CVE-2020-13753

NameCVE-2020-13753
DescriptionThe bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl. CLONE_NEWUSER could potentially be used to confuse xdg-desktop-portal, which allows access outside the sandbox. TIOCSTI can be used to directly execute commands outside the sandbox by writing to the controlling terminal's input buffer, similar to CVE-2017-5226.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-4724-1
NVD severityhigh

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
webkit2gtk (PTS)stretch2.18.6-1~deb9u1vulnerable
buster, buster (security)2.28.4-1~deb10u1fixed
bullseye, sid2.30.1-1fixed
wpewebkit (PTS)bullseye, sid2.30.0-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
webkit2gtksourcebuster2.28.3-2~deb10u1DSA-4724-1
webkit2gtksource(unstable)2.28.3-1
wpewebkitsource(unstable)2.28.3-1

Notes

[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
https://webkitgtk.org/security/WSA-2020-0006.html

Search for package or bug name: Reporting problems