ArchLinux: 201905-10: webkit2gtk: multiple issues
Summary
- CVE-2019-8595 (arbitrary code execution)
Multiple memory corruption issues have been found in WebKitGTK before
2.24.2, where processing maliciously crafted web content may lead to
arbitrary code execution.
- CVE-2019-8607 (information disclosure)
An out-of-bounds read has been found in WebKitGTK before 2.24.2, where
processing maliciously crafted web content may result in the disclosure
of process memory.
- CVE-2019-8615 (arbitrary code execution)
Multiple memory corruption issues have been found in WebKitGTK before
2.24.2, where processing maliciously crafted web content may lead to
arbitrary code execution.
Resolution
Upgrade to 2.24.2-1.
# pacman -Syu "webkit2gtk>=2.24.2-1"
The problems have been fixed upstream in version 2.24.2.
References
https://webkitgtk.org/security/WSA-2019-0003.html https://webkitgtk.org/security/WSA-2019-0003.html#CVE-2019-8595 https://webkitgtk.org/security/WSA-2019-0003.html#CVE-2019-8607 https://webkitgtk.org/security/WSA-2019-0003.html#CVE-2019-8615 https://security.archlinux.org/CVE-2019-8595 https://security.archlinux.org/CVE-2019-8607 https://security.archlinux.org/CVE-2019-8615
Workaround
None.