Mageia 2019-0281: webkit2 security update

    Date15 Sep 2019
    CategoryMageia
    1680
    Posted ByLinuxSecurity Advisories
    Updated webkit2 packages fix security vulnerabilities: Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling (CVE-2019-8644).
    MGASA-2019-0281 - Updated webkit2 packages fix security vulnerabilities
    
    Publication date: 15 Sep 2019
    URL: https://advisories.mageia.org/MGASA-2019-0281.html
    Type: security
    Affected Mageia releases: 7
    CVE: CVE-2019-8644,
         CVE-2019-8649,
         CVE-2019-8658,
         CVE-2019-8666,
         CVE-2019-8669,
         CVE-2019-8671,
         CVE-2019-8672,
         CVE-2019-8673,
         CVE-2019-8676,
         CVE-2019-8677,
         CVE-2019-8678,
         CVE-2019-8679,
         CVE-2019-8680,
         CVE-2019-8681,
         CVE-2019-8683,
         CVE-2019-8684,
         CVE-2019-8686,
         CVE-2019-8687,
         CVE-2019-8688,
         CVE-2019-8689,
         CVE-2019-8690
    
    Updated webkit2 packages fix security vulnerabilities:
    
    Processing maliciously crafted web content may lead to arbitrary code
    execution. Multiple memory corruption issues were addressed with
    improved memory handling (CVE-2019-8644).
    
    Processing maliciously crafted web content may lead to universal cross
    site scripting. A logic issue existed in the handling of synchronous
    page loads. This issue was addressed with improved state management
    (CVE-2019-8649).
    
    Processing maliciously crafted web content may lead to universal cross
    site scripting. A logic issue was addressed with improved state management
    (CVE-2019-8658).
    
    Processing maliciously crafted web content may lead to arbitrary code
    execution. Multiple memory corruption issues were addressed with improved
    memory handling (CVE-2019-8666, CVE-2019-8669, CVE-2019-8671, CVE-2019-8672,
    CVE-2019-8673, CVE-2019-8676, CVE-2019-8677, CVE-2019-8678, CVE-2019-8679,
    CVE-2019-8680, CVE-2019-8681, CVE-2019-8683, CVE-2019-8684, CVE-2019-8686,
    CVE-2019-8687, CVE-2019-8688, CVE-2019-8689).
    
    Processing maliciously crafted web content may lead to universal cross
    site scripting. A logic issue existed in the handling of document loads.
    This issue was addressed with improved state management (CVE-2019-8690).
    
    For other fixes in this update, see the referenced release links.
    
    References:
    - https://bugs.mageia.org/show_bug.cgi?id=25377
    - https://webkitgtk.org/security/WSA-2019-0004.html
    - https://webkitgtk.org/2019/07/02/webkitgtk2.24.3-released.html
    - https://webkitgtk.org/2019/08/28/webkitgtk2.24.4-released.html
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8644
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8649
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8658
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8666
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8669
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8671
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8672
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8673
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8676
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8677
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8678
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8679
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8680
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8681
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8683
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8684
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8686
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8687
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8688
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8689
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8690
    
    SRPMS:
    - 7/core/webkit2-2.24.4-1.mga7
    

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"22","type":"x","order":"1","pct":55,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":12.5,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"13","type":"x","order":"3","pct":32.5,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.