MGASA-2019-0281

See a problem?
Please try reporting it to the source first.
Source
https://advisories.mageia.org/MGASA-2019-0281.html
Import Source
https://advisories.mageia.org/MGASA-2019-0281.json
JSON Data
https://api.test.osv.dev/v1/vulns/MGASA-2019-0281
Related
Published
2019-09-15T14:45:31Z
Modified
2019-09-15T13:49:46Z
Summary
Updated webkit2 packages fix security vulnerabilities
Details

Updated webkit2 packages fix security vulnerabilities:

Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling (CVE-2019-8644).

Processing maliciously crafted web content may lead to universal cross site scripting. A logic issue existed in the handling of synchronous page loads. This issue was addressed with improved state management (CVE-2019-8649).

Processing maliciously crafted web content may lead to universal cross site scripting. A logic issue was addressed with improved state management (CVE-2019-8658).

Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling (CVE-2019-8666, CVE-2019-8669, CVE-2019-8671, CVE-2019-8672, CVE-2019-8673, CVE-2019-8676, CVE-2019-8677, CVE-2019-8678, CVE-2019-8679, CVE-2019-8680, CVE-2019-8681, CVE-2019-8683, CVE-2019-8684, CVE-2019-8686, CVE-2019-8687, CVE-2019-8688, CVE-2019-8689).

Processing maliciously crafted web content may lead to universal cross site scripting. A logic issue existed in the handling of document loads. This issue was addressed with improved state management (CVE-2019-8690).

For other fixes in this update, see the referenced release links.

References
Credits

Affected packages

Mageia:7 / webkit2

Package

Name
webkit2
Purl
pkg:rpm/mageia/webkit2?distro=mageia-7

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.24.4-1.mga7

Ecosystem specific 

{
    "section": "core"
}