ArchLinux: 201902-17: webkit2gtk: arbitrary code execution
Summary
- CVE-2019-6212 (arbitrary code execution)
Multiple memory corruption issues have been found in WebKitGTK+ before
2.22.6, where processing maliciously crafted web content may lead to
arbitrary code execution.
- CVE-2019-6215 (arbitrary code execution)
A type confusion issue has been found in WebKitGTK+ before 2.22.6,
where processing maliciously crafted web content may lead to arbitrary
code execution.
Resolution
Upgrade to 2.22.6-1.
# pacman -Syu "webkit2gtk>=2.22.6-1"
The problems have been fixed upstream in version 2.22.6.
References
https://webkitgtk.org/security/WSA-2019-0001.html https://webkitgtk.org/security/WSA-2019-0001.html#CVE-2019-6212 https://webkitgtk.org/security/WSA-2019-0001.html#CVE-2019-6215 https://security.archlinux.org/CVE-2019-6212 https://security.archlinux.org/CVE-2019-6215
Workaround
None.