Advisories ยป MGASA-2020-0092

Updated webkit2 packages fix security vulnerability

Publication date: 18 Feb 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-3862 , CVE-2020-3864 , CVE-2020-3865 , CVE-2020-3867 , CVE-2020-3868

Description

webkit2 packages have been updated to 2.26.4 and fixed the followin
security vulnerabilities:

A malicious website may be able to cause a denial of service
(CVE-2020-3862).

A DOM object context may not have had a unique security origin
(CVE-2020-3864).

A top-level DOM object context may have incorrectly been considered
secure (CVE-2020-3865).

Processing maliciously crafted web content may lead to universal cross
site scripting (CVE-2020-3867).

Processing maliciously crafted web content may lead to arbitrary code
 execution (CVE-2020-3868).
                

References

SRPMS

7/core