Updated webkit2 packages fix security vulnerability
Publication date: 18 Feb 2020Modification date: 18 Feb 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-3862 , CVE-2020-3864 , CVE-2020-3865 , CVE-2020-3867 , CVE-2020-3868
Description
webkit2 packages have been updated to 2.26.4 and fixed the followin
security vulnerabilities:
A malicious website may be able to cause a denial of service
(CVE-2020-3862).
A DOM object context may not have had a unique security origin
(CVE-2020-3864).
A top-level DOM object context may have incorrectly been considered
secure (CVE-2020-3865).
Processing maliciously crafted web content may lead to universal cross
site scripting (CVE-2020-3867).
Processing maliciously crafted web content may lead to arbitrary code
execution (CVE-2020-3868).
References
- https://bugs.mageia.org/show_bug.cgi?id=26197
- https://webkitgtk.org/2020/02/14/webkitgtk2.26.4-released.html
- https://webkitgtk.org/security/WSA-2020-0002.html
- https://www.openwall.com/lists/oss-security/2020/02/14/6
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3862
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3864
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3865
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3867
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3868
SRPMS
7/core
- webkit2-2.26.4-1.mga7