2systems)\nworking with Trend Micro Zero Day Initiative\n\nWebKit\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: A malicious website may be able to access restricted ports on\narbitrary servers\nDescription: A logic issue was addressed with improved restrictions. \nDescription: An integer overflow was addressed with improved input\nvalidation. \nCVE-2021-30663: an anonymous researcher\n\nAdditional recognition\n\nImageIO\nWe would like to acknowledge Jzhu working with Trend Micro Zero Day\nInitiative and an anonymous researcher for their assistance. \n\nWebKit\nWe would like to acknowledge Chris Salls (@salls) of Makai Security\nfor their assistance. \n\nApple TV will periodically check for software updates. Alternatively,\nyou may manually check for software updates by selecting\n\"Settings -\u003e System -\u003e Software Update -\u003e Update Software.\"\n\nTo check the current version of software, select\n\"Settings -\u003e General -\u003e About.\"\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmCtU9MACgkQZcsbuWJ6\njjBzuhAAmXJik2L+PmRMzs6dd1QcCSwHYi0KLG0ERapHKJsFcm5+xpv87a4AFO4p\n3E6+5w9wQSWVEsQG1PIvuyV3M81xuu8xY88tAD1ce1qGA4Dny4E7RU08Y0l43j/x\nd1RemCf0TjwYpvX34/GaOspxFQYnRo1gWsU1v7bieF8vMHZmUOlgiNep0UEG3Kuq\n7IAAsfzWS43a+nkefSDWEujMNwbg1SZKua/+BXgZC7AOXdAHItqyNBFIerUc2uSf\nReHLZ5BNBKw9OsL9qoJsiLCmwxKrpUTzpQahu2gybZf65nza6QPOTohqqWq79EOD\nmIqOW4SQ5mVSrzMh+GB9EovMY+l5YgyHwObTUjRW+4znLU7fqNXBgwzgWoIpJdF0\nrpkjP3phOGXZWwiBhRmm5iYI08HFoBfF+EoPFN5Ucl7ZWz2uF0bQlbp3yqRoGRaO\nZWY2LzPIdP5zSq7rqXDaVnNFuKF93J4ouZZwVMXA4yf5wmQ3silIeJlvxxphlet8\noXv2pkewq9A81RGMlgMDZMvawQvPGkOVgeBm1coajN1swNY8esW7N6J1+rtDL0mI\nsulaGZCeSM9ndg5VRU2lpClFdGEUZXT2hZ8NoMV6jj48c0gZBW3M82snGD4zeRqM\ndcezqg6o22ZxpogRJuRf41Y87ktE5o73wgj0xu72MQoxK86+Ek0=\n=BeQR\n-----END PGP SIGNATURE-----\n\n\n. \n\nAlternatively, on your watch, select \"My Watch \u003e General \u003e About\". \nCVE-2021-30661: yangkang (@dnpushme)\u0026zerokeeper\u0026bianliang of 360 ATA\n\nInstallation note:\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom https://www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202202-01\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: WebkitGTK+: Multiple vulnerabilities\n Date: February 01, 2022\n Bugs: #779175, #801400, #813489, #819522, #820434, #829723,\n #831739\n ID: 202202-01\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been found in WebkitGTK+, the worst of\nwhich could result in the arbitrary execution of code. \n\nBackground\n=========\nWebKitGTK+ is a full-featured port of the WebKit rendering engine,\nsuitable for projects requiring any kind of web integration, from hybrid\nHTML/CSS applications to full-fledged web browsers. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-libs/webkit-gtk \u003c 2.34.4 \u003e= 2.34.4\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in WebkitGTK+. Please\nreview the CVE identifiers referenced below for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll WebkitGTK+ users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-libs/webkit-gtk-2.34.4\"\n\nReferences\n=========\n[ 1 ] CVE-2021-30848\n https://nvd.nist.gov/vuln/detail/CVE-2021-30848\n[ 2 ] CVE-2021-30888\n https://nvd.nist.gov/vuln/detail/CVE-2021-30888\n[ 3 ] CVE-2021-30682\n https://nvd.nist.gov/vuln/detail/CVE-2021-30682\n[ 4 ] CVE-2021-30889\n https://nvd.nist.gov/vuln/detail/CVE-2021-30889\n[ 5 ] CVE-2021-30666\n https://nvd.nist.gov/vuln/detail/CVE-2021-30666\n[ 6 ] CVE-2021-30665\n https://nvd.nist.gov/vuln/detail/CVE-2021-30665\n[ 7 ] CVE-2021-30890\n https://nvd.nist.gov/vuln/detail/CVE-2021-30890\n[ 8 ] CVE-2021-30661\n https://nvd.nist.gov/vuln/detail/CVE-2021-30661\n[ 9 ] WSA-2021-0005\n https://webkitgtk.org/security/WSA-2021-0005.html\n[ 10 ] CVE-2021-30761\n https://nvd.nist.gov/vuln/detail/CVE-2021-30761\n[ 11 ] CVE-2021-30897\n https://nvd.nist.gov/vuln/detail/CVE-2021-30897\n[ 12 ] CVE-2021-30823\n https://nvd.nist.gov/vuln/detail/CVE-2021-30823\n[ 13 ] CVE-2021-30734\n https://nvd.nist.gov/vuln/detail/CVE-2021-30734\n[ 14 ] CVE-2021-30934\n https://nvd.nist.gov/vuln/detail/CVE-2021-30934\n[ 15 ] CVE-2021-1871\n https://nvd.nist.gov/vuln/detail/CVE-2021-1871\n[ 16 ] CVE-2021-30762\n https://nvd.nist.gov/vuln/detail/CVE-2021-30762\n[ 17 ] WSA-2021-0006\n https://webkitgtk.org/security/WSA-2021-0006.html\n[ 18 ] CVE-2021-30797\n https://nvd.nist.gov/vuln/detail/CVE-2021-30797\n[ 19 ] CVE-2021-30936\n https://nvd.nist.gov/vuln/detail/CVE-2021-30936\n[ 20 ] CVE-2021-30663\n https://nvd.nist.gov/vuln/detail/CVE-2021-30663\n[ 21 ] CVE-2021-1825\n https://nvd.nist.gov/vuln/detail/CVE-2021-1825\n[ 22 ] CVE-2021-30951\n https://nvd.nist.gov/vuln/detail/CVE-2021-30951\n[ 23 ] CVE-2021-30952\n https://nvd.nist.gov/vuln/detail/CVE-2021-30952\n[ 24 ] CVE-2021-1788\n https://nvd.nist.gov/vuln/detail/CVE-2021-1788\n[ 25 ] CVE-2021-1820\n https://nvd.nist.gov/vuln/detail/CVE-2021-1820\n[ 26 ] CVE-2021-30953\n https://nvd.nist.gov/vuln/detail/CVE-2021-30953\n[ 27 ] CVE-2021-30749\n https://nvd.nist.gov/vuln/detail/CVE-2021-30749\n[ 28 ] CVE-2021-30849\n https://nvd.nist.gov/vuln/detail/CVE-2021-30849\n[ 29 ] CVE-2021-1826\n https://nvd.nist.gov/vuln/detail/CVE-2021-1826\n[ 30 ] CVE-2021-30836\n https://nvd.nist.gov/vuln/detail/CVE-2021-30836\n[ 31 ] CVE-2021-30954\n https://nvd.nist.gov/vuln/detail/CVE-2021-30954\n[ 32 ] CVE-2021-30984\n https://nvd.nist.gov/vuln/detail/CVE-2021-30984\n[ 33 ] CVE-2021-30851\n https://nvd.nist.gov/vuln/detail/CVE-2021-30851\n[ 34 ] CVE-2021-30758\n https://nvd.nist.gov/vuln/detail/CVE-2021-30758\n[ 35 ] CVE-2021-42762\n https://nvd.nist.gov/vuln/detail/CVE-2021-42762\n[ 36 ] CVE-2021-1844\n https://nvd.nist.gov/vuln/detail/CVE-2021-1844\n[ 37 ] CVE-2021-30689\n https://nvd.nist.gov/vuln/detail/CVE-2021-30689\n[ 38 ] CVE-2021-45482\n https://nvd.nist.gov/vuln/detail/CVE-2021-45482\n[ 39 ] CVE-2021-30858\n https://nvd.nist.gov/vuln/detail/CVE-2021-30858\n[ 40 ] CVE-2021-21779\n https://nvd.nist.gov/vuln/detail/CVE-2021-21779\n[ 41 ] WSA-2021-0004\n https://webkitgtk.org/security/WSA-2021-0004.html\n[ 42 ] CVE-2021-30846\n https://nvd.nist.gov/vuln/detail/CVE-2021-30846\n[ 43 ] CVE-2021-30744\n https://nvd.nist.gov/vuln/detail/CVE-2021-30744\n[ 44 ] CVE-2021-30809\n https://nvd.nist.gov/vuln/detail/CVE-2021-30809\n[ 45 ] CVE-2021-30884\n https://nvd.nist.gov/vuln/detail/CVE-2021-30884\n[ 46 ] CVE-2021-30720\n https://nvd.nist.gov/vuln/detail/CVE-2021-30720\n[ 47 ] CVE-2021-30799\n https://nvd.nist.gov/vuln/detail/CVE-2021-30799\n[ 48 ] CVE-2021-30795\n https://nvd.nist.gov/vuln/detail/CVE-2021-30795\n[ 49 ] CVE-2021-1817\n https://nvd.nist.gov/vuln/detail/CVE-2021-1817\n[ 50 ] CVE-2021-21775\n https://nvd.nist.gov/vuln/detail/CVE-2021-21775\n[ 51 ] CVE-2021-30887\n https://nvd.nist.gov/vuln/detail/CVE-2021-30887\n[ 52 ] CVE-2021-21806\n https://nvd.nist.gov/vuln/detail/CVE-2021-21806\n[ 53 ] CVE-2021-30818\n https://nvd.nist.gov/vuln/detail/CVE-2021-30818\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202202-01\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n", "sources": [ { "db": "NVD", "id": "CVE-2021-30665" }, { "db": "VULHUB", "id": "VHN-390398" }, { "db": "VULMON", "id": "CVE-2021-30665" }, { "db": "PACKETSTORM", "id": "169087" }, { "db": "PACKETSTORM", "id": "164872" }, { "db": "PACKETSTORM", "id": "162825" }, { "db": "PACKETSTORM", "id": "162448" }, { "db": "PACKETSTORM", "id": "162452" }, { "db": "PACKETSTORM", "id": "162447" }, { "db": "PACKETSTORM", "id": "165794" } ], "trust": 1.71 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://www.scap.org.cn/vuln/vhn-390398", "trust": 0.1, "type": "unknown" } ], "sources": [ { "db": "VULHUB", "id": "VHN-390398" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-30665", "trust": 2.5 }, { "db": "PACKETSTORM", "id": "162825", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "165794", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "164872", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "162447", "trust": 0.8 }, { "db": "CS-HELP", "id": "SB2021072711", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021050503", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021072919", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021080506", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021052503", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1795", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.0245", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.2563", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.3779", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.2787", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.2622", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1501", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202105-060", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "162452", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "162448", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "162449", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-390398", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2021-30665", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "169087", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-390398" }, { "db": "VULMON", "id": "CVE-2021-30665" }, { "db": "PACKETSTORM", "id": "169087" }, { "db": "PACKETSTORM", "id": "164872" }, { "db": "PACKETSTORM", "id": "162825" }, { "db": "PACKETSTORM", "id": "162448" }, { "db": "PACKETSTORM", "id": "162452" }, { "db": "PACKETSTORM", "id": "162447" }, { "db": "PACKETSTORM", "id": "165794" }, { "db": "CNNVD", "id": "CNNVD-202105-060" }, { "db": "NVD", "id": "CVE-2021-30665" } ] }, "id": "VAR-202109-1315", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-390398" } ], "trust": 0.01 }, "last_update_date": "2024-11-29T21:00:04.069000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Apple Safari Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=149091" }, { "title": "BleepingComputer", "trust": 0.1, "url": "https://www.bleepingcomputer.com/news/apple/apple-fixes-2-ios-zero-day-vulnerabilities-actively-used-in-attacks/" }, { "title": null, "trust": 0.1, "url": "https://www.theregister.co.uk/2021/05/04/in_brief_security/" } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-30665" }, { "db": "CNNVD", "id": "CNNVD-202105-060" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-390398" }, { "db": "NVD", "id": "CVE-2021-30665" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://support.apple.com/en-us/ht212335" }, { "trust": 1.7, "url": "https://support.apple.com/en-us/ht212336" }, { "trust": 1.7, "url": "https://support.apple.com/en-us/ht212339" }, { "trust": 1.7, "url": "https://support.apple.com/en-us/ht212341" }, { "trust": 1.7, "url": "https://support.apple.com/en-us/ht212532" }, { "trust": 1.