Linux Security
    Linux Security
    Linux Security

    Mageia 2019-0281: webkit2 security update

    Date 15 Sep 2019
    2872
    Posted By LinuxSecurity Advisories
    Updated webkit2 packages fix security vulnerabilities: Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling (CVE-2019-8644).
    MGASA-2019-0281 - Updated webkit2 packages fix security vulnerabilities
    
    Publication date: 15 Sep 2019
    URL: https://advisories.mageia.org/MGASA-2019-0281.html
    Type: security
    Affected Mageia releases: 7
    CVE: CVE-2019-8644,
         CVE-2019-8649,
         CVE-2019-8658,
         CVE-2019-8666,
         CVE-2019-8669,
         CVE-2019-8671,
         CVE-2019-8672,
         CVE-2019-8673,
         CVE-2019-8676,
         CVE-2019-8677,
         CVE-2019-8678,
         CVE-2019-8679,
         CVE-2019-8680,
         CVE-2019-8681,
         CVE-2019-8683,
         CVE-2019-8684,
         CVE-2019-8686,
         CVE-2019-8687,
         CVE-2019-8688,
         CVE-2019-8689,
         CVE-2019-8690
    
    Updated webkit2 packages fix security vulnerabilities:
    
    Processing maliciously crafted web content may lead to arbitrary code
    execution. Multiple memory corruption issues were addressed with
    improved memory handling (CVE-2019-8644).
    
    Processing maliciously crafted web content may lead to universal cross
    site scripting. A logic issue existed in the handling of synchronous
    page loads. This issue was addressed with improved state management
    (CVE-2019-8649).
    
    Processing maliciously crafted web content may lead to universal cross
    site scripting. A logic issue was addressed with improved state management
    (CVE-2019-8658).
    
    Processing maliciously crafted web content may lead to arbitrary code
    execution. Multiple memory corruption issues were addressed with improved
    memory handling (CVE-2019-8666, CVE-2019-8669, CVE-2019-8671, CVE-2019-8672,
    CVE-2019-8673, CVE-2019-8676, CVE-2019-8677, CVE-2019-8678, CVE-2019-8679,
    CVE-2019-8680, CVE-2019-8681, CVE-2019-8683, CVE-2019-8684, CVE-2019-8686,
    CVE-2019-8687, CVE-2019-8688, CVE-2019-8689).
    
    Processing maliciously crafted web content may lead to universal cross
    site scripting. A logic issue existed in the handling of document loads.
    This issue was addressed with improved state management (CVE-2019-8690).
    
    For other fixes in this update, see the referenced release links.
    
    References:
    - https://bugs.mageia.org/show_bug.cgi?id=25377
    - https://webkitgtk.org/security/WSA-2019-0004.html
    - https://webkitgtk.org/2019/07/02/webkitgtk2.24.3-released.html
    - https://webkitgtk.org/2019/08/28/webkitgtk2.24.4-released.html
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8644
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8649
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8658
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8666
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8669
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8671
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8672
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8673
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8676
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8677
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8678
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8679
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8680
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8681
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8683
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8684
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8686
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8687
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8688
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8689
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8690
    
    SRPMS:
    - 7/core/webkit2-2.24.4-1.mga7
    

    LinuxSecurity Poll

    How long have you been using Linux?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 4 answer(s).
    /main-polls/46-how-long-have-you-been-using-linux?task=poll.vote&format=json
    46
    radio
    [{"id":"160","title":"Just made the switch!","votes":"3","type":"x","order":"1","pct":23.08,"resources":[]},{"id":"161","title":"1-5 years","votes":"1","type":"x","order":"2","pct":7.69,"resources":[]},{"id":"162","title":"6-10 years","votes":"0","type":"x","order":"3","pct":0,"resources":[]},{"id":"163","title":">10 years - I'm a veteran!","votes":"9","type":"x","order":"4","pct":69.23,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.