Linux Security
    Linux Security
    Linux Security

    ArchLinux: 202007-1: webkit2gtk: multiple issues

    Date
    145
    Posted By
    The package webkit2gtk before version 2.28.3-1 is vulnerable to multiple issues including arbitrary code execution, cross-site scripting and sandbox escape.
    Arch Linux Security Advisory ASA-202007-1
    =========================================
    
    Severity: Critical
    Date    : 2020-07-14
    CVE-ID  : CVE-2020-9802 CVE-2020-9803 CVE-2020-9805 CVE-2020-9806
              CVE-2020-9807 CVE-2020-9843 CVE-2020-9850 CVE-2020-13753
    Package : webkit2gtk
    Type    : multiple issues
    Remote  : Yes
    Link    : https://security.archlinux.org/AVG-1203
    
    Summary
    =======
    
    The package webkit2gtk before version 2.28.3-1 is vulnerable to
    multiple issues including arbitrary code execution, cross-site
    scripting and sandbox escape.
    
    Resolution
    ==========
    
    Upgrade to 2.28.3-1.
    
    # pacman -Syu "webkit2gtk>=2.28.3-1"
    
    The problems have been fixed upstream in version 2.28.3.
    
    Workaround
    ==========
    
    None.
    
    Description
    ===========
    
    - CVE-2020-9802 (arbitrary code execution)
    
    A memory corruption issue has been found in WebKitGTK before 2.28.3 and
    WPE WebKit before 2.2.8.3, where processing maliciously crafted web
    content may lead to arbitrary code execution.
    
    - CVE-2020-9803 (arbitrary code execution)
    
    A memory corruption issue has been found in WebKitGTK before 2.28.3 and
    WPE WebKit before 2.2.8.3, where processing maliciously crafted web
    content may lead to arbitrary code execution.
    
    - CVE-2020-9805 (cross-site scripting)
    
    A logic issue has been found in WebKitGTK before 2.28.3 and WPE WebKit
    before 2.2.8.3, where processing maliciously crafted web content may
    lead to universal cross site scripting.
    
    - CVE-2020-9806 (arbitrary code execution)
    
    A memory corruption issue has been found in WebKitGTK before 2.28.3 and
    WPE WebKit before 2.2.8.3, where processing maliciously crafted web
    content may lead to arbitrary code execution.
    
    - CVE-2020-9807 (arbitrary code execution)
    
    A memory corruption issue has been found in WebKitGTK before 2.28.3 and
    WPE WebKit before 2.2.8.3, where processing maliciously crafted web
    content may lead to arbitrary code execution.
    
    - CVE-2020-9843 (cross-site scripting)
    
    An issue has been found in WebKitGTK before 2.28.3 and WPE WebKit
    before 2.2.8.3, where processing maliciously crafted web content may
    lead to a cross site scripting attack.
    
    - CVE-2020-9850 (arbitrary code execution)
    
    A logic issue has been found in WebKitGTK before 2.28.3 and WPE WebKit
    before 2.2.8.3, allowing a remote attacker to execute arbitrary code.
    
    - CVE-2020-13753 (sandbox escape)
    
    The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3,
    failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl.
    CLONE_NEWUSER could potentially be used to confuse xdg- desktop-portal,
    which allows access outside the sandbox. TIOCSTI can be used to
    directly execute commands outside the sandbox by writing to the
    controlling terminal’s input buffer, similar to CVE-2017-5226.
    
    Impact
    ======
    
    A remote attacker might be able to trigger cross-site scripting, bypass
    the sandbox and execute arbitrary code on the affected host.
    
    References
    ==========
    
    https://webkitgtk.org/security/WSA-2020-0006.html
    https://webkitgtk.org/security/WSA-2020-0006.html#CVE-2020-9802
    https://webkitgtk.org/security/WSA-2020-0006.html#CVE-2020-9803
    https://webkitgtk.org/security/WSA-2020-0006.html#CVE-2020-9805
    https://webkitgtk.org/security/WSA-2020-0006.html#CVE-2020-9806
    https://webkitgtk.org/security/WSA-2020-0006.html#CVE-2020-9807
    https://webkitgtk.org/security/WSA-2020-0006.html#CVE-2020-9843
    https://webkitgtk.org/security/WSA-2020-0006.html#CVE-2020-9850
    https://webkitgtk.org/security/WSA-2020-0006.html#CVE-2020-13753
    https://security.archlinux.org/CVE-2020-9802
    https://security.archlinux.org/CVE-2020-9803
    https://security.archlinux.org/CVE-2020-9805
    https://security.archlinux.org/CVE-2020-9806
    https://security.archlinux.org/CVE-2020-9807
    https://security.archlinux.org/CVE-2020-9843
    https://security.archlinux.org/CVE-2020-9850
    https://security.archlinux.org/CVE-2020-13753
    

    Advisories

    LinuxSecurity Poll

    How are you contributing to Open Source?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 4 answer(s).
    /main-polls/37-how-are-you-contributing-to-open-source?task=poll.vote&format=json
    37
    radio
    [{"id":"127","title":"I'm involved with the development of an open-source project(s).","votes":"1","type":"x","order":"1","pct":100,"resources":[]},{"id":"128","title":"I've reported vulnerabilities I've discovered in open-source code.","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"129","title":"I've provided developers with feedback on their projects.","votes":"0","type":"x","order":"3","pct":0,"resources":[]},{"id":"130","title":"I've helped another community member get started contributing to Open Source.","votes":"0","type":"x","order":"4","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.