Mageia 2019-0281: webkit2 security update

    Date 15 Sep 2019
    2733
    Posted By LinuxSecurity Advisories
    Updated webkit2 packages fix security vulnerabilities: Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling (CVE-2019-8644).
    MGASA-2019-0281 - Updated webkit2 packages fix security vulnerabilities
    
    Publication date: 15 Sep 2019
    URL: https://advisories.mageia.org/MGASA-2019-0281.html
    Type: security
    Affected Mageia releases: 7
    CVE: CVE-2019-8644,
         CVE-2019-8649,
         CVE-2019-8658,
         CVE-2019-8666,
         CVE-2019-8669,
         CVE-2019-8671,
         CVE-2019-8672,
         CVE-2019-8673,
         CVE-2019-8676,
         CVE-2019-8677,
         CVE-2019-8678,
         CVE-2019-8679,
         CVE-2019-8680,
         CVE-2019-8681,
         CVE-2019-8683,
         CVE-2019-8684,
         CVE-2019-8686,
         CVE-2019-8687,
         CVE-2019-8688,
         CVE-2019-8689,
         CVE-2019-8690
    
    Updated webkit2 packages fix security vulnerabilities:
    
    Processing maliciously crafted web content may lead to arbitrary code
    execution. Multiple memory corruption issues were addressed with
    improved memory handling (CVE-2019-8644).
    
    Processing maliciously crafted web content may lead to universal cross
    site scripting. A logic issue existed in the handling of synchronous
    page loads. This issue was addressed with improved state management
    (CVE-2019-8649).
    
    Processing maliciously crafted web content may lead to universal cross
    site scripting. A logic issue was addressed with improved state management
    (CVE-2019-8658).
    
    Processing maliciously crafted web content may lead to arbitrary code
    execution. Multiple memory corruption issues were addressed with improved
    memory handling (CVE-2019-8666, CVE-2019-8669, CVE-2019-8671, CVE-2019-8672,
    CVE-2019-8673, CVE-2019-8676, CVE-2019-8677, CVE-2019-8678, CVE-2019-8679,
    CVE-2019-8680, CVE-2019-8681, CVE-2019-8683, CVE-2019-8684, CVE-2019-8686,
    CVE-2019-8687, CVE-2019-8688, CVE-2019-8689).
    
    Processing maliciously crafted web content may lead to universal cross
    site scripting. A logic issue existed in the handling of document loads.
    This issue was addressed with improved state management (CVE-2019-8690).
    
    For other fixes in this update, see the referenced release links.
    
    References:
    - https://bugs.mageia.org/show_bug.cgi?id=25377
    - https://webkitgtk.org/security/WSA-2019-0004.html
    - https://webkitgtk.org/2019/07/02/webkitgtk2.24.3-released.html
    - https://webkitgtk.org/2019/08/28/webkitgtk2.24.4-released.html
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8644
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8649
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8658
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8666
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8669
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8671
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8672
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8673
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8676
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8677
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8678
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8679
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8680
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8681
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8683
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8684
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8686
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8687
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8688
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8689
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8690
    
    SRPMS:
    - 7/core/webkit2-2.24.4-1.mga7
    

    LinuxSecurity Poll

    If you are using full-disk encryption: are you concerned about the resulting performance hit?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /main-polls/34-if-you-are-using-full-disk-encryption-are-you-concerned-about-the-resulting-performance-hit?task=poll.vote&format=json
    34
    radio
    [{"id":"120","title":"Yes","votes":"13","type":"x","order":"1","pct":59.09,"resources":[]},{"id":"121","title":"No ","votes":"9","type":"x","order":"2","pct":40.91,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Advisories

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.