ArchLinux: 202011-28: webkit2gtk: arbitrary code execution
Summary
- CVE-2020-9983 (arbitrary code execution)
An out-of-bounds write issue was found in webkit2gtk before 2.30.3.
Processing maliciously crafted web content may have lead to code
execution.
- CVE-2020-13543 (arbitrary code execution)
A use after free issue was found in webkit2gtk before 2.30.3.
Processing maliciously crafted web content may lead to arbitrary code
execution.
- CVE-2020-13584 (arbitrary code execution)
A use after free issue was found in webkit2gtk before 2.30.3.
Processing maliciously crafted web content may have lead to arbitrary
code execution.
Resolution
Upgrade to 2.30.3-1.
# pacman -Syu "webkit2gtk>=2.30.3-1"
The problems have been fixed upstream in version 2.30.3.
References
https://webkitgtk.org/security/WSA-2020-0008.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9983 https://webkitgtk.org/security/WSA-2020-0009.html#CVE-2020-13543 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13584 https://security.archlinux.org/CVE-2020-9983 https://security.archlinux.org/CVE-2020-13543 https://security.archlinux.org/CVE-2020-13584
Workaround
None.