ArchLinux: 201909-1: webkit2gtk: multiple issues

    Date11 Sep 2019
    CategoryArchLinux
    353
    Posted ByLinuxSecurity Advisories
    The package webkit2gtk before version 2.24.4-1 is vulnerable to multiple issues including arbitrary code execution and cross-site scripting.
    Arch Linux Security Advisory ASA-201909-1
    =========================================
    
    Severity: Critical
    Date    : 2019-09-04
    CVE-ID  : CVE-2019-8644 CVE-2019-8649 CVE-2019-8658 CVE-2019-8669
              CVE-2019-8678 CVE-2019-8680 CVE-2019-8683 CVE-2019-8684
              CVE-2019-8688
    Package : webkit2gtk
    Type    : multiple issues
    Remote  : Yes
    Link    : https://security.archlinux.org/AVG-1033
    
    Summary
    =======
    
    The package webkit2gtk before version 2.24.4-1 is vulnerable to
    multiple issues including arbitrary code execution and cross-site
    scripting.
    
    Resolution
    ==========
    
    Upgrade to 2.24.4-1.
    
    # pacman -Syu "webkit2gtk>=2.24.4-1"
    
    The problems have been fixed upstream in version 2.24.4.
    
    Workaround
    ==========
    
    None.
    
    Description
    ===========
    
    - CVE-2019-8644 (arbitrary code execution)
    
    An issue has been found in WebKitGTK before 2.24.4 where processing
    maliciously crafted web content may lead to arbitrary code execution.
    
    - CVE-2019-8649 (cross-site scripting)
    
    An issue has been found in WebKitGTK before 2.24.4 where processing
    maliciously crafted web content may lead to universal cross site
    scripting.
    
    - CVE-2019-8658 (cross-site scripting)
    
    An issue has been found in WebKitGTK before 2.24.4 where processing
    maliciously crafted web content may lead to universal cross site
    scripting.
    
    - CVE-2019-8669 (arbitrary code execution)
    
    An issue has been found in WebKitGTK before 2.24.4 where processing
    maliciously crafted web content may lead to arbitrary code execution.
    
    - CVE-2019-8678 (arbitrary code execution)
    
    An issue has been found in WebKitGTK before 2.24.4 where processing
    maliciously crafted web content may lead to arbitrary code execution.
    
    - CVE-2019-8680 (arbitrary code execution)
    
    An issue has been found in WebKitGTK before 2.24.4 where processing
    maliciously crafted web content may lead to arbitrary code execution.
    
    - CVE-2019-8683 (arbitrary code execution)
    
    An issue has been found in WebKitGTK before 2.24.4 where processing
    maliciously crafted web content may lead to arbitrary code execution.
    
    - CVE-2019-8684 (arbitrary code execution)
    
    An issue has been found in WebKitGTK before 2.24.4 where processing
    maliciously crafted web content may lead to arbitrary code execution.
    
    - CVE-2019-8688 (arbitrary code execution)
    
    An issue has been found in WebKitGTK before 2.24.4 where processing
    maliciously crafted web content may lead to arbitrary code execution.
    
    Impact
    ======
    
    A remote attacker can bypass security restrictions via universal cross-
    site scripting or execute arbitrary code via crafted web content.
    
    References
    ==========
    
    https://webkitgtk.org/security/WSA-2019-0004.html
    https://webkitgtk.org/security/WSA-2019-0004.html#CVE-2019-8644
    https://webkitgtk.org/security/WSA-2019-0004.html#CVE-2019-8649
    https://webkitgtk.org/security/WSA-2019-0004.html#CVE-2019-8658
    https://webkitgtk.org/security/WSA-2019-0004.html#CVE-2019-8669
    https://webkitgtk.org/security/WSA-2019-0004.html#CVE-2019-8678
    https://webkitgtk.org/security/WSA-2019-0004.html#CVE-2019-8680
    https://webkitgtk.org/security/WSA-2019-0004.html#CVE-2019-8683
    https://webkitgtk.org/security/WSA-2019-0004.html#CVE-2019-8684
    https://webkitgtk.org/security/WSA-2019-0004.html#CVE-2019-8688
    https://security.archlinux.org/CVE-2019-8644
    https://security.archlinux.org/CVE-2019-8649
    https://security.archlinux.org/CVE-2019-8658
    https://security.archlinux.org/CVE-2019-8669
    https://security.archlinux.org/CVE-2019-8678
    https://security.archlinux.org/CVE-2019-8680
    https://security.archlinux.org/CVE-2019-8683
    https://security.archlinux.org/CVE-2019-8684
    https://security.archlinux.org/CVE-2019-8688
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"13","type":"x","order":"1","pct":56.52,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":13.04,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"7","type":"x","order":"3","pct":30.43,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.