Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

[ GLSA 202003-22 ] WebkitGTK+
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index News & Announcements
View previous topic :: View next topic  
Author Message
GLSA
Advocate
Advocate


Joined: 12 May 2004
Posts: 2663
PostPosted: Sun Mar 15, 2020 9:26 am    Post subject: [ GLSA 202003-22 ] WebkitGTK+ Reply with quote
Gentoo Linux Security Advisory

Title: WebkitGTK+: Multiple vulnerabilities (GLSA 202003-22)
Severity: normal
Exploitable: remote
Date: 2020-03-15
Bug(s): #699156, #706374, #709612
ID: 202003-22

Synopsis

Multiple vulnerabilities have been found in WebKitGTK+, the worst
of which may lead to arbitrary code execution.


Background

WebKitGTK+ is a full-featured port of the WebKit rendering engine,
suitable for projects requiring any kind of web integration, from hybrid
HTML/CSS applications to full-fledged web browsers.


Affected Packages

Package: net-libs/webkit-gtk
Vulnerable: < 2.26.4
Unaffected: >= 2.26.4
Architectures: All supported architectures


Description

Multiple vulnerabilities have been discovered in WebKitGTK+. Please
review the referenced CVE identifiers for details.


Impact

A remote attacker could execute arbitrary code, cause a Denial of
Service condition, bypass intended memory-read restrictions, conduct a
timing side-channel attack to bypass the Same Origin Policy or obtain
sensitive information.


Workaround

There is no known workaround at this time.

Resolution

All WebkitGTK+ users should upgrade to the latest version:
Code:
# emerge --sync
      # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.26.4"
   


References

CVE-2019-8625
CVE-2019-8674
CVE-2019-8707
CVE-2019-8710
CVE-2019-8719
CVE-2019-8720
CVE-2019-8726
CVE-2019-8733
CVE-2019-8735
CVE-2019-8743
CVE-2019-8763
CVE-2019-8764
CVE-2019-8765
CVE-2019-8766
CVE-2019-8768
CVE-2019-8769
CVE-2019-8771
CVE-2019-8782
CVE-2019-8783
CVE-2019-8808
CVE-2019-8811
CVE-2019-8812
CVE-2019-8813
CVE-2019-8814
CVE-2019-8815
CVE-2019-8816
CVE-2019-8819
CVE-2019-8820
CVE-2019-8821
CVE-2019-8822
CVE-2019-8823
CVE-2019-8835
CVE-2019-8844
CVE-2019-8846
CVE-2020-3862
CVE-2020-3864
CVE-2020-3865
CVE-2020-3867
CVE-2020-3868
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index News & Announcements All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy