- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 201909-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                           https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal
    Title: WebkitGTK+: Multiple vulnerabilities
     Date: September 06, 2019
     Bugs: #683234, #686216, #693122
       ID: 201909-05

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======
Multiple vulnerabilities have been found in WebkitGTK+, the worst of
which could result in the arbitrary execution of code.

Background
=========
WebKitGTK+ is a full-featured port of the WebKit rendering engine,
suitable for projects requiring any kind of web integration, from
hybrid HTML/CSS applications to full-fledged web browsers.

Affected packages
================
    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
  1  net-libs/webkit-gtk          < 2.24.4                  >= 2.24.4

Description
==========
Multiple vulnerabilities have been discovered in WebkitGTK+. Please
review the CVE identifiers referenced below for details.

Impact
=====
An attacker, by enticing a user to visit maliciously crafted web
content, may be able to execute arbitrary code or cause memory
corruption.

Workaround
=========
There is no known workaround at this time.

Resolution
=========
All WebkitGTK+ users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.24.4"

References
=========
[  1 ] CVE-2019-11070
       https://nvd.nist.gov/vuln/detail/CVE-2019-11070
[  2 ] CVE-2019-6201
       https://nvd.nist.gov/vuln/detail/CVE-2019-6201
[  3 ] CVE-2019-6251
       https://nvd.nist.gov/vuln/detail/CVE-2019-6251
[  4 ] CVE-2019-7285
       https://nvd.nist.gov/vuln/detail/CVE-2019-7285
[  5 ] CVE-2019-7292
       https://nvd.nist.gov/vuln/detail/CVE-2019-7292
[  6 ] CVE-2019-8503
       https://nvd.nist.gov/vuln/detail/CVE-2019-8503
[  7 ] CVE-2019-8506
       https://nvd.nist.gov/vuln/detail/CVE-2019-8506
[  8 ] CVE-2019-8515
       https://nvd.nist.gov/vuln/detail/CVE-2019-8515
[  9 ] CVE-2019-8518
       https://nvd.nist.gov/vuln/detail/CVE-2019-8518
[ 10 ] CVE-2019-8523
       https://nvd.nist.gov/vuln/detail/CVE-2019-8523
[ 11 ] CVE-2019-8524
       https://nvd.nist.gov/vuln/detail/CVE-2019-8524
[ 12 ] CVE-2019-8535
       https://nvd.nist.gov/vuln/detail/CVE-2019-8535
[ 13 ] CVE-2019-8536
       https://nvd.nist.gov/vuln/detail/CVE-2019-8536
[ 14 ] CVE-2019-8544
       https://nvd.nist.gov/vuln/detail/CVE-2019-8544
[ 15 ] CVE-2019-8551
       https://nvd.nist.gov/vuln/detail/CVE-2019-8551
[ 16 ] CVE-2019-8558
       https://nvd.nist.gov/vuln/detail/CVE-2019-8558
[ 17 ] CVE-2019-8559
       https://nvd.nist.gov/vuln/detail/CVE-2019-8559
[ 18 ] CVE-2019-8563
       https://nvd.nist.gov/vuln/detail/CVE-2019-8563
[ 19 ] CVE-2019-8595
       https://nvd.nist.gov/vuln/detail/CVE-2019-8595
[ 20 ] CVE-2019-8607
       https://nvd.nist.gov/vuln/detail/CVE-2019-8607
[ 21 ] CVE-2019-8615
       https://nvd.nist.gov/vuln/detail/CVE-2019-8615
[ 22 ] CVE-2019-8644
       https://nvd.nist.gov/vuln/detail/CVE-2019-8644
[ 23 ] CVE-2019-8644
       https://nvd.nist.gov/vuln/detail/CVE-2019-8644
[ 24 ] CVE-2019-8649
       https://nvd.nist.gov/vuln/detail/CVE-2019-8649
[ 25 ] CVE-2019-8649
       https://nvd.nist.gov/vuln/detail/CVE-2019-8649
[ 26 ] CVE-2019-8658
       https://nvd.nist.gov/vuln/detail/CVE-2019-8658
[ 27 ] CVE-2019-8658
       https://nvd.nist.gov/vuln/detail/CVE-2019-8658
[ 28 ] CVE-2019-8666
       https://nvd.nist.gov/vuln/detail/CVE-2019-8666
[ 29 ] CVE-2019-8666
       https://nvd.nist.gov/vuln/detail/CVE-2019-8666
[ 30 ] CVE-2019-8669
       https://nvd.nist.gov/vuln/detail/CVE-2019-8669
[ 31 ] CVE-2019-8669
       https://nvd.nist.gov/vuln/detail/CVE-2019-8669
[ 32 ] CVE-2019-8671
       https://nvd.nist.gov/vuln/detail/CVE-2019-8671
[ 33 ] CVE-2019-8671
       https://nvd.nist.gov/vuln/detail/CVE-2019-8671
[ 34 ] CVE-2019-8672
       https://nvd.nist.gov/vuln/detail/CVE-2019-8672
[ 35 ] CVE-2019-8672
       https://nvd.nist.gov/vuln/detail/CVE-2019-8672
[ 36 ] CVE-2019-8673
       https://nvd.nist.gov/vuln/detail/CVE-2019-8673
[ 37 ] CVE-2019-8673
       https://nvd.nist.gov/vuln/detail/CVE-2019-8673
[ 38 ] CVE-2019-8676
       https://nvd.nist.gov/vuln/detail/CVE-2019-8676
[ 39 ] CVE-2019-8676
       https://nvd.nist.gov/vuln/detail/CVE-2019-8676
[ 40 ] CVE-2019-8677
       https://nvd.nist.gov/vuln/detail/CVE-2019-8677
[ 41 ] CVE-2019-8677
       https://nvd.nist.gov/vuln/detail/CVE-2019-8677
[ 42 ] CVE-2019-8678
       https://nvd.nist.gov/vuln/detail/CVE-2019-8678
[ 43 ] CVE-2019-8678
       https://nvd.nist.gov/vuln/detail/CVE-2019-8678
[ 44 ] CVE-2019-8679
       https://nvd.nist.gov/vuln/detail/CVE-2019-8679
[ 45 ] CVE-2019-8679
       https://nvd.nist.gov/vuln/detail/CVE-2019-8679
[ 46 ] CVE-2019-8680
       https://nvd.nist.gov/vuln/detail/CVE-2019-8680
[ 47 ] CVE-2019-8680
       https://nvd.nist.gov/vuln/detail/CVE-2019-8680
[ 48 ] CVE-2019-8681
       https://nvd.nist.gov/vuln/detail/CVE-2019-8681
[ 49 ] CVE-2019-8681
       https://nvd.nist.gov/vuln/detail/CVE-2019-8681
[ 50 ] CVE-2019-8683
       https://nvd.nist.gov/vuln/detail/CVE-2019-8683
[ 51 ] CVE-2019-8683
       https://nvd.nist.gov/vuln/detail/CVE-2019-8683
[ 52 ] CVE-2019-8684
       https://nvd.nist.gov/vuln/detail/CVE-2019-8684
[ 53 ] CVE-2019-8684
       https://nvd.nist.gov/vuln/detail/CVE-2019-8684
[ 54 ] CVE-2019-8686
       https://nvd.nist.gov/vuln/detail/CVE-2019-8686
[ 55 ] CVE-2019-8686
       https://nvd.nist.gov/vuln/detail/CVE-2019-8686
[ 56 ] CVE-2019-8687
       https://nvd.nist.gov/vuln/detail/CVE-2019-8687
[ 57 ] CVE-2019-8687
       https://nvd.nist.gov/vuln/detail/CVE-2019-8687
[ 58 ] CVE-2019-8688
       https://nvd.nist.gov/vuln/detail/CVE-2019-8688
[ 59 ] CVE-2019-8688
       https://nvd.nist.gov/vuln/detail/CVE-2019-8688
[ 60 ] CVE-2019-8689
       https://nvd.nist.gov/vuln/detail/CVE-2019-8689
[ 61 ] CVE-2019-8689
       https://nvd.nist.gov/vuln/detail/CVE-2019-8689
[ 62 ] CVE-2019-8690
       https://nvd.nist.gov/vuln/detail/CVE-2019-8690
[ 63 ] CVE-2019-8690
       https://nvd.nist.gov/vuln/detail/CVE-2019-8690
[ 64 ] WSA-2019-0002
       https://webkitgtk.org/security/WSA-2019-0002.html
[ 65 ] WSA-2019-0004
       https://webkitgtk.org/security/WSA-2019-0004.html

Availability
===========
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

 https://security.gentoo.org/glsa/201909-05

Concerns?
========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
======
Copyright 2019 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5/

Gentoo: GLSA-201909-05: WebkitGTK+: Multiple vulnerabilities

Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in the arbitrary execution of code.

Summary

Multiple vulnerabilities have been discovered in WebkitGTK+. Please review the CVE identifiers referenced below for details.

Resolution

All WebkitGTK+ users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.24.4"

References

[ 1 ] CVE-2019-11070 https://nvd.nist.gov/vuln/detail/CVE-2019-11070 [ 2 ] CVE-2019-6201 https://nvd.nist.gov/vuln/detail/CVE-2019-6201 [ 3 ] CVE-2019-6251 https://nvd.nist.gov/vuln/detail/CVE-2019-6251 [ 4 ] CVE-2019-7285 https://nvd.nist.gov/vuln/detail/CVE-2019-7285 [ 5 ] CVE-2019-7292 https://nvd.nist.gov/vuln/detail/CVE-2019-7292 [ 6 ] CVE-2019-8503 https://nvd.nist.gov/vuln/detail/CVE-2019-8503 [ 7 ] CVE-2019-8506 https://nvd.nist.gov/vuln/detail/CVE-2019-8506 [ 8 ] CVE-2019-8515 https://nvd.nist.gov/vuln/detail/CVE-2019-8515 [ 9 ] CVE-2019-8518 https://nvd.nist.gov/vuln/detail/CVE-2019-8518 [ 10 ] CVE-2019-8523 https://nvd.nist.gov/vuln/detail/CVE-2019-8523 [ 11 ] CVE-2019-8524 https://nvd.nist.gov/vuln/detail/CVE-2019-8524 [ 12 ] CVE-2019-8535 https://nvd.nist.gov/vuln/detail/CVE-2019-8535 [ 13 ] CVE-2019-8536 https://nvd.nist.gov/vuln/detail/CVE-2019-8536 [ 14 ] CVE-2019-8544 https://nvd.nist.gov/vuln/detail/CVE-2019-8544 [ 15 ] CVE-2019-8551 https://nvd.nist.gov/vuln/detail/CVE-2019-8551 [ 16 ] CVE-2019-8558 https://nvd.nist.gov/vuln/detail/CVE-2019-8558 [ 17 ] CVE-2019-8559 https://nvd.nist.gov/vuln/detail/CVE-2019-8559 [ 18 ] CVE-2019-8563 https://nvd.nist.gov/vuln/detail/CVE-2019-8563 [ 19 ] CVE-2019-8595 https://nvd.nist.gov/vuln/detail/CVE-2019-8595 [ 20 ] CVE-2019-8607 https://nvd.nist.gov/vuln/detail/CVE-2019-8607 [ 21 ] CVE-2019-8615 https://nvd.nist.gov/vuln/detail/CVE-2019-8615 [ 22 ] CVE-2019-8644 https://nvd.nist.gov/vuln/detail/CVE-2019-8644 [ 23 ] CVE-2019-8644 https://nvd.nist.gov/vuln/detail/CVE-2019-8644 [ 24 ] CVE-2019-8649 https://nvd.nist.gov/vuln/detail/CVE-2019-8649 [ 25 ] CVE-2019-8649 https://nvd.nist.gov/vuln/detail/CVE-2019-8649 [ 26 ] CVE-2019-8658 https://nvd.nist.gov/vuln/detail/CVE-2019-8658 [ 27 ] CVE-2019-8658 https://nvd.nist.gov/vuln/detail/CVE-2019-8658 [ 28 ] CVE-2019-8666 https://nvd.nist.gov/vuln/detail/CVE-2019-8666 [ 29 ] CVE-2019-8666 https://nvd.nist.gov/vuln/detail/CVE-2019-8666 [ 30 ] CVE-2019-8669 https://nvd.nist.gov/vuln/detail/CVE-2019-8669 [ 31 ] CVE-2019-8669 https://nvd.nist.gov/vuln/detail/CVE-2019-8669 [ 32 ] CVE-2019-8671 https://nvd.nist.gov/vuln/detail/CVE-2019-8671 [ 33 ] CVE-2019-8671 https://nvd.nist.gov/vuln/detail/CVE-2019-8671 [ 34 ] CVE-2019-8672 https://nvd.nist.gov/vuln/detail/CVE-2019-8672 [ 35 ] CVE-2019-8672 https://nvd.nist.gov/vuln/detail/CVE-2019-8672 [ 36 ] CVE-2019-8673 https://nvd.nist.gov/vuln/detail/CVE-2019-8673 [ 37 ] CVE-2019-8673 https://nvd.nist.gov/vuln/detail/CVE-2019-8673 [ 38 ] CVE-2019-8676 https://nvd.nist.gov/vuln/detail/CVE-2019-8676 [ 39 ] CVE-2019-8676 https://nvd.nist.gov/vuln/detail/CVE-2019-8676 [ 40 ] CVE-2019-8677 https://nvd.nist.gov/vuln/detail/CVE-2019-8677 [ 41 ] CVE-2019-8677 https://nvd.nist.gov/vuln/detail/CVE-2019-8677 [ 42 ] CVE-2019-8678 https://nvd.nist.gov/vuln/detail/CVE-2019-8678 [ 43 ] CVE-2019-8678 https://nvd.nist.gov/vuln/detail/CVE-2019-8678 [ 44 ] CVE-2019-8679 https://nvd.nist.gov/vuln/detail/CVE-2019-8679 [ 45 ] CVE-2019-8679 https://nvd.nist.gov/vuln/detail/CVE-2019-8679 [ 46 ] CVE-2019-8680 https://nvd.nist.gov/vuln/detail/CVE-2019-8680 [ 47 ] CVE-2019-8680 https://nvd.nist.gov/vuln/detail/CVE-2019-8680 [ 48 ] CVE-2019-8681 https://nvd.nist.gov/vuln/detail/CVE-2019-8681 [ 49 ] CVE-2019-8681 https://nvd.nist.gov/vuln/detail/CVE-2019-8681 [ 50 ] CVE-2019-8683 https://nvd.nist.gov/vuln/detail/CVE-2019-8683 [ 51 ] CVE-2019-8683 https://nvd.nist.gov/vuln/detail/CVE-2019-8683 [ 52 ] CVE-2019-8684 https://nvd.nist.gov/vuln/detail/CVE-2019-8684 [ 53 ] CVE-2019-8684 https://nvd.nist.gov/vuln/detail/CVE-2019-8684 [ 54 ] CVE-2019-8686 https://nvd.nist.gov/vuln/detail/CVE-2019-8686 [ 55 ] CVE-2019-8686 https://nvd.nist.gov/vuln/detail/CVE-2019-8686 [ 56 ] CVE-2019-8687 https://nvd.nist.gov/vuln/detail/CVE-2019-8687 [ 57 ] CVE-2019-8687 https://nvd.nist.gov/vuln/detail/CVE-2019-8687 [ 58 ] CVE-2019-8688 https://nvd.nist.gov/vuln/detail/CVE-2019-8688 [ 59 ] CVE-2019-8688 https://nvd.nist.gov/vuln/detail/CVE-2019-8688 [ 60 ] CVE-2019-8689 https://nvd.nist.gov/vuln/detail/CVE-2019-8689 [ 61 ] CVE-2019-8689 https://nvd.nist.gov/vuln/detail/CVE-2019-8689 [ 62 ] CVE-2019-8690 https://nvd.nist.gov/vuln/detail/CVE-2019-8690 [ 63 ] CVE-2019-8690 https://nvd.nist.gov/vuln/detail/CVE-2019-8690 [ 64 ] WSA-2019-0002 https://webkitgtk.org/security/WSA-2019-0002.html [ 65 ] WSA-2019-0004 https://webkitgtk.org/security/WSA-2019-0004.html

