Updated webkit2 packages fix security vulnerabilities
Publication date: 15 Sep 2019Modification date: 15 Sep 2019
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-8644 , CVE-2019-8649 , CVE-2019-8658 , CVE-2019-8666 , CVE-2019-8669 , CVE-2019-8671 , CVE-2019-8672 , CVE-2019-8673 , CVE-2019-8676 , CVE-2019-8677 , CVE-2019-8678 , CVE-2019-8679 , CVE-2019-8680 , CVE-2019-8681 , CVE-2019-8683 , CVE-2019-8684 , CVE-2019-8686 , CVE-2019-8687 , CVE-2019-8688 , CVE-2019-8689 , CVE-2019-8690
Description
Updated webkit2 packages fix security vulnerabilities: Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling (CVE-2019-8644). Processing maliciously crafted web content may lead to universal cross site scripting. A logic issue existed in the handling of synchronous page loads. This issue was addressed with improved state management (CVE-2019-8649). Processing maliciously crafted web content may lead to universal cross site scripting. A logic issue was addressed with improved state management (CVE-2019-8658). Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling (CVE-2019-8666, CVE-2019-8669, CVE-2019-8671, CVE-2019-8672, CVE-2019-8673, CVE-2019-8676, CVE-2019-8677, CVE-2019-8678, CVE-2019-8679, CVE-2019-8680, CVE-2019-8681, CVE-2019-8683, CVE-2019-8684, CVE-2019-8686, CVE-2019-8687, CVE-2019-8688, CVE-2019-8689). Processing maliciously crafted web content may lead to universal cross site scripting. A logic issue existed in the handling of document loads. This issue was addressed with improved state management (CVE-2019-8690). For other fixes in this update, see the referenced release links.
References
- https://bugs.mageia.org/show_bug.cgi?id=25377
- https://webkitgtk.org/security/WSA-2019-0004.html
- https://webkitgtk.org/2019/07/02/webkitgtk2.24.3-released.html
- https://webkitgtk.org/2019/08/28/webkitgtk2.24.4-released.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8644
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8649
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8658
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8666
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8669
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8671
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8672
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8673
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8676
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8677
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8678
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8679
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8680
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8681
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8683
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8684
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8686
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8687
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8688
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8689
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8690
SRPMS
7/core
- webkit2-2.24.4-1.mga7