====================================================================

                             CERT-Renater

                 Note d'Information No. 2021/VULN186
_____________________________________________________________________

DATE                : 30/03/2021

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S):  Systems running WebKitGTK, WPE WebKit versions
                                     prior to 2.32.0.

=====================================================================
https://webkitgtk.org/security/WSA-2021-0003.html
_____________________________________________________________________

WebKitGTK and WPE WebKit Security Advisory WSA-2021-0003

    Date Reported: March 29, 2021

    Advisory ID: WSA-2021-0003

    CVE identifiers: CVE-2021-1788, CVE-2021-1844, CVE-2021-1871.

Several vulnerabilities were discovered in WebKitGTK and WPE WebKit.

    CVE-2021-1788
        Versions affected: WebKitGTK before 2.32.0 and WPE WebKit before
         2.32.0.
        Credit to Francisco Alonso (@revskills).
        Impact: Processing maliciously crafted web content may lead to
         arbitrary code execution. Description: A use after free issue
         was addressed with improved memory management.
    CVE-2021-1844
        Versions affected: WebKitGTK before 2.32.0 and WPE WebKit before
         2.32.0.
        Credit to Clément Lecigne of Google’s Threat Analysis Group,
         Alison Huffman of Microsoft Browser Vulnerability Research.
        Impact: Processing maliciously crafted web content may lead to
         arbitrary code execution. Description: A memory corruption
         issue was addressed with improved validation.
    CVE-2021-1871
        Versions affected: WebKitGTK before 2.32.0 and WPE WebKit before
         2.32.0.
        Credit to an anonymous researcher.
        Impact: A remote attacker may be able to cause arbitrary code
         execution. Apple is aware of a report that this issue may have
         been actively exploited. Description: A logic issue was
         addressed with improved restrictions.

We recommend updating to the latest stable versions of WebKitGTK and WPE
WebKit. It is the best way to ensure that you are running safe versions
of WebKit. Please check our websites for information about the latest
stable releases.

Further information about WebKitGTK and WPE WebKit security advisories
can be found at: https://webkitgtk.org/security.html or
https://wpewebkit.org/security/.

=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================