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30665" }, { "trust": 0.7, "url": "https://access.redhat.com/security/cve/cve-2021-30665" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30663" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0245" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021080506" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/apple-macos-two-vulnerabilities-via-webkit-35223" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021052503" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/162825/apple-security-advisory-2021-05-25-7.html" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/162447/apple-security-advisory-2021-05-03-2.html" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021072711" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.3779" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1501" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.2622" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.2787" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/164872/red-hat-security-advisory-2021-4381-05.html" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/webkitgtk-multiple-vulnerabilities-36009" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1795" }, { "trust": 0.6, "url": "https://support.apple.com/en-us/ht212340" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.2563" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021050503" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021072919" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/165794/gentoo-linux-security-advisory-202202-01.html" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21779" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30749" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30689" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30720" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30744" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30734" }, { "trust": 0.4, "url": "https://www.apple.com/support/security/pgp/" }, { "trust": 0.4, "url": "https://support.apple.com/kb/ht201222" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30758" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30795" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21775" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30682" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30797" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30799" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1871" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1844" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21806" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1788" }, { "trust": 0.2, "url": "https://www.apple.com/itunes/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30661" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30666" }, { "trust": 0.1, "url": "http://seclists.org/fulldisclosure/2021/may/7" }, { "trust": 0.1, "url": "https://www.debian.org/security/faq" }, { "trust": 0.1, "url": "https://security-tracker.debian.org/tracker/webkit2gtk" }, { "trust": 0.1, "url": "https://www.debian.org/security/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30744" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-1844" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1765" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-21775" }, { "trust": 0.1, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-1871" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-21806" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30734" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:4381" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1801" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1870" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30758" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-1870" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-1801" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-29623" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-36241" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30797" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-1765" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30720" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13558" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-13558" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-28650" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-24870" }, { "trust": 0.1, "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1799" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-1799" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-21779" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-29623" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-1789" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-27918" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30749" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30795" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30663" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24870" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-1788" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30799" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27918" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1789" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30689" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36241" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30682" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.1, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-28650" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30715" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30740" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30705" }, { "trust": 0.1, "url": "https://support.apple.com/ht212532." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30710" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30697" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30685" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30737" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30704" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30736" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30707" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30686" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30687" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30677" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30727" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30724" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30700" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30701" }, { "trust": 0.1, "url": "https://support.apple.com/ht212336." }, { "trust": 0.1, "url": "https://support.apple.com/kb/ht204641" }, { "trust": 0.1, "url": "https://support.apple.com/ht212339." }, { "trust": 0.1, "url": "https://support.apple.com/ht212341." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30984" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30849" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30953" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1820" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30851" }, { "trust": 0.1, "url": "https://security.gentoo.org/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30952" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30887" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30762" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30846" }, { "trust": 0.1, "url": "https://webkitgtk.org/security/wsa-2021-0005.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30884" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30858" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30897" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30936" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30954" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30890" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1817" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-42762" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30818" }, { "trust": 0.1, "url": "https://security.gentoo.org/glsa/202202-01" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-45482" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30809" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1825" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1826" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30951" }, { "trust": 0.1, "url": "https://webkitgtk.org/security/wsa-2021-0004.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30889" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30823" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30761" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30888" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30934" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30848" }, { "trust": 0.1, "url": "https://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "https://webkitgtk.org/security/wsa-2021-0006.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30836" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." } ], "sources": [ { "db": "VULHUB", "id": "VHN-390398" }, { "db": "VULMON", "id": "CVE-2021-30665" }, { "db": "PACKETSTORM", "id": "169087" }, { "db": "PACKETSTORM", "id": "164872" }, { "db": "PACKETSTORM", "id": "162825" }, { "db": "PACKETSTORM", "id": "162448" }, { "db": "PACKETSTORM", "id": "162452" }, { "db": "PACKETSTORM", "id": "162447" }, { "db": "PACKETSTORM", "id": "165794" }, { "db": "CNNVD", "id": "CNNVD-202105-060" }, { "db": "NVD", "id": "CVE-2021-30665" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-390398" }, { "db": "VULMON", "id": "CVE-2021-30665" }, { "db": "PACKETSTORM", "id": "169087" }, { "db": "PACKETSTORM", "id": "164872" }, { "db": "PACKETSTORM", "id": "162825" }, { "db": "PACKETSTORM", "id": "162448" }, { "db": "PACKETSTORM", "id": "162452" }, { "db": "PACKETSTORM", "id": "162447" }, { "db": "PACKETSTORM", "id": "165794" }, { "db": "CNNVD", "id": "CNNVD-202105-060" }, { "db": "NVD", "id": "CVE-2021-30665" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-09-08T00:00:00", "db": "VULHUB", "id": "VHN-390398" }, { "date": "2021-07-28T19:12:00", "db": "PACKETSTORM", "id": "169087" }, { "date": "2021-11-10T17:09:58", "db": "PACKETSTORM", "id": "164872" }, { "date": "2021-05-26T17:50:13", "db": "PACKETSTORM", "id": "162825" }, { "date": "2021-05-04T16:23:46", "db": "PACKETSTORM", "id": "162448" }, { "date": "2021-05-04T19:16:10", "db": "PACKETSTORM", "id": "162452" }, { "date": "2021-05-04T16:23:31", "db": "PACKETSTORM", "id": "162447" }, { "date": "2022-02-01T17:03:05", "db": "PACKETSTORM", "id": "165794" }, { "date": "2021-05-04T00:00:00", "db": "CNNVD", "id": "CNNVD-202105-060" }, { "date": "2021-09-08T15:15:13.507000", "db": "NVD", "id": "CVE-2021-30665" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-05-03T00:00:00", "db": "VULHUB", "id": "VHN-390398" }, { "date": "2022-05-06T00:00:00", "db": "CNNVD", "id": "CNNVD-202105-060" }, { "date": "2024-05-16T01:00:02.197000", "db": "NVD", "id": "CVE-2021-30665" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202105-060" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apple tvOS Buffer error vulnerability", "sources": [ { "db": "CNNVD", "id": "CNNVD-202105-060" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202105-060" } ], "trust": 0.6 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.