ArchLinux: 202002-7: webkit2gtk: arbitrary code execution
Summary
- CVE-2019-8835 (arbitrary code execution)
Multiple memory corruption issues have been found in WebKitGTK before
2.26.3, where processing maliciously crafted web content may lead to
arbitrary code execution.
- CVE-2019-8844 (arbitrary code execution)
Multiple memory corruption issues have been found in WebKitGTK before
2.26.3, where processing maliciously crafted web content may lead to
arbitrary code execution.
- CVE-2019-8846 (arbitrary code execution)
Multiple memory corruption issues have been found in WebKitGTK before
2.26.3, where processing maliciously crafted web content may lead to
arbitrary code execution.
Resolution
Upgrade to 2.26.3-1.
# pacman -Syu "webkit2gtk>=2.26.3-1"
The problems have been fixed upstream in version 2.26.3.
References
https://webkitgtk.org/security/WSA-2020-0001.html https://webkitgtk.org/security/WSA-2020-0001.html#CVE-2019-8835 https://webkitgtk.org/security/WSA-2020-0001.html#CVE-2019-8844 https://webkitgtk.org/security/WSA-2020-0001.html#CVE-2019-8846 https://security.archlinux.org/CVE-2019-8835 https://security.archlinux.org/CVE-2019-8844 https://security.archlinux.org/CVE-2019-8846
Workaround
None.