{"id":"RLSA-2021:4381","summary":"Moderate: GNOME security, bug fix, and enhancement update","details":"GNOME is the default desktop environment of Rocky Linux.\n\nThe following packages have been upgraded to a later upstream version: gdm (40.0), webkit2gtk3 (2.32.3). (BZ#1909300)\n\nSecurity Fix(es):\n\n* webkitgtk: Use-after-free in AudioSourceProviderGStreamer leading to arbitrary code execution (CVE-2020-13558)\n\n* LibRaw: Stack buffer overflow in LibRaw::identify_process_dng_fields() in identify.cpp (CVE-2020-24870)\n\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2020-27918)\n\n* webkitgtk: IFrame sandboxing policy violation (CVE-2021-1765)\n\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2021-1788)\n\n* webkitgtk: Type confusion issue leading to arbitrary code execution (CVE-2021-1789)\n\n* webkitgtk: Access to restricted ports on arbitrary servers via port redirection (CVE-2021-1799)\n\n* webkitgtk: IFrame sandboxing policy violation (CVE-2021-1801)\n\n* webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2021-1844)\n\n* webkitgtk: Logic issue leading to arbitrary code execution (CVE-2021-1870)\n\n* webkitgtk: Logic issue leading to arbitrary code execution (CVE-2021-1871)\n\n* webkitgtk: Use-after-free in ImageLoader dispatchPendingErrorEvent leading to information leak and possibly code execution (CVE-2021-21775)\n\n* webkitgtk: Use-after-free in WebCore::GraphicsContext leading to information leak and possibly code execution (CVE-2021-21779)\n\n* webkitgtk: Use-after-free in fireEventListeners leading to arbitrary code execution (CVE-2021-21806)\n\n* webkitgtk: Integer overflow leading to arbitrary code execution (CVE-2021-30663)\n\n* webkitgtk: Memory corruption leading to arbitrary code execution (CVE-2021-30665)\n\n* webkitgtk: Logic issue leading to leak of sensitive user information (CVE-2021-30682)\n\n* webkitgtk: Logic issue leading to universal cross site scripting attack (CVE-2021-30689)\n\n* webkitgtk: Logic issue allowing access to restricted ports on arbitrary servers (CVE-2021-30720)\n\n* webkitgtk: Memory corruptions leading to arbitrary code execution (CVE-2021-30734)\n\n* webkitgtk: Cross-origin issue with iframe elements leading to universal cross site scripting attack (CVE-2021-30744)\n\n* webkitgtk: Memory corruptions leading to arbitrary code execution (CVE-2021-30749)\n\n* webkitgtk: Type confusion leading to arbitrary code execution (CVE-2021-30758)\n\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2021-30795)\n\n* webkitgtk: Insufficient checks leading to arbitrary code execution (CVE-2021-30797)\n\n* webkitgtk: Memory corruptions leading to arbitrary code execution (CVE-2021-30799)\n\n* webkitgtk: User may be unable to fully delete browsing history (CVE-2020-29623)\n\n* gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory (CVE-2020-36241)\n\n* gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory (incomplete CVE-2020-36241 fix) (CVE-2021-28650)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Rocky Linux 8.5 Release Notes linked from the References section.","modified":"2026-02-04T10:00:03.101377Z","published":"2021-11-09T09:15:15Z","upstream":["CVE-2020-13558","CVE-2020-24870","CVE-2020-27918","CVE-2020-29623","CVE-2020-36241","CVE-2021-1765","CVE-2021-1788","CVE-2021-1789","CVE-2021-1799","CVE-2021-1801","CVE-2021-1844","CVE-2021-1870","CVE-2021-1871","CVE-2021-21775","CVE-2021-21779","CVE-2021-21806","CVE-2021-28650","CVE-2021-30663","CVE-2021-30665","CVE-2021-30682","CVE-2021-30689","CVE-2021-30720","CVE-2021-30734","CVE-2021-30744","CVE-2021-30749","CVE-2021-30758","CVE-2021-30795","CVE-2021-30797","CVE-2021-30799"],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2021:4381"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1651378"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1770302"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1791478"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1813727"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1854679"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1873297"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1873488"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1888404"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1894613"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1897932"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1904139"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1905000"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1909300"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1914925"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1924725"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1925640"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1928794"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1928886"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1935261"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1937416"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1937866"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1938937"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1940026"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1944323"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1944329"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1944333"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1944337"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1944340"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1944343"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1944350"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1944859"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1944862"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1944867"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1949176"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1951086"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1952136"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1955754"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1957705"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1960705"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1962049"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1971507"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1971534"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1972545"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1978287"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1978505"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1978612"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1980441"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1980661"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1981420"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1986863"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1986866"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1986872"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1986874"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1986879"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1986881"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1986883"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1986886"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1986888"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1986890"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1986892"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1986900"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1986902"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1986906"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1987233"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1989035"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1998989"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1999120"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2004170"}],"affected":[{"package":{"name":"accountsservice","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/accountsservice?distro=rocky-linux-8-5-legacy&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:0.6.55-2.el8"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2021:4381.json"}},{"package":{"name":"gdm","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/gdm?distro=rocky-linux-8-5-legacy&epoch=1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:40.0-15.el8"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2021:4381.json"}},{"package":{"name":"gnome-autoar","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/gnome-autoar?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:0.2.3-2.el8"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2021:4381.json"}},{"package":{"name":"gnome-calculator","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/gnome-calculator?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.28.2-2.el8"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2021:4381.json"}},{"package":{"name":"gnome-control-center","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/gnome-control-center?distro=rocky-linux-8-5-legacy&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.28.2-28.el8"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2021:4381.json"}},{"package":{"name":"gnome-online-accounts","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/gnome-online-accounts?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.28.2-3.el8"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2021:4381.json"}},{"package":{"name":"gnome-session","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/gnome-session?distro=rocky-linux-8-5-legacy&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.28.1-13.el8"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2021:4381.json"}},{"package":{"name":"gnome-settings-daemon","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/gnome-settings-daemon?distro=rocky-linux-8-5-legacy&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.32.0-16.el8"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2021:4381.json"}},{"package":{"name":"gnome-settings-daemon","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/gnome-settings-daemon?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.32.0-16.el8_6.1"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2021:4381.json"}},{"package":{"name":"gnome-shell","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/gnome-shell?distro=rocky-linux-8-5-legacy&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.32.2-40.el8"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2021:4381.json"}},{"package":{"name":"gnome-shell-extensions","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/gnome-shell-extensions?distro=rocky-linux-8-5-legacy&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.32.1-20.el8"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2021:4381.json"}},{"package":{"name":"gnome-software","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/gnome-software?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.36.1-10.el8"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2021:4381.json"}},{"package":{"name":"gsettings-desktop-schemas","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/gsettings-desktop-schemas?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.32.0-6.el8"}],"database_specific":{"yum_repository":"BaseOS"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2021:4381.json"}},{"package":{"name":"gtk3","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/gtk3?distro=rocky-linux-8-5-legacy&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.22.30-8.el8"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2021:4381.json"}},{"package":{"name":"LibRaw","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/LibRaw?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:0.19.5-3.el8"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2021:4381.json"}},{"package":{"name":"mutter","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/mutter?distro=rocky-linux-8-5-legacy&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.32.2-60.el8"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2021:4381.json"}},{"package":{"name":"vino","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/vino?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.22.0-11.el8"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2021:4381.json"}},{"package":{"name":"webkit2gtk3","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/webkit2gtk3?distro=rocky-linux-8-5-legacy&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.32.3-2.el8"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2021:4381.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]}