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201909-05

Concerns

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

Severity
Severity: Normal
Title: WebkitGTK+: Multiple vulnerabilities
Date: September 06, 2019
Bugs: #683234, #686216, #693122
ID: 201909-05

Synopsis

Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in the arbitrary execution of code.

Background

WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers.

Affected Packages

------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-libs/webkit-gtk < 2.24.4 >= 2.24.4

Impact

===== An attacker, by enticing a user to visit maliciously crafted web content, may be able to execute arbitrary code or cause memory corruption.

Workaround

There is no known workaround at this time.

Related News

5.ShakingHands Esm H320
3 - 5 min read
There has been a promising shift in the tech industry, with major companies pledging to release products with built-in security features. This
18.WifiCutout Landscape Esm H320
2 - 3 min read
A novel attack called TunnelVision has been discovered. It compromises the security of virtually all VPN apps, rendering their purpose useless. The
21.Globe RadiatingCode Esm H320
2 - 3 min read
The recent discovery of a backdoor in XZ Utils , a widely used Linux tool, raises concerns about the security of the open-source ecosystem. While
13.Lock StylizedMotherboard Esm H320
1 - 2 min read
Spiral Linux is a Debian-based distribution that offers a range of desktop environments, making it stand out from other Linux distributions. In
32.Lock Code Circular Esm H320
2 - 3 min read
Two critical security vulnerabilities were found in pgAdmin, the open-source administration tool for PostgreSQL . The vulnerabilities assigned
1.Penguin Landscape Esm H320
2 - 3 min read
The recent release of AlmaLinux 9.4 , closely aligned with Red Hat Enterprise Linux (RHEL) 9.4 , presents Linux admins and infosec professionals
11.Locks IsometricPattern Esm H320
2 - 3 min read
The upcoming release of Linux Mint 22 will introduce significant changes, particularly in handling XApp , GNOME applications, and the Software
2.Motherboard Esm H320
2 - 3 min read
German software engineer Lennart Poettering recently presented run0 , a new tool in systemd v256 that aims to address the security concerns

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved