webkit2gtk is vulnerable to privilege escalation. The vulnerability exists due to a VFS syscalls that manipulate its filesystem namespace that allows an attacker to escalate its privilege.
www.openwall.com/lists/oss-security/2021/10/26/9
www.openwall.com/lists/oss-security/2021/10/27/1
www.openwall.com/lists/oss-security/2021/10/27/2
www.openwall.com/lists/oss-security/2021/10/27/4
bugs.webkit.org/show_bug.cgi?id=231479
github.com/flatpak/flatpak/security/advisories/GHSA-67h7-w3jq-vh4q
lists.fedoraproject.org/archives/list/[email protected]/message/H6MGXCX7P5AHWOQ6IRT477UKT7IS4DAD/
lists.fedoraproject.org/archives/list/[email protected]/message/M5J2LZQTDX53DNSKSGU7TQYCO2HKSTY4/
lists.fedoraproject.org/archives/list/[email protected]/message/ON5SDVVPVPCAGFPW2GHYATZVZYLPW2L4/
secdb.alpinelinux.org/edge/community.yaml
www.debian.org/security/2021/dsa-4995
www.debian.org/security/2021/dsa-